Merged the hostap_2.6 updates, and the Leap of Faith work, from the hostap_update...

[mech_eap.git] / libeap / src / crypto / fips_prf_openssl.c

diff --git a/libeap/src/crypto/fips_prf_openssl.c b/libeap/src/crypto/fips_prf_openssl.c
index d0af983..4697e04 100644 (file)
--- a/libeap/src/crypto/fips_prf_openssl.c
+++ b/libeap/src/crypto/fips_prf_openssl.c
@@ -2,14 +2,8 @@
  * FIPS 186-2 PRF for libcrypto
  * Copyright (c) 2004-2005, Jouni Malinen <j@w1.fi>
  *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- *
- * Alternatively, this software may be distributed under the terms of BSD
- * license.
- *
- * See README and COPYING for more details.
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
  */
 
 #include "includes.h"
@@ -19,13 +13,35 @@
 #include "crypto.h"
 
 
-static void sha1_transform(u8 *state, const u8 data[64])
+static void sha1_transform(u32 *state, const u8 data[64])
 {
        SHA_CTX context;
        os_memset(&context, 0, sizeof(context));
-       os_memcpy(&context.h0, state, 5 * 4);
+#if defined(OPENSSL_IS_BORINGSSL) && !defined(ANDROID)
+       context.h[0] = state[0];
+       context.h[1] = state[1];
+       context.h[2] = state[2];
+       context.h[3] = state[3];
+       context.h[4] = state[4];
+       SHA1_Transform(&context, data);
+       state[0] = context.h[0];
+       state[1] = context.h[1];
+       state[2] = context.h[2];
+       state[3] = context.h[3];
+       state[4] = context.h[4];
+#else
+       context.h0 = state[0];
+       context.h1 = state[1];
+       context.h2 = state[2];
+       context.h3 = state[3];
+       context.h4 = state[4];
        SHA1_Transform(&context, data);
-       os_memcpy(state, &context.h0, 5 * 4);
+       state[0] = context.h0;
+       state[1] = context.h1;
+       state[2] = context.h2;
+       state[3] = context.h3;
+       state[4] = context.h4;
+#endif
 }
 
 
@@ -37,13 +53,14 @@ int fips186_2_prf(const u8 *seed, size_t seed_len, u8 *x, size_t xlen)
        u8 *xpos = x;
        u32 carry;
 
-       if (seed_len > sizeof(xkey))
+       if (seed_len < sizeof(xkey))
+               os_memset(xkey + seed_len, 0, sizeof(xkey) - seed_len);
+       else
                seed_len = sizeof(xkey);
 
        /* FIPS 186-2 + change notice 1 */
 
        os_memcpy(xkey, seed, seed_len);
-       os_memset(xkey + seed_len, 0, 64 - seed_len);
        t[0] = 0x67452301;
        t[1] = 0xEFCDAB89;
        t[2] = 0x98BADCFE;
@@ -58,13 +75,12 @@ int fips186_2_prf(const u8 *seed, size_t seed_len, u8 *x, size_t xlen)
 
                        /* w_i = G(t, XVAL) */
                        os_memcpy(_t, t, 20);
-                       sha1_transform((u8 *) _t, xkey);
-                       _t[0] = host_to_be32(_t[0]);
-                       _t[1] = host_to_be32(_t[1]);
-                       _t[2] = host_to_be32(_t[2]);
-                       _t[3] = host_to_be32(_t[3]);
-                       _t[4] = host_to_be32(_t[4]);
-                       os_memcpy(xpos, _t, 20);
+                       sha1_transform(_t, xkey);
+                       WPA_PUT_BE32(xpos, _t[0]);
+                       WPA_PUT_BE32(xpos + 4, _t[1]);
+                       WPA_PUT_BE32(xpos + 8, _t[2]);
+                       WPA_PUT_BE32(xpos + 12, _t[3]);
+                       WPA_PUT_BE32(xpos + 16, _t[4]);
 
                        /* XKEY = (1 + XKEY + w_i) mod 2^b */
                        carry = 1;