return -1;
msg->hdr->length = host_to_be16(wpabuf_len(msg->buf));
if (hmac_md5(secret, secret_len, wpabuf_head(msg->buf),
- wpabuf_len(msg->buf), pos) < 0)
+ wpabuf_len(msg->buf), pos) < 0) {
+ wpa_printf(MSG_INFO, "RADIUS: MD5 not available");
return -1;
+ }
} else
msg->hdr->length = host_to_be16(wpabuf_len(msg->buf));
os_memcpy(msg->hdr->authenticator, req_authenticator,
sizeof(msg->hdr->authenticator));
if (hmac_md5(secret, secret_len, wpabuf_head(msg->buf),
- wpabuf_len(msg->buf), pos) < 0)
+ wpabuf_len(msg->buf), pos) < 0) {
+ wpa_printf(MSG_INFO, "RADIUS: MD5 not available");
return -1;
+ }
/* ResponseAuth = MD5(Code+ID+Length+RequestAuth+Attributes+Secret) */
addr[0] = (u8 *) msg->hdr;
len[2] = wpabuf_len(msg->buf) - sizeof(struct radius_hdr);
addr[3] = secret;
len[3] = secret_len;
- md5_vector(4, addr, len, msg->hdr->authenticator);
+ if (md5_vector(4, addr, len, msg->hdr->authenticator) < 0) {
+ wpa_printf(MSG_INFO, "RADIUS: MD5 not available");
+ return -1;
+ }
if (wpabuf_len(msg->buf) > 0xffff) {
wpa_printf(MSG_WARNING, "RADIUS: Too long message (%lu)",
msg->hdr->length = host_to_be16(wpabuf_len(msg->buf));
os_memcpy(msg->hdr->authenticator, req_hdr->authenticator, 16);
if (hmac_md5(secret, secret_len, wpabuf_head(msg->buf),
- wpabuf_len(msg->buf), pos) < 0)
+ wpabuf_len(msg->buf), pos) < 0) {
+ wpa_printf(MSG_INFO, "RADIUS: MD5 not available");
return -1;
+ }
/* ResponseAuth = MD5(Code+ID+Length+RequestAuth+Attributes+Secret) */
addr[0] = wpabuf_head_u8(msg->buf);
len[0] = wpabuf_len(msg->buf);
addr[1] = secret;
len[1] = secret_len;
- if (md5_vector(2, addr, len, msg->hdr->authenticator) < 0)
+ if (md5_vector(2, addr, len, msg->hdr->authenticator) < 0) {
+ wpa_printf(MSG_INFO, "RADIUS: MD5 not available");
return -1;
+ }
if (wpabuf_len(msg->buf) > 0xffff) {
wpa_printf(MSG_WARNING, "RADIUS: Too long message (%lu)",
}
-void radius_msg_finish_acct(struct radius_msg *msg, const u8 *secret,
- size_t secret_len)
+int radius_msg_finish_acct(struct radius_msg *msg, const u8 *secret,
+ size_t secret_len)
{
const u8 *addr[2];
size_t len[2];
len[0] = wpabuf_len(msg->buf);
addr[1] = secret;
len[1] = secret_len;
- md5_vector(2, addr, len, msg->hdr->authenticator);
+ if (md5_vector(2, addr, len, msg->hdr->authenticator) < 0) {
+ wpa_printf(MSG_INFO, "RADIUS: MD5 not available");
+ return -1;
+ }
if (wpabuf_len(msg->buf) > 0xffff) {
wpa_printf(MSG_WARNING, "RADIUS: Too long messages (%lu)",
(unsigned long) wpabuf_len(msg->buf));
+ return -1;
}
+ return 0;
}
-void radius_msg_finish_acct_resp(struct radius_msg *msg, const u8 *secret,
- size_t secret_len, const u8 *req_authenticator)
+int radius_msg_finish_acct_resp(struct radius_msg *msg, const u8 *secret,
+ size_t secret_len, const u8 *req_authenticator)
{
const u8 *addr[2];
size_t len[2];
len[0] = wpabuf_len(msg->buf);
addr[1] = secret;
len[1] = secret_len;
- md5_vector(2, addr, len, msg->hdr->authenticator);
+ if (md5_vector(2, addr, len, msg->hdr->authenticator) < 0) {
+ wpa_printf(MSG_INFO, "RADIUS: MD5 not available");
+ return -1;
+ }
if (wpabuf_len(msg->buf) > 0xffff) {
wpa_printf(MSG_WARNING, "RADIUS: Too long messages (%lu)",
(unsigned long) wpabuf_len(msg->buf));
+ return -1;
}
+ return 0;
}
len[2] = wpabuf_len(msg->buf) - sizeof(struct radius_hdr);
addr[3] = secret;
len[3] = secret_len;
- md5_vector(4, addr, len, hash);
+ if (md5_vector(4, addr, len, hash) < 0) {
+ wpa_printf(MSG_INFO, "RADIUS: MD5 not available");
+ return 1;
+ }
return os_memcmp_const(msg->hdr->authenticator, hash, MD5_MAC_LEN) != 0;
}
len[2] = wpabuf_len(msg->buf) - sizeof(struct radius_hdr);
