projects / mech_eap.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e7d8003)
EAP-TTLS: Fixed implicit challenge derivation to use correct output length
authorJouni Malinen <j@w1.fi>
Sun, 23 Mar 2008 10:07:59 +0000 (12:07 +0200)
committerJouni Malinen <j@w1.fi>
Sun, 23 Mar 2008 10:07:59 +0000 (12:07 +0200)
The previous version was deriving unnecessarily large amount of output data
for the implicit challenge. With the TLS PRF, this was not causing any
problems because the output length is not explicitly bound into the
derivation. Anyway, it is better to use the correct output length should
the PRF be ever changed to a one that uses the output length to change the
beginning of the output data.

src/eap_peer/eap_ttls.c patch | blob | history

diff --git a/src/eap_peer/eap_ttls.c b/src/eap_peer/eap_ttls.c
index 39a9f0a..3dbed1b 100644 (file)
--- a/src/eap_peer/eap_ttls.c
+++ b/src/eap_peer/eap_ttls.c
@@ -669,7 +669,7 @@ static int eap_ttls_phase2_request_mschapv2(struct eap_sm *sm,
 
        /* MS-CHAP-Challenge */
        challenge = eap_ttls_implicit_challenge(
-               sm, data, EAP_TTLS_MSCHAPV2_CHALLENGE_LEN * 2 + 1);
+               sm, data, EAP_TTLS_MSCHAPV2_CHALLENGE_LEN + 1);
        if (challenge == NULL) {
                wpabuf_free(msg);
                wpa_printf(MSG_ERROR, "EAP-TTLS/MSCHAPV2: Failed to derive "
@@ -753,7 +753,8 @@ static int eap_ttls_phase2_request_mschap(struct eap_sm *sm,
                               identity, identity_len);
 
        /* MS-CHAP-Challenge */
-       challenge = eap_ttls_implicit_challenge(sm, data, EAP_TLS_KEY_LEN);
+       challenge = eap_ttls_implicit_challenge(
+               sm, data, EAP_TTLS_MSCHAP_CHALLENGE_LEN + 1);
        if (challenge == NULL) {
                wpabuf_free(msg);
                wpa_printf(MSG_ERROR, "EAP-TTLS/MSCHAP: Failed to derive "
@@ -901,7 +902,8 @@ static int eap_ttls_phase2_request_chap(struct eap_sm *sm,
                               identity, identity_len);
 
        /* CHAP-Challenge */
-       challenge = eap_ttls_implicit_challenge(sm, data, EAP_TLS_KEY_LEN);
+       challenge = eap_ttls_implicit_challenge(
+               sm, data, EAP_TTLS_CHAP_CHALLENGE_LEN + 1);
        if (challenge == NULL) {
                wpabuf_free(msg);
                wpa_printf(MSG_ERROR, "EAP-TTLS/CHAP: Failed to derive "
Moonshot GSS-API mechanism