From 5c87fcc154763f4c32505305b34d09a0363a455f Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Thu, 26 May 2022 23:35:16 +0300 Subject: [PATCH] OpenSSL: Use internal FIPS 186-2 PRF with OpenSSL 3.0 OpenSSL 3.0 has deprecated the low-level SHA1 functions and does not include an upper layer interface that could be used to use the SHA1_Transform() function. Use the internal SHA-1 implementation instead as a workaround. While this type of duplicate implementation of SHA-1 is not really ideal, this PRF is needed only for EAP-SIM/AKA and there does not seem to be sufficient justification to try to get this working more cleanly with OpenSSL 3.0. Signed-off-by: Jouni Malinen --- src/crypto/fips_prf_openssl.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/src/crypto/fips_prf_openssl.c b/src/crypto/fips_prf_openssl.c index 4697e0410..484f77209 100644 --- a/src/crypto/fips_prf_openssl.c +++ b/src/crypto/fips_prf_openssl.c @@ -7,6 +7,19 @@ */ #include "includes.h" +#include + +#if OPENSSL_VERSION_NUMBER >= 0x30000000L + +/* OpenSSL 3.0 has deprecated the low-level SHA1 functions and does not + * include an upper layer interface that could be used to use the + * SHA1_Transform() function. Use the internal SHA-1 implementation instead + * as a workaround. */ +#include "sha1-internal.c" +#include "fips_prf_internal.c" + +#else /* OpenSSL version >= 3.0 */ + #include #include "common.h" @@ -97,3 +110,5 @@ int fips186_2_prf(const u8 *seed, size_t seed_len, u8 *x, size_t xlen) return 0; } + +#endif /* OpenSSL version >= 3.0 */ -- 2.47.2