From 983c6a606bc839248ea0c69090e60c095a655bc6 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Tue, 27 Jan 2015 13:26:01 +0200 Subject: [PATCH] OpenSSL: Replace internal HMAC-MD5 implementation Use OpenSSL HMAC_* functions to implement HMAC-MD5 instead of depending on the src/crypto/md5.c implementation. Signed-off-by: Jouni Malinen --- hostapd/Android.mk | 6 ++++-- hostapd/Makefile | 8 ++++--- src/crypto/crypto_openssl.c | 43 +++++++++++++++++++++++++++++++++++++ wpa_supplicant/Android.mk | 2 ++ wpa_supplicant/Makefile | 2 ++ 5 files changed, 56 insertions(+), 5 deletions(-) diff --git a/hostapd/Android.mk b/hostapd/Android.mk index c8ef46b90..17674f72f 100644 --- a/hostapd/Android.mk +++ b/hostapd/Android.mk @@ -181,8 +181,6 @@ OBJS += ctrl_iface.c OBJS += src/ap/ctrl_iface_ap.c endif -OBJS += src/crypto/md5.c - L_CFLAGS += -DCONFIG_CTRL_IFACE -DCONFIG_CTRL_IFACE_UNIX ifdef CONFIG_IAPP @@ -735,6 +733,10 @@ ifdef NEED_SHA1 OBJS += $(SHA1OBJS) endif +ifneq ($(CONFIG_TLS), openssl) +OBJS += src/crypto/md5.c +endif + ifdef NEED_MD5 ifdef CONFIG_INTERNAL_MD5 OBJS += src/crypto/md5-internal.c diff --git a/hostapd/Makefile b/hostapd/Makefile index 894b65274..513eb95a5 100644 --- a/hostapd/Makefile +++ b/hostapd/Makefile @@ -170,8 +170,6 @@ OBJS += ctrl_iface.o OBJS += ../src/ap/ctrl_iface_ap.o endif -OBJS += ../src/crypto/md5.o - CFLAGS += -DCONFIG_CTRL_IFACE -DCONFIG_CTRL_IFACE_UNIX ifdef CONFIG_IAPP @@ -728,6 +726,10 @@ ifdef NEED_SHA1 OBJS += $(SHA1OBJS) endif +ifneq ($(CONFIG_TLS), openssl) +OBJS += ../src/crypto/md5.o +endif + ifdef NEED_MD5 ifdef CONFIG_INTERNAL_MD5 OBJS += ../src/crypto/md5-internal.o @@ -954,7 +956,7 @@ hostapd_cli: $(OBJS_c) $(Q)$(CC) $(LDFLAGS) -o hostapd_cli $(OBJS_c) $(LIBS_c) @$(E) " LD " $@ -NOBJS = nt_password_hash.o ../src/crypto/ms_funcs.o $(SHA1OBJS) ../src/crypto/md5.o +NOBJS = nt_password_hash.o ../src/crypto/ms_funcs.o $(SHA1OBJS) NOBJS += ../src/utils/common.o ifdef NEED_RC4 ifdef CONFIG_INTERNAL_RC4 diff --git a/src/crypto/crypto_openssl.c b/src/crypto/crypto_openssl.c index f79055cfd..bbf4277a7 100644 --- a/src/crypto/crypto_openssl.c +++ b/src/crypto/crypto_openssl.c @@ -688,6 +688,49 @@ int crypto_hash_finish(struct crypto_hash *ctx, u8 *mac, size_t *len) } +#ifndef CONFIG_FIPS + +int hmac_md5_vector(const u8 *key, size_t key_len, size_t num_elem, + const u8 *addr[], const size_t *len, u8 *mac) +{ + HMAC_CTX ctx; + size_t i; + unsigned int mdlen; + int res; + + HMAC_CTX_init(&ctx); +#if OPENSSL_VERSION_NUMBER < 0x00909000 + HMAC_Init_ex(&ctx, key, key_len, EVP_md5(), NULL); +#else /* openssl < 0.9.9 */ + if (HMAC_Init_ex(&ctx, key, key_len, EVP_md5(), NULL) != 1) + return -1; +#endif /* openssl < 0.9.9 */ + + for (i = 0; i < num_elem; i++) + HMAC_Update(&ctx, addr[i], len[i]); + + mdlen = 16; +#if OPENSSL_VERSION_NUMBER < 0x00909000 + HMAC_Final(&ctx, mac, &mdlen); + res = 1; +#else /* openssl < 0.9.9 */ + res = HMAC_Final(&ctx, mac, &mdlen); +#endif /* openssl < 0.9.9 */ + HMAC_CTX_cleanup(&ctx); + + return res == 1 ? 0 : -1; +} + + +int hmac_md5(const u8 *key, size_t key_len, const u8 *data, size_t data_len, + u8 *mac) +{ + return hmac_md5_vector(key, key_len, 1, &data, &data_len, mac); +} + +#endif /* CONFIG_FIPS */ + + int pbkdf2_sha1(const char *passphrase, const u8 *ssid, size_t ssid_len, int iterations, u8 *buf, size_t buflen) { diff --git a/wpa_supplicant/Android.mk b/wpa_supplicant/Android.mk index 96a969e16..38041b6ec 100644 --- a/wpa_supplicant/Android.mk +++ b/wpa_supplicant/Android.mk @@ -1195,8 +1195,10 @@ endif MD5OBJS = ifndef CONFIG_FIPS +ifneq ($(CONFIG_TLS), openssl) MD5OBJS += src/crypto/md5.c endif +endif ifdef NEED_MD5 ifdef CONFIG_INTERNAL_MD5 MD5OBJS += src/crypto/md5-internal.c diff --git a/wpa_supplicant/Makefile b/wpa_supplicant/Makefile index 21486c4c1..2ffb00d44 100644 --- a/wpa_supplicant/Makefile +++ b/wpa_supplicant/Makefile @@ -1208,8 +1208,10 @@ endif endif ifndef CONFIG_FIPS +ifneq ($(CONFIG_TLS), openssl) MD5OBJS += ../src/crypto/md5.o endif +endif ifdef NEED_MD5 ifdef CONFIG_INTERNAL_MD5 MD5OBJS += ../src/crypto/md5-internal.o