Crypto build cleanup: remove CONFIG_NO_T_PRF

Instead of using a define and conditional building of sha1.c parts,
move the T-PRF implementation into a separate file.

hostapd/Makefile

@@ -38,6 +38,8 @@ CFLAGS += -DCONFIG_NATIVE_WINDOWS
 LIBS += -lws2_32
 endif
 
+SHA1OBJS = ../src/crypto/sha1.o
+
 OBJS =	hostapd.o main.o ieee802_1x.o eapol_sm.o \
 	config.o ieee802_11_auth.o \
 	sta_info.o wpa.o \
@@ -88,7 +90,6 @@ endif
 
 OBJS += ../src/crypto/md5.o
 OBJS += ../src/crypto/rc4.o
-OBJS += ../src/crypto/sha1.o
 
 AESOBJS = ../src/crypto/aes_wrap.o
 
@@ -541,9 +542,9 @@ ifdef CONFIG_INTERNAL_AES
 AESOBJS += ../src/crypto/aes-internal.o
 endif
 ifdef CONFIG_INTERNAL_SHA1
-OBJS += ../src/crypto/sha1-internal.o
+SHA1OBJS += ../src/crypto/sha1-internal.o
 ifdef NEED_FIPS186_2_PRF
-OBJS += ../src/crypto/fips_prf_internal.o
+SHA1OBJS += ../src/crypto/fips_prf_internal.o
 endif
 endif
 ifdef CONFIG_INTERNAL_MD5
@@ -567,8 +568,8 @@ ifdef NEED_DH_GROUPS
 OBJS += ../src/crypto/dh_groups.o
 endif
 
-ifndef NEED_T_PRF
-CFLAGS += -DCONFIG_NO_T_PRF
+ifdef NEED_T_PRF
+SHA1OBJS += ../src/crypto/sha1-tprf.o
 endif
 
 ifndef NEED_TLS_PRF
@@ -616,6 +617,8 @@ CFLAGS += -DCONFIG_NO_AES_DECRYPT
 CFLAGS += -DCONFIG_NO_AES_ENCRYPT_BLOCK
 endif
 
+OBJS += $(SHA1OBJS)
+
 ALL=hostapd hostapd_cli
 
 all: verify_config $(ALL)
@@ -650,10 +653,7 @@ OBJS_c = hostapd_cli.o ../src/common/wpa_ctrl.o ../src/utils/os_$(CONFIG_OS).o
 hostapd_cli: $(OBJS_c)
 	$(CC) -o hostapd_cli $(OBJS_c)
 
-NOBJS = nt_password_hash.o ../src/crypto/ms_funcs.o ../src/crypto/sha1.o ../src/crypto/rc4.o ../src/crypto/md5.o
-ifdef CONFIG_INTERNAL_SHA1
-NOBJS += ../src/crypto/sha1-internal.o
-endif
+NOBJS = nt_password_hash.o ../src/crypto/ms_funcs.o $(SHA1OBJS) ../src/crypto/rc4.o ../src/crypto/md5.o
 ifdef CONFIG_INTERNAL_MD5
 NOBJS += ../src/crypto/md5-internal.o
 endif

