Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

EAP-PEAP peer: Check SHA1 result when deriving Compond_MAC

This handles a mostly theoretical case where hmac_sha1_vector() might
fail for some reason.

Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen 9 years ago
parent
81e1ab85bc
commit
4b90fcdb76
1 changed files with 2 additions and 1 deletions
Split View Show Diff Stats
  1. 2 1
      src/eap_peer/eap_peap.c

+ 2 - 1
src/eap_peer/eap_peap.c
View File 

@@ -334,7 +334,8 @@ static int eap_tlv_add_cryptobinding(struct eap_sm *sm,
 
 		    addr[0], len[0]);
 
 	wpa_hexdump(MSG_MSGDUMP, "EAP-PEAP: Compound_MAC data 2",
 
 		    addr[1], len[1]);
 
-	hmac_sha1_vector(data->cmk, 20, 2, addr, len, mac);
 
+	if (hmac_sha1_vector(data->cmk, 20, 2, addr, len, mac) < 0)
 
+		return -1;
 
 	wpa_hexdump(MSG_MSGDUMP, "EAP-PEAP: Compound_MAC", mac, SHA1_MAC_LEN);
 
 	data->crypto_binding_used = 1;