jeltz/hostap
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

EAP-PEAP peer: Check SHA1 result when deriving Compond_MAC

Browse source 
This handles a mostly theoretical case where hmac_sha1_vector() might
fail for some reason.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2015-12-19 20:34:27 +02:00
parent 81e1ab85bc
commit 4b90fcdb76
1 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
src/eap_peer/eap_peap.c
View file

@ -334,7 +334,8 @@ static int eap_tlv_add_cryptobinding(struct eap_sm *sm,
addr[0], len[0]);
wpa_hexdump(MSG_MSGDUMP, "EAP-PEAP: Compound_MAC data 2",
addr[1], len[1]);
hmac_sha1_vector(data->cmk, 20, 2, addr, len, mac);
if (hmac_sha1_vector(data->cmk, 20, 2, addr, len, mac) < 0)
return -1;
wpa_hexdump(MSG_MSGDUMP, "EAP-PEAP: Compound_MAC", mac, SHA1_MAC_LEN);
data->crypto_binding_used = 1;