Do not export TLS keys in FIPS mode
Only allow the TLS library keying material exporter functionality to be used for MSK derivation with TLS-based EAP methods to avoid exporting internal TLS keys from the library. Signed-hostap: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen
parent
411f567050
commit
c9e08af24f
3 changed files with 12 additions and 0 deletions
|
|
@ -847,8 +847,10 @@ NEED_DES=y
|
|||
# Shared TLS functions (needed for EAP_TLS, EAP_PEAP, EAP_TTLS, and EAP_FAST)
|
||||
OBJS += ../src/eap_peer/eap_tls_common.o
|
||||
OBJS_h += ../src/eap_server/eap_server_tls_common.o
|
||||
ifndef CONFIG_FIPS
|
||||
NEED_TLS_PRF=y
|
||||
endif
|
||||
endif
|
||||
|
||||
ifndef CONFIG_TLS
|
||||
CONFIG_TLS=openssl
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue