OpenSSL: Remove md5_vector() from CONFIG_FIPS=y builds

MD5 is not allowed in such builds, so comment out md5_vector() from the
build to force compile time failures for cases that cannot be supported
instead of failing the MD5 operations at runtime. This makes it easier
to detect and fix accidental cases where MD5 could still be used in some
older protocols.

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/src/crypto/crypto_openssl.c b/src/crypto/crypto_openssl.c
index bf38e11c11288ec67702d0d2f226d3927cc45d1e..841e8cb6a53f98b5088a8d8a9057ac0f2378b6b5 100644 (file)
--- a/src/crypto/crypto_openssl.c
+++ b/src/crypto/crypto_openssl.c
@@ -157,10 +157,12 @@ out:
 }
 
 
+#ifndef CONFIG_FIPS
 int md5_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)
 {
        return openssl_digest_vector(EVP_md5(), num_elem, addr, len, mac);
 }
+#endif /* CONFIG_FIPS */
 
 
 int sha1_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac)