From 6e6909a97e0d94e0291db08daab1bc2f75ab3849 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Thu, 16 Aug 2012 20:03:17 +0300 Subject: [PATCH] FIPS: Remove MD5 from the CONFIG_FIPS=y build When CONFIG_FIPS=y is used, do not include MD5 in the build and disable EAPOL-Key frames that use MD5 (WPA/TKIP and dynamic WEP with IEEE 802.1X). Signed-hostap: Jouni Malinen --- src/common/wpa_common.c | 2 ++ src/eapol_supp/eapol_supp_sm.c | 2 ++ wpa_supplicant/Makefile | 4 +++- 3 files changed, 7 insertions(+), 1 deletion(-) diff --git a/src/common/wpa_common.c b/src/common/wpa_common.c index 7a013a805..61d586930 100644 --- a/src/common/wpa_common.c +++ b/src/common/wpa_common.c @@ -43,8 +43,10 @@ int wpa_eapol_key_mic(const u8 *key, int ver, const u8 *buf, size_t len, u8 hash[SHA1_MAC_LEN]; switch (ver) { +#ifndef CONFIG_FIPS case WPA_KEY_INFO_TYPE_HMAC_MD5_RC4: return hmac_md5(key, 16, buf, len, mic); +#endif /* CONFIG_FIPS */ case WPA_KEY_INFO_TYPE_HMAC_SHA1_AES: if (hmac_sha1(key, 16, buf, len, hash)) return -1; diff --git a/src/eapol_supp/eapol_supp_sm.c b/src/eapol_supp/eapol_supp_sm.c index 280d1b0b3..07ef83bcd 100644 --- a/src/eapol_supp/eapol_supp_sm.c +++ b/src/eapol_supp/eapol_supp_sm.c @@ -624,6 +624,7 @@ struct eap_key_data { static void eapol_sm_processKey(struct eapol_sm *sm) { +#ifndef CONFIG_FIPS struct ieee802_1x_hdr *hdr; struct ieee802_1x_eapol_key *key; struct eap_key_data keydata; @@ -786,6 +787,7 @@ static void eapol_sm_processKey(struct eapol_sm *sm) sm->ctx->eapol_done_cb(sm->ctx->ctx); } } +#endif /* CONFIG_FIPS */ } diff --git a/wpa_supplicant/Makefile b/wpa_supplicant/Makefile index 388267e9b..cf525acf8 100644 --- a/wpa_supplicant/Makefile +++ b/wpa_supplicant/Makefile @@ -1101,7 +1101,9 @@ SHA1OBJS += ../src/crypto/sha1-tlsprf.o endif endif -MD5OBJS = ../src/crypto/md5.o +ifndef CONFIG_FIPS +MD5OBJS += ../src/crypto/md5.o +endif ifdef NEED_MD5 ifdef CONFIG_INTERNAL_MD5 MD5OBJS += ../src/crypto/md5-internal.o