FIPS: Remove MD5 from the CONFIG_FIPS=y build

When CONFIG_FIPS=y is used, do not include MD5 in the build and disable
EAPOL-Key frames that use MD5 (WPA/TKIP and dynamic WEP with IEEE
802.1X).

Signed-hostap: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2012-08-16 20:03:17 +03:00
parent 271dbf1594
commit 6e6909a97e
3 changed files with 7 additions and 1 deletions

View file

@ -43,8 +43,10 @@ int wpa_eapol_key_mic(const u8 *key, int ver, const u8 *buf, size_t len,
u8 hash[SHA1_MAC_LEN]; u8 hash[SHA1_MAC_LEN];
switch (ver) { switch (ver) {
#ifndef CONFIG_FIPS
case WPA_KEY_INFO_TYPE_HMAC_MD5_RC4: case WPA_KEY_INFO_TYPE_HMAC_MD5_RC4:
return hmac_md5(key, 16, buf, len, mic); return hmac_md5(key, 16, buf, len, mic);
#endif /* CONFIG_FIPS */
case WPA_KEY_INFO_TYPE_HMAC_SHA1_AES: case WPA_KEY_INFO_TYPE_HMAC_SHA1_AES:
if (hmac_sha1(key, 16, buf, len, hash)) if (hmac_sha1(key, 16, buf, len, hash))
return -1; return -1;

View file

@ -624,6 +624,7 @@ struct eap_key_data {
static void eapol_sm_processKey(struct eapol_sm *sm) static void eapol_sm_processKey(struct eapol_sm *sm)
{ {
#ifndef CONFIG_FIPS
struct ieee802_1x_hdr *hdr; struct ieee802_1x_hdr *hdr;
struct ieee802_1x_eapol_key *key; struct ieee802_1x_eapol_key *key;
struct eap_key_data keydata; struct eap_key_data keydata;
@ -786,6 +787,7 @@ static void eapol_sm_processKey(struct eapol_sm *sm)
sm->ctx->eapol_done_cb(sm->ctx->ctx); sm->ctx->eapol_done_cb(sm->ctx->ctx);
} }
} }
#endif /* CONFIG_FIPS */
} }

View file

@ -1101,7 +1101,9 @@ SHA1OBJS += ../src/crypto/sha1-tlsprf.o
endif endif
endif endif
MD5OBJS = ../src/crypto/md5.o ifndef CONFIG_FIPS
MD5OBJS += ../src/crypto/md5.o
endif
ifdef NEED_MD5 ifdef NEED_MD5
ifdef CONFIG_INTERNAL_MD5 ifdef CONFIG_INTERNAL_MD5
MD5OBJS += ../src/crypto/md5-internal.o MD5OBJS += ../src/crypto/md5-internal.o