Updated to hostap_2_6

[mech_eap.git] / libeap / src / eap_common / eap_eke_common.c

diff --git a/libeap/src/eap_common/eap_eke_common.c b/libeap/src/eap_common/eap_eke_common.c
index 4dfdb3f..6217468 100644 (file)
--- a/libeap/src/eap_common/eap_eke_common.c
+++ b/libeap/src/eap_common/eap_eke_common.c
@@ -44,9 +44,7 @@ static int eap_eke_dhcomp_len(u8 dhgroup, u8 encr)
        int dhlen;
 
        dhlen = eap_eke_dh_len(dhgroup);
-       if (dhlen < 0)
-               return -1;
-       if (encr != EAP_EKE_ENCR_AES128_CBC)
+       if (dhlen < 0 || encr != EAP_EKE_ENCR_AES128_CBC)
                return -1;
        return AES_BLOCK_SIZE + dhlen;
 }
@@ -166,13 +164,10 @@ int eap_eke_dh_init(u8 group, u8 *ret_priv, u8 *ret_pub)
        size_t pub_len, i;
 
        generator = eap_eke_dh_generator(group);
-       if (generator < 0 || generator > 255)
-               return -1;
-       gen = generator;
-
        dh = eap_eke_dh_group(group);
-       if (dh == NULL)
+       if (generator < 0 || generator > 255 || !dh)
                return -1;
+       gen = generator;
 
        /* x = random number 2 .. p-1 */
        if (random_get_bytes(ret_priv, dh->prime_len))
@@ -411,11 +406,8 @@ int eap_eke_shared_secret(struct eap_eke_session *sess, const u8 *key,
        size_t len;
        const struct dh_group *dh;
 
-       if (sess->encr != EAP_EKE_ENCR_AES128_CBC)
-               return -1;
-
        dh = eap_eke_dh_group(sess->dhgroup);
-       if (dh == NULL)
+       if (sess->encr != EAP_EKE_ENCR_AES128_CBC || !dh)
                return -1;
 
        /* Decrypt peer DHComponent */
@@ -635,6 +627,7 @@ int eap_eke_prot(struct eap_eke_session *sess,
 
        if (*prot_len < block_size + data_len + pad + icv_len) {
                wpa_printf(MSG_INFO, "EAP-EKE: Not enough room for Prot() data");
+               return -1;
        }
        pos = prot;
 
@@ -653,10 +646,8 @@ int eap_eke_prot(struct eap_eke_session *sess,
                pos += pad;
        }
 
-       if (aes_128_cbc_encrypt(sess->ke, iv, e, data_len + pad) < 0)
-               return -1;
-
-       if (eap_eke_mac(sess->mac, sess->ki, e, data_len + pad, pos) < 0)
+       if (aes_128_cbc_encrypt(sess->ke, iv, e, data_len + pad) < 0 ||
+           eap_eke_mac(sess->mac, sess->ki, e, data_len + pad, pos) < 0)
                return -1;
        pos += icv_len;
 
@@ -684,9 +675,8 @@ int eap_eke_decrypt_prot(struct eap_eke_session *sess,
        else
                return -1;
 
-       if (prot_len < 2 * block_size + icv_len)
-               return -1;
-       if ((prot_len - icv_len) % block_size)
+       if (prot_len < 2 * block_size + icv_len ||
+           (prot_len - icv_len) % block_size)
                return -1;
 
        if (eap_eke_mac(sess->mac, sess->ki, prot + block_size,
@@ -737,22 +727,14 @@ int eap_eke_session_init(struct eap_eke_session *sess, u8 dhgroup, u8 encr,
        sess->mac = mac;
 
        sess->prf_len = eap_eke_prf_len(prf);
-       if (sess->prf_len < 0)
-               return -1;
        sess->nonce_len = eap_eke_nonce_len(prf);
-       if (sess->nonce_len < 0)
-               return -1;
        sess->auth_len = eap_eke_auth_len(prf);
-       if (sess->auth_len < 0)
-               return -1;
        sess->dhcomp_len = eap_eke_dhcomp_len(sess->dhgroup, sess->encr);
-       if (sess->dhcomp_len < 0)
-               return -1;
        sess->pnonce_len = eap_eke_pnonce_len(sess->mac);
-       if (sess->pnonce_len < 0)
-               return -1;
        sess->pnonce_ps_len = eap_eke_pnonce_ps_len(sess->mac);
-       if (sess->pnonce_ps_len < 0)
+       if (sess->prf_len < 0 || sess->nonce_len < 0 || sess->auth_len < 0 ||
+           sess->dhcomp_len < 0 || sess->pnonce_len < 0 ||
+           sess->pnonce_ps_len < 0)
                return -1;
 
        return 0;