From 4549607b04000b5c08c1ace5ea962c2bb3402134 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Sat, 1 Aug 2015 21:03:30 +0300 Subject: [PATCH] EAP-pwd peer: Comment out MS password hash if CONFIG_FIPS=y The needed hash functions are not available in FIPS mode. Signed-off-by: Jouni Malinen --- src/eap_peer/eap_pwd.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/eap_peer/eap_pwd.c b/src/eap_peer/eap_pwd.c index 5a60b3f74..1f785443e 100644 --- a/src/eap_peer/eap_pwd.c +++ b/src/eap_peer/eap_pwd.c @@ -288,6 +288,12 @@ eap_pwd_perform_id_exchange(struct eap_sm *sm, struct eap_pwd_data *data, } if (id->prep == EAP_PWD_PREP_MS) { +#ifdef CONFIG_FIPS + wpa_printf(MSG_ERROR, + "EAP-PWD (peer): MS password hash not supported in FIPS mode"); + eap_pwd_state(data, FAILURE); + return; +#else /* CONFIG_FIPS */ if (data->password_hash) { res = hash_nt_password_hash(data->password, pwhashhash); } else { @@ -307,6 +313,7 @@ eap_pwd_perform_id_exchange(struct eap_sm *sm, struct eap_pwd_data *data, password = pwhashhash; password_len = sizeof(pwhashhash); +#endif /* CONFIG_FIPS */ } else { password = data->password; password_len = data->password_len;