From 4a26972dfc8dea98c28cee93ffbb59d757e9b557 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Sat, 1 Aug 2015 16:53:55 +0300 Subject: [PATCH] OpenSSL: Remove md5_vector() from CONFIG_FIPS=y builds MD5 is not allowed in such builds, so comment out md5_vector() from the build to force compile time failures for cases that cannot be supported instead of failing the MD5 operations at runtime. This makes it easier to detect and fix accidental cases where MD5 could still be used in some older protocols. Signed-off-by: Jouni Malinen --- src/crypto/crypto_openssl.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/crypto/crypto_openssl.c b/src/crypto/crypto_openssl.c index bf38e11c1..841e8cb6a 100644 --- a/src/crypto/crypto_openssl.c +++ b/src/crypto/crypto_openssl.c @@ -157,10 +157,12 @@ out: } +#ifndef CONFIG_FIPS int md5_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac) { return openssl_digest_vector(EVP_md5(), num_elem, addr, len, mac); } +#endif /* CONFIG_FIPS */ int sha1_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)