From e234c7c0107da3c81c99c6a20dc947e4d6eb3c25 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Sat, 1 Aug 2015 21:06:03 +0300 Subject: [PATCH] OpenSSL: Remove md4_vector() from CONFIG_FIPS=y builds MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit MD4 is not allowed in such builds, so comment out md4_vector() from the build to force compile time failures for cases that cannot be supported instead of failing the MD¤ operations at runtime. This makes it easier to detect and fix accidental cases where MD4 could still be used in some older protocols. Signed-off-by: Jouni Malinen --- src/crypto/crypto_openssl.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/crypto/crypto_openssl.c b/src/crypto/crypto_openssl.c index 841e8cb6a..7d5038e13 100644 --- a/src/crypto/crypto_openssl.c +++ b/src/crypto/crypto_openssl.c @@ -93,10 +93,12 @@ static int openssl_digest_vector(const EVP_MD *type, size_t num_elem, } +#ifndef CONFIG_FIPS int md4_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac) { return openssl_digest_vector(EVP_md4(), num_elem, addr, len, mac); } +#endif /* CONFIG_FIPS */ void des_encrypt(const u8 *clear, const u8 *key, u8 *cypher)