EAP-pwd peer: Comment out MS password hash if CONFIG_FIPS=y

author Jouni Malinen <j@w1.fi>

Sat, 1 Aug 2015 18:03:30 +0000 (21:03 +0300)

committer Jouni Malinen <j@w1.fi>

Sun, 2 Aug 2015 13:52:56 +0000 (16:52 +0300)
author Jouni Malinen <j@w1.fi>
Sat, 1 Aug 2015 18:03:30 +0000 (21:03 +0300)
committer Jouni Malinen <j@w1.fi>
Sun, 2 Aug 2015 13:52:56 +0000 (16:52 +0300)
diff --git a/src/eap_peer/eap_pwd.c b/src/eap_peer/eap_pwd.c

index 5a60b3f..1f78544 100644 (file)
--- a/src/eap_peer/eap_pwd.c
+++ b/src/eap_peer/eap_pwd.c
@@ -288,6 +288,12 @@ eap_pwd_perform_id_exchange(struct eap_sm *sm, struct eap_pwd_data *data,
         }
  
         if (id->prep == EAP_PWD_PREP_MS) {
+#ifdef CONFIG_FIPS
+               wpa_printf(MSG_ERROR,
+                          "EAP-PWD (peer): MS password hash not supported in FIPS mode");
+               eap_pwd_state(data, FAILURE);
+               return;
+#else /* CONFIG_FIPS */
                 if (data->password_hash) {
                         res = hash_nt_password_hash(data->password, pwhashhash);
                 } else {
@@ -307,6 +313,7 @@ eap_pwd_perform_id_exchange(struct eap_sm *sm, struct eap_pwd_data *data,
  
                 password = pwhashhash;
                 password_len = sizeof(pwhashhash);
+#endif /* CONFIG_FIPS */
         } else {
                 password = data->password;
                 password_len = data->password_len;
author	Jouni Malinen <j@w1.fi>
	Sat, 1 Aug 2015 18:03:30 +0000 (21:03 +0300)
committer	Jouni Malinen <j@w1.fi>
	Sun, 2 Aug 2015 13:52:56 +0000 (16:52 +0300)