OpenSSL: Replace internal HMAC-MD5 implementation

Use OpenSSL HMAC_* functions to implement HMAC-MD5 instead of depending
on the src/crypto/md5.c implementation.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

diff --git a/hostapd/Android.mk b/hostapd/Android.mk
index c8ef46b..17674f7 100644 (file)
--- a/hostapd/Android.mk
+++ b/hostapd/Android.mk
@@ -181,8 +181,6 @@ OBJS += ctrl_iface.c
 OBJS += src/ap/ctrl_iface_ap.c
 endif
 
-OBJS += src/crypto/md5.c
-
 L_CFLAGS += -DCONFIG_CTRL_IFACE -DCONFIG_CTRL_IFACE_UNIX
 
 ifdef CONFIG_IAPP
@@ -735,6 +733,10 @@ ifdef NEED_SHA1
 OBJS += $(SHA1OBJS)
 endif
 
+ifneq ($(CONFIG_TLS), openssl)
+OBJS += src/crypto/md5.c
+endif
+
 ifdef NEED_MD5
 ifdef CONFIG_INTERNAL_MD5
 OBJS += src/crypto/md5-internal.c

diff --git a/hostapd/Makefile b/hostapd/Makefile
index 894b652..513eb95 100644 (file)
--- a/hostapd/Makefile
+++ b/hostapd/Makefile
@@ -170,8 +170,6 @@ OBJS += ctrl_iface.o
 OBJS += ../src/ap/ctrl_iface_ap.o
 endif
 
-OBJS += ../src/crypto/md5.o
-
 CFLAGS += -DCONFIG_CTRL_IFACE -DCONFIG_CTRL_IFACE_UNIX
 
 ifdef CONFIG_IAPP
@@ -728,6 +726,10 @@ ifdef NEED_SHA1
 OBJS += $(SHA1OBJS)
 endif
 
+ifneq ($(CONFIG_TLS), openssl)
+OBJS += ../src/crypto/md5.o
+endif
+
 ifdef NEED_MD5
 ifdef CONFIG_INTERNAL_MD5
 OBJS += ../src/crypto/md5-internal.o
@@ -954,7 +956,7 @@ hostapd_cli: $(OBJS_c)
        $(Q)$(CC) $(LDFLAGS) -o hostapd_cli $(OBJS_c) $(LIBS_c)
        @$(E) "  LD " $@
 
-NOBJS = nt_password_hash.o ../src/crypto/ms_funcs.o $(SHA1OBJS) ../src/crypto/md5.o
+NOBJS = nt_password_hash.o ../src/crypto/ms_funcs.o $(SHA1OBJS)
 NOBJS += ../src/utils/common.o
 ifdef NEED_RC4
 ifdef CONFIG_INTERNAL_RC4

diff --git a/src/crypto/crypto_openssl.c b/src/crypto/crypto_openssl.c
index f79055c..bbf4277 100644 (file)
--- a/src/crypto/crypto_openssl.c
+++ b/src/crypto/crypto_openssl.c
@@ -688,6 +688,49 @@ int crypto_hash_finish(struct crypto_hash *ctx, u8 *mac, size_t *len)
 }
 
 
+#ifndef CONFIG_FIPS
+
+int hmac_md5_vector(const u8 *key, size_t key_len, size_t num_elem,
+                   const u8 *addr[], const size_t *len, u8 *mac)
+{
+       HMAC_CTX ctx;
+       size_t i;
+       unsigned int mdlen;
+       int res;
+
+       HMAC_CTX_init(&ctx);
+#if OPENSSL_VERSION_NUMBER < 0x00909000
+       HMAC_Init_ex(&ctx, key, key_len, EVP_md5(), NULL);
+#else /* openssl < 0.9.9 */
+       if (HMAC_Init_ex(&ctx, key, key_len, EVP_md5(), NULL) != 1)
+               return -1;
+#endif /* openssl < 0.9.9 */
+
+       for (i = 0; i < num_elem; i++)
+               HMAC_Update(&ctx, addr[i], len[i]);
+
+       mdlen = 16;
+#if OPENSSL_VERSION_NUMBER < 0x00909000
+       HMAC_Final(&ctx, mac, &mdlen);
+       res = 1;
+#else /* openssl < 0.9.9 */
+       res = HMAC_Final(&ctx, mac, &mdlen);
+#endif /* openssl < 0.9.9 */
+       HMAC_CTX_cleanup(&ctx);
+
+       return res == 1 ? 0 : -1;
+}
+
+
+int hmac_md5(const u8 *key, size_t key_len, const u8 *data, size_t data_len,
+            u8 *mac)
+{
+       return hmac_md5_vector(key, key_len, 1, &data, &data_len, mac);
+}
+
+#endif /* CONFIG_FIPS */
+
+
 int pbkdf2_sha1(const char *passphrase, const u8 *ssid, size_t ssid_len,
                int iterations, u8 *buf, size_t buflen)
 {

diff --git a/wpa_supplicant/Android.mk b/wpa_supplicant/Android.mk
index 96a969e..38041b6 100644 (file)
--- a/wpa_supplicant/Android.mk
+++ b/wpa_supplicant/Android.mk
@@ -1195,8 +1195,10 @@ endif
 
 MD5OBJS =
 ifndef CONFIG_FIPS
+ifneq ($(CONFIG_TLS), openssl)
 MD5OBJS += src/crypto/md5.c
 endif
+endif
 ifdef NEED_MD5
 ifdef CONFIG_INTERNAL_MD5
 MD5OBJS += src/crypto/md5-internal.c

diff --git a/wpa_supplicant/Makefile b/wpa_supplicant/Makefile
index 21486c4..2ffb00d 100644 (file)
--- a/wpa_supplicant/Makefile
+++ b/wpa_supplicant/Makefile
@@ -1208,8 +1208,10 @@ endif
 endif
 
 ifndef CONFIG_FIPS
+ifneq ($(CONFIG_TLS), openssl)
 MD5OBJS += ../src/crypto/md5.o
 endif
+endif
 ifdef NEED_MD5
 ifdef CONFIG_INTERNAL_MD5
 MD5OBJS += ../src/crypto/md5-internal.o