src/crypto/sha1-tprf.c

@@ -0,0 +1,72 @@
+/*
+ * SHA1 T-PRF for EAP-FAST
+ * Copyright (c) 2003-2005, Jouni Malinen <j@w1.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
+#include "includes.h"
+
+#include "common.h"
+#include "sha1.h"
+#include "crypto.h"
+
+/**
+ * sha1_t_prf - EAP-FAST Pseudo-Random Function (T-PRF)
+ * @key: Key for PRF
+ * @key_len: Length of the key in bytes
+ * @label: A unique label for each purpose of the PRF
+ * @seed: Seed value to bind into the key
+ * @seed_len: Length of the seed
+ * @buf: Buffer for the generated pseudo-random key
+ * @buf_len: Number of bytes of key to generate
+ *
+ * This function is used to derive new, cryptographically separate keys from a
+ * given key for EAP-FAST. T-PRF is defined in RFC 4851, Section 5.5.
+ */
+void sha1_t_prf(const u8 *key, size_t key_len, const char *label,
+		const u8 *seed, size_t seed_len, u8 *buf, size_t buf_len)
+{
+	unsigned char counter = 0;
+	size_t pos, plen;
+	u8 hash[SHA1_MAC_LEN];
+	size_t label_len = os_strlen(label);
+	u8 output_len[2];
+	const unsigned char *addr[5];
+	size_t len[5];
+
+	addr[0] = hash;
+	len[0] = 0;
+	addr[1] = (unsigned char *) label;
+	len[1] = label_len + 1;
+	addr[2] = seed;
+	len[2] = seed_len;
+	addr[3] = output_len;
+	len[3] = 2;
+	addr[4] = &counter;
+	len[4] = 1;
+
+	output_len[0] = (buf_len >> 8) & 0xff;
+	output_len[1] = buf_len & 0xff;
+	pos = 0;
+	while (pos < buf_len) {
+		counter++;
+		plen = buf_len - pos;
+		hmac_sha1_vector(key, key_len, 5, addr, len, hash);
+		if (plen >= SHA1_MAC_LEN) {
+			os_memcpy(&buf[pos], hash, SHA1_MAC_LEN);
+			pos += SHA1_MAC_LEN;
+		} else {
+			os_memcpy(&buf[pos], hash, plen);
+			break;
+		}
+		len[0] = SHA1_MAC_LEN;
+	}
+}

src/crypto/sha1.c

@@ -155,62 +155,6 @@ void sha1_prf(const u8 *key, size_t key_len, const char *label,
 }
 
 
-#ifndef CONFIG_NO_T_PRF
-/**
- * sha1_t_prf - EAP-FAST Pseudo-Random Function (T-PRF)
- * @key: Key for PRF
- * @key_len: Length of the key in bytes
- * @label: A unique label for each purpose of the PRF
- * @seed: Seed value to bind into the key
- * @seed_len: Length of the seed
- * @buf: Buffer for the generated pseudo-random key
- * @buf_len: Number of bytes of key to generate
- *
- * This function is used to derive new, cryptographically separate keys from a
- * given key for EAP-FAST. T-PRF is defined in RFC 4851, Section 5.5.
- */
-void sha1_t_prf(const u8 *key, size_t key_len, const char *label,
-		const u8 *seed, size_t seed_len, u8 *buf, size_t buf_len)
-{
-	unsigned char counter = 0;
-	size_t pos, plen;
-	u8 hash[SHA1_MAC_LEN];
-	size_t label_len = os_strlen(label);
-	u8 output_len[2];
-	const unsigned char *addr[5];
-	size_t len[5];
-
-	addr[0] = hash;
-	len[0] = 0;
-	addr[1] = (unsigned char *) label;
-	len[1] = label_len + 1;
-	addr[2] = seed;
-	len[2] = seed_len;
-	addr[3] = output_len;
-	len[3] = 2;
-	addr[4] = &counter;
-	len[4] = 1;
-
-	output_len[0] = (buf_len >> 8) & 0xff;
-	output_len[1] = buf_len & 0xff;
-	pos = 0;
-	while (pos < buf_len) {
-		counter++;
-		plen = buf_len - pos;
-		hmac_sha1_vector(key, key_len, 5, addr, len, hash);
-		if (plen >= SHA1_MAC_LEN) {
-			os_memcpy(&buf[pos], hash, SHA1_MAC_LEN);
-			pos += SHA1_MAC_LEN;
-		} else {
-			os_memcpy(&buf[pos], hash, plen);
-			break;
-		}
-		len[0] = SHA1_MAC_LEN;
-	}
-}
-#endif /* CONFIG_NO_T_PRF */
-
-
 #ifndef CONFIG_NO_TLS_PRF
 /**
  * tls_prf - Pseudo-Random Function for TLS (TLS-PRF, RFC 2246)

wpa_supplicant/Makefile

@@ -1086,8 +1086,8 @@ ifdef NEED_DH_GROUPS
 OBJS += ../src/crypto/dh_groups.o
 endif
 
-ifndef NEED_T_PRF
-CFLAGS += -DCONFIG_NO_T_PRF
+ifdef NEED_T_PRF
+SHA1OBJS += ../src/crypto/sha1-tprf.o
 endif
 
 ifndef NEED_TLS_PRF