EAP-PEAP peer: Check SHA1 result when deriving Compond_MAC
This handles a mostly theoretical case where hmac_sha1_vector() might fail for some reason. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
81e1ab85bc
commit
4b90fcdb76
1 changed files with 2 additions and 1 deletions
|
@ -334,7 +334,8 @@ static int eap_tlv_add_cryptobinding(struct eap_sm *sm,
|
||||||
addr[0], len[0]);
|
addr[0], len[0]);
|
||||||
wpa_hexdump(MSG_MSGDUMP, "EAP-PEAP: Compound_MAC data 2",
|
wpa_hexdump(MSG_MSGDUMP, "EAP-PEAP: Compound_MAC data 2",
|
||||||
addr[1], len[1]);
|
addr[1], len[1]);
|
||||||
hmac_sha1_vector(data->cmk, 20, 2, addr, len, mac);
|
if (hmac_sha1_vector(data->cmk, 20, 2, addr, len, mac) < 0)
|
||||||
|
return -1;
|
||||||
wpa_hexdump(MSG_MSGDUMP, "EAP-PEAP: Compound_MAC", mac, SHA1_MAC_LEN);
|
wpa_hexdump(MSG_MSGDUMP, "EAP-PEAP: Compound_MAC", mac, SHA1_MAC_LEN);
|
||||||
data->crypto_binding_used = 1;
|
data->crypto_binding_used = 1;
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue