EAP-TTLS: Disable CHAP, MSCHAP, and MSCHAPV2 in CONFIG_FIPS=y builds
FIPS builds do not include support for MD4/MD5, so disable EAP-TTLS/CHAP, MSCHAP, and MSCHAPV2 when CONFIG_FIPS=y is used. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen
parent
125bbef0e7
commit
835c89a16b
3 changed files with 23 additions and 2 deletions
|
|
@ -254,11 +254,13 @@ static int eap_ttls_v0_derive_key(struct eap_sm *sm,
|
|||
}
|
||||
|
||||
|
||||
#ifndef CONFIG_FIPS
|
||||
static u8 * eap_ttls_implicit_challenge(struct eap_sm *sm,
|
||||
struct eap_ttls_data *data, size_t len)
|
||||
{
|
||||
return eap_peer_tls_derive_key(sm, &data->ssl, "ttls challenge", len);
|
||||
}
|
||||
#endif /* CONFIG_FIPS */
|
||||
|
||||
|
||||
static void eap_ttls_phase2_select_eap_method(struct eap_ttls_data *data,
|
||||
|
|
@ -429,6 +431,10 @@ static int eap_ttls_phase2_request_mschapv2(struct eap_sm *sm,
|
|||
struct eap_method_ret *ret,
|
||||
struct wpabuf **resp)
|
||||
{
|
||||
#ifdef CONFIG_FIPS
|
||||
wpa_printf(MSG_ERROR, "EAP-TTLS: MSCHAPV2 not supported in FIPS build");
|
||||
return -1;
|
||||
#else /* CONFIG_FIPS */
|
||||
#ifdef EAP_MSCHAPv2
|
||||
struct wpabuf *msg;
|
||||
u8 *buf, *pos, *challenge, *peer_challenge;
|
||||
|
|
@ -511,6 +517,7 @@ static int eap_ttls_phase2_request_mschapv2(struct eap_sm *sm,
|
|||
wpa_printf(MSG_ERROR, "EAP-TTLS: MSCHAPv2 not included in the build");
|
||||
return -1;
|
||||
#endif /* EAP_MSCHAPv2 */
|
||||
#endif /* CONFIG_FIPS */
|
||||
}
|
||||
|
||||
|
||||
|
|
@ -519,6 +526,10 @@ static int eap_ttls_phase2_request_mschap(struct eap_sm *sm,
|
|||
struct eap_method_ret *ret,
|
||||
struct wpabuf **resp)
|
||||
{
|
||||
#ifdef CONFIG_FIPS
|
||||
wpa_printf(MSG_ERROR, "EAP-TTLS: MSCHAP not supported in FIPS build");
|
||||
return -1;
|
||||
#else /* CONFIG_FIPS */
|
||||
struct wpabuf *msg;
|
||||
u8 *buf, *pos, *challenge;
|
||||
const u8 *identity, *password;
|
||||
|
|
@ -593,6 +604,7 @@ static int eap_ttls_phase2_request_mschap(struct eap_sm *sm,
|
|||
ret->decision = DECISION_COND_SUCC;
|
||||
|
||||
return 0;
|
||||
#endif /* CONFIG_FIPS */
|
||||
}
|
||||
|
||||
|
||||
|
|
@ -655,6 +667,10 @@ static int eap_ttls_phase2_request_chap(struct eap_sm *sm,
|
|||
struct eap_method_ret *ret,
|
||||
struct wpabuf **resp)
|
||||
{
|
||||
#ifdef CONFIG_FIPS
|
||||
wpa_printf(MSG_ERROR, "EAP-TTLS: CHAP not supported in FIPS build");
|
||||
return -1;
|
||||
#else /* CONFIG_FIPS */
|
||||
struct wpabuf *msg;
|
||||
u8 *buf, *pos, *challenge;
|
||||
const u8 *identity, *password;
|
||||
|
|
@ -723,6 +739,7 @@ static int eap_ttls_phase2_request_chap(struct eap_sm *sm,
|
|||
ret->decision = DECISION_COND_SUCC;
|
||||
|
||||
return 0;
|
||||
#endif /* CONFIG_FIPS */
|
||||
}
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -428,9 +428,11 @@ L_CFLAGS += -DEAP_TTLS
|
|||
OBJS += src/eap_peer/eap_ttls.c
|
||||
OBJS_h += src/eap_server/eap_server_ttls.c
|
||||
endif
|
||||
MS_FUNCS=y
|
||||
TLS_FUNCS=y
|
||||
ifndef CONFIG_FIPS
|
||||
MS_FUNCS=y
|
||||
CHAP=y
|
||||
endif
|
||||
CONFIG_IEEE8021X_EAPOL=y
|
||||
endif
|
||||
|
||||
|
|
|
|||
|
|
@ -425,9 +425,11 @@ CFLAGS += -DEAP_TTLS
|
|||
OBJS += ../src/eap_peer/eap_ttls.o
|
||||
OBJS_h += ../src/eap_server/eap_server_ttls.o
|
||||
endif
|
||||
MS_FUNCS=y
|
||||
TLS_FUNCS=y
|
||||
ifndef CONFIG_FIPS
|
||||
MS_FUNCS=y
|
||||
CHAP=y
|
||||
endif
|
||||
CONFIG_IEEE8021X_EAPOL=y
|
||||
endif
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue