Updated through tag hostap_2_5 from git://w1.fi/hostap.git

[mech_eap.git] / libeap / src / crypto / sha1-tlsprf.c

diff --git a/libeap/src/crypto/sha1-tlsprf.c b/libeap/src/crypto/sha1-tlsprf.c
index 2c8c029..f9bc0eb 100644 (file)
--- a/libeap/src/crypto/sha1-tlsprf.c
+++ b/libeap/src/crypto/sha1-tlsprf.c
@@ -2,14 +2,8 @@
  * TLS PRF (SHA1 + MD5)
  * Copyright (c) 2003-2005, Jouni Malinen <j@w1.fi>
  *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- *
- * Alternatively, this software may be distributed under the terms of BSD
- * license.
- *
- * See README and COPYING for more details.
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
  */
 
 #include "includes.h"
@@ -17,11 +11,10 @@
 #include "common.h"
 #include "sha1.h"
 #include "md5.h"
-#include "crypto.h"
 
 
 /**
- * tls_prf - Pseudo-Random Function for TLS (TLS-PRF, RFC 2246)
+ * tls_prf_sha1_md5 - Pseudo-Random Function for TLS (TLS-PRF, RFC 2246)
  * @secret: Key for PRF
  * @secret_len: Length of the key in bytes
  * @label: A unique label for each purpose of the PRF
@@ -34,8 +27,8 @@
  * This function is used to derive new, cryptographically separate keys from a
  * given key in TLS. This PRF is defined in RFC 2246, Chapter 5.
  */
-int tls_prf(const u8 *secret, size_t secret_len, const char *label,
-           const u8 *seed, size_t seed_len, u8 *out, size_t outlen)
+int tls_prf_sha1_md5(const u8 *secret, size_t secret_len, const char *label,
+                    const u8 *seed, size_t seed_len, u8 *out, size_t outlen)
 {
        size_t L_S1, L_S2, i;
        const u8 *S1, *S2;
@@ -78,19 +71,16 @@ int tls_prf(const u8 *secret, size_t secret_len, const char *label,
                S2--;
        }
 
-       hmac_md5_vector_non_fips_allow(S1, L_S1, 2, &MD5_addr[1], &MD5_len[1],
-                                      A_MD5);
+       hmac_md5_vector(S1, L_S1, 2, &MD5_addr[1], &MD5_len[1], A_MD5);
        hmac_sha1_vector(S2, L_S2, 2, &SHA1_addr[1], &SHA1_len[1], A_SHA1);
 
        MD5_pos = MD5_MAC_LEN;
        SHA1_pos = SHA1_MAC_LEN;
        for (i = 0; i < outlen; i++) {
                if (MD5_pos == MD5_MAC_LEN) {
-                       hmac_md5_vector_non_fips_allow(S1, L_S1, 3, MD5_addr,
-                                                      MD5_len, P_MD5);
+                       hmac_md5_vector(S1, L_S1, 3, MD5_addr, MD5_len, P_MD5);
                        MD5_pos = 0;
-                       hmac_md5_non_fips_allow(S1, L_S1, A_MD5, MD5_MAC_LEN,
-                                               A_MD5);
+                       hmac_md5(S1, L_S1, A_MD5, MD5_MAC_LEN, A_MD5);
                }
                if (SHA1_pos == SHA1_MAC_LEN) {
                        hmac_sha1_vector(S2, L_S2, 3, SHA1_addr, SHA1_len,
@@ -105,5 +95,10 @@ int tls_prf(const u8 *secret, size_t secret_len, const char *label,
                SHA1_pos++;
        }
 
+       os_memset(A_MD5, 0, MD5_MAC_LEN);
+       os_memset(P_MD5, 0, MD5_MAC_LEN);
+       os_memset(A_SHA1, 0, SHA1_MAC_LEN);
+       os_memset(P_SHA1, 0, SHA1_MAC_LEN);
+
        return 0;
 }