EAP peer: Replace MD5 with SHA1 in duplicate message workaround

MD5 is not available in CONFIG_FIPS=y builds, so use SHA1 for the EAP
peer workaround that tries to detect more robustly whether a duplicate
message was sent.

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/src/eap_peer/eap.c b/src/eap_peer/eap.c
index c8a1231b30f2d8acbf4b6bdbf2bc7352748a2d98..56c24b5503200b2f06099c2f7886887759a49efb 100644 (file)
--- a/src/eap_peer/eap.c
+++ b/src/eap_peer/eap.c
@@ -708,7 +708,7 @@ SM_STATE(EAP, SEND_RESPONSE)
        wpabuf_free(sm->lastRespData);
        if (sm->eapRespData) {
                if (sm->workaround)
-                       os_memcpy(sm->last_md5, sm->req_md5, 16);
+                       os_memcpy(sm->last_sha1, sm->req_sha1, 20);
                sm->lastId = sm->reqId;
                sm->lastRespData = wpabuf_dup(sm->eapRespData);
                eapol_set_bool(sm, EAPOL_eapResp, TRUE);
@@ -914,12 +914,12 @@ static int eap_peer_req_is_duplicate(struct eap_sm *sm)
 
        duplicate = (sm->reqId == sm->lastId) && sm->rxReq;
        if (sm->workaround && duplicate &&
-           os_memcmp(sm->req_md5, sm->last_md5, 16) != 0) {
+           os_memcmp(sm->req_sha1, sm->last_sha1, 20) != 0) {
                /*
                 * RFC 4137 uses (reqId == lastId) as the only verification for
                 * duplicate EAP requests. However, this misses cases where the
                 * AS is incorrectly using the same id again; and
-                * unfortunately, such implementations exist. Use MD5 hash as
+                * unfortunately, such implementations exist. Use SHA1 hash as
                 * an extra verification for the packets being duplicate to
                 * workaround these issues.
                 */
@@ -1765,7 +1765,7 @@ static void eap_sm_parseEapReq(struct eap_sm *sm, const struct wpabuf *req)
        if (sm->workaround) {
                const u8 *addr[1];
                addr[0] = wpabuf_head(req);
-               md5_vector(1, addr, &plen, sm->req_md5);
+               sha1_vector(1, addr, &plen, sm->req_sha1);
        }
 
        switch (hdr->code) {

diff --git a/src/eap_peer/eap_i.h b/src/eap_peer/eap_i.h
index 5f8b5fa78b1fc2fac58662ec13027e29b4e29366..99b44dae4e34ea9a2e41c0a968dc8972d5d31dc3 100644 (file)
--- a/src/eap_peer/eap_i.h
+++ b/src/eap_peer/eap_i.h
@@ -338,9 +338,9 @@ struct eap_sm {
        Boolean rxResp /* LEAP only */;
        Boolean leap_done;
        Boolean peap_done;
-       u8 req_md5[16]; /* MD5() of the current EAP packet */
-       u8 last_md5[16]; /* MD5() of the previously received EAP packet; used
-                         * in duplicate request detection. */
+       u8 req_sha1[20]; /* SHA1() of the current EAP packet */
+       u8 last_sha1[20]; /* SHA1() of the previously received EAP packet; used
+                          * in duplicate request detection. */
 
        void *msg_ctx;
        void *scard_ctx;