could easily be extended to more digests in the future. For now, an attempt to use these functions with anything other than MD5 will
not work.
/* Allow FIPS override for use of MD5 here, really this does not have to be MD5 as we are just taking a MD5 hash of the 6 bytes of 0's(macAddress) */
/* and filling in the Data1-Data4 fields of the CLIENT_HARDWARE_ID structure(from MS-RDPELE section 2.2.2.3.1). This is for RDP licensing packets */
/* which will already be encrypted under FIPS, so the use of MD5 here is not for sensitive data protection. */
- if (!winpr_Digest_MD5_Allow_FIPS(macAddress, sizeof(macAddress), &license->HardwareId[HWID_PLATFORM_ID_LENGTH], WINPR_MD5_DIGEST_LENGTH))
+ if (!winpr_Digest_Allow_FIPS(WINPR_MD_MD5, macAddress, sizeof(macAddress), &license->HardwareId[HWID_PLATFORM_ID_LENGTH], WINPR_MD5_DIGEST_LENGTH))
return FALSE;
return TRUE;
/* Allow FIPS override for use of MD5 here, this is used for creating hashes of the premaster_secret and master_secret */
/* used for RDP licensing as described in MS-RDPELE. This is for RDP licensing packets */
/* which will already be encrypted under FIPS, so the use of MD5 here is not for sensitive data protection. */
- if (!winpr_Digest_Init_MD5_Allow_FIPS(md5))
+ if (!winpr_Digest_Init_Allow_FIPS(md5, WINPR_MD_MD5))
goto out;
if (!winpr_Digest_Update(md5, salt, 48)) /* Salt (48 bytes) */
goto out;
if (!(md5 = winpr_Digest_New()))
return FALSE;
- if (!winpr_Digest_Init_MD5_Allow_FIPS(md5))
+ if (!winpr_Digest_Init_Allow_FIPS(md5, WINPR_MD_MD5))
goto out;
if (!winpr_Digest_Update(md5, in0, 16))
goto out;
/* Allow FIPS override for use of MD5 here, this is only used for creating the MACData field of the */
/* Client Platform Challenge Response packet (from MS-RDPELE section 2.2.2.5). This is for RDP licensing packets */
/* which will already be encrypted under FIPS, so the use of MD5 here is not for sensitive data protection. */
- if (!winpr_Digest_Init_MD5_Allow_FIPS(md5))
+ if (!winpr_Digest_Init_Allow_FIPS(md5, WINPR_MD_MD5))
goto out;
if (!winpr_Digest_Update(md5, mac_salt_key, 16)) /* MacSaltKey */
goto out;
#endif
WINPR_API WINPR_DIGEST_CTX* winpr_Digest_New(void);
-WINPR_API BOOL winpr_Digest_Init_MD5_Allow_FIPS(WINPR_DIGEST_CTX* ctx);
+WINPR_API BOOL winpr_Digest_Init_Allow_FIPS(WINPR_DIGEST_CTX* ctx, WINPR_MD_TYPE md);
WINPR_API BOOL winpr_Digest_Init(WINPR_DIGEST_CTX* ctx, WINPR_MD_TYPE md);
WINPR_API BOOL winpr_Digest_Update(WINPR_DIGEST_CTX* ctx, const BYTE* input, size_t ilen);
WINPR_API BOOL winpr_Digest_Final(WINPR_DIGEST_CTX* ctx, BYTE* output, size_t ilen);
WINPR_API void winpr_Digest_Free(WINPR_DIGEST_CTX* ctx);
-WINPR_API BOOL winpr_Digest_MD5_Allow_FIPS(const BYTE* input, size_t ilen, BYTE* output, size_t olen);
+WINPR_API BOOL winpr_Digest_Allow_FIPS(int md, const BYTE* input, size_t ilen, BYTE* output, size_t olen);
WINPR_API BOOL winpr_Digest(int md, const BYTE* input, size_t ilen, BYTE* output, size_t olen);
#ifdef __cplusplus
}
#endif
-BOOL winpr_Digest_Init_MD5_Allow_FIPS(WINPR_DIGEST_CTX* ctx)
+BOOL winpr_Digest_Init_Allow_FIPS(WINPR_DIGEST_CTX* ctx, WINPR_MD_TYPE md)
{
#if defined(WITH_OPENSSL)
EVP_MD_CTX* mdctx = (EVP_MD_CTX*) ctx;
- const EVP_MD* evp = EVP_md5();
+ const EVP_MD* evp = winpr_openssl_get_evp_md(md);
+
+ /* Only MD5 is supported for FIPS allow override */
+ if (md != WINPR_MD_MD5)
+ return FALSE;
EVP_MD_CTX_set_flags(mdctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
- return winpr_Digest_Init_Internal(ctx, WINPR_MD_MD5, evp);
+ return winpr_Digest_Init_Internal(ctx, md, evp);
#elif defined(WITH_MBEDTLS)
- return winpr_Digest_Init_Internal(ctx, WINPR_MD_MD5);
+ /* Only MD5 is supported for FIPS allow override */
+ if (md != WINPR_MD_MD5)
+ return FALSE;
+ return winpr_Digest_Init_Internal(ctx, md);
#endif
}
#endif
}
-BOOL winpr_Digest_MD5_Allow_FIPS(const BYTE* input, size_t ilen, BYTE* output, size_t olen)
+BOOL winpr_Digest_Allow_FIPS(int md, const BYTE* input, size_t ilen, BYTE* output, size_t olen)
{
BOOL result = FALSE;
WINPR_DIGEST_CTX *ctx = winpr_Digest_New();
if (!ctx)
return FALSE;
- if (!winpr_Digest_Init_MD5_Allow_FIPS(ctx))
+ if (!winpr_Digest_Init_Allow_FIPS(ctx, md))
goto out;
if (!winpr_Digest_Update(ctx, input, ilen))
goto out;