addr[3] = secret;
len[3] = secret_len;
- md5_vector(4, addr, len, hash);
+ if (md5_vector(4, addr, len, hash) < 0) {
+ wpa_printf(MSG_INFO, "RADIUS: MD5 not available");
+ return 1;
+ }
if (os_memcmp_const(msg->hdr->authenticator, hash, MD5_MAC_LEN) != 0)
return 1;
sizeof(orig_authenticator));
os_memset(msg->hdr->authenticator, 0,
sizeof(msg->hdr->authenticator));
- hmac_md5(secret, secret_len, wpabuf_head(msg->buf),
- wpabuf_len(msg->buf), auth);
+ if (hmac_md5(secret, secret_len, wpabuf_head(msg->buf),
+ wpabuf_len(msg->buf), auth) < 0) {
+ wpa_printf(MSG_INFO, "RADIUS: MD5 not available");
+ return 1;
+ }
os_memcpy(attr + 1, orig, MD5_MAC_LEN);
os_memcpy(msg->hdr->authenticator, orig_authenticator,
sizeof(orig_authenticator));
sizeof(msg->hdr->authenticator));
}
if (hmac_md5(secret, secret_len, wpabuf_head(msg->buf),
- wpabuf_len(msg->buf), auth) < 0)
+ wpabuf_len(msg->buf), auth) < 0) {
+ wpa_printf(MSG_INFO, "RADIUS: MD5 not available");
return 1;
+ }
os_memcpy(attr + 1, orig, MD5_MAC_LEN);
if (req_auth) {
os_memcpy(msg->hdr->authenticator, orig_authenticator,
elen[1] = MD5_MAC_LEN;
}
if (md5_vector(first ? 3 : 2, addr, elen, hash) < 0) {
+ wpa_printf(MSG_INFO, "RADIUS: MD5 not available");
os_free(plain);
return NULL;
}
}
-static void encrypt_ms_key(const u8 *key, size_t key_len, u16 salt,
- const u8 *req_authenticator,
- const u8 *secret, size_t secret_len,
- u8 *ebuf, size_t *elen)
+static int encrypt_ms_key(const u8 *key, size_t key_len, u16 salt,
+ const u8 *req_authenticator,
+ const u8 *secret, size_t secret_len,
+ u8 *ebuf, size_t *elen)
{
int i, len, first = 1;
u8 hash[MD5_MAC_LEN], saltbuf[2], *pos;
addr[1] = pos - MD5_MAC_LEN;
_len[1] = MD5_MAC_LEN;
}
- md5_vector(first ? 3 : 2, addr, _len, hash);
+ if (md5_vector(first ? 3 : 2, addr, _len, hash) < 0) {
+ wpa_printf(MSG_INFO, "RADIUS: MD5 not available");
+ return -1;
+ }
first = 0;
for (i = 0; i < MD5_MAC_LEN; i++)
len -= MD5_MAC_LEN;
}
+
+ return 0;
}
salt |= 0x8000;
WPA_PUT_BE16(pos, salt);
pos += 2;
- encrypt_ms_key(send_key, send_key_len, salt, req_authenticator, secret,
- secret_len, pos, &elen);
+ if (encrypt_ms_key(send_key, send_key_len, salt, req_authenticator,
+ secret, secret_len, pos, &elen) < 0)
+ return 0;
vhdr->vendor_length = hlen + elen - sizeof(vendor_id);
attr = radius_msg_add_attr(msg, RADIUS_ATTR_VENDOR_SPECIFIC,
salt ^= 1;
WPA_PUT_BE16(pos, salt);
pos += 2;
- encrypt_ms_key(recv_key, recv_key_len, salt, req_authenticator, secret,
- secret_len, pos, &elen);
+ if (encrypt_ms_key(recv_key, recv_key_len, salt, req_authenticator,
+ secret, secret_len, pos, &elen) < 0)
+ return 0;
vhdr->vendor_length = hlen + elen - sizeof(vendor_id);
attr = radius_msg_add_attr(msg, RADIUS_ATTR_VENDOR_SPECIFIC,
len[0] = secret_len;
addr[1] = msg->hdr->authenticator;
len[1] = 16;
- md5_vector(2, addr, len, hash);
+ if (md5_vector(2, addr, len, hash) < 0) {
+ wpa_printf(MSG_INFO, "RADIUS: MD5 not available");
+ return -1;
+ }
for (i = 0; i < 16; i++)
buf[i] ^= hash[i];
len[0] = secret_len;
addr[1] = &buf[pos - 16];
len[1] = 16;
- md5_vector(2, addr, len, hash);
+ if (md5_vector(2, addr, len, hash) < 0) {
+ wpa_printf(MSG_INFO, "RADIUS: MD5 not available");
+ return -1;
+ }
for (i = 0; i < 16; i++)
buf[pos + i] ^= hash[i];
len[0] = secret_len;
addr[1] = pos - 16;
len[1] = 16;
- md5_vector(2, addr, len, hash);
+ if (md5_vector(2, addr, len, hash) < 0) {
+ wpa_printf(MSG_INFO, "RADIUS: MD5 not available");
+ goto out;
+ }
for (i = 0; i < 16; i++)
pos[i] ^= hash[i];
len[1] = 16;
addr[2] = salt;
len[2] = 2;
- md5_vector(3, addr, len, hash);
+ if (md5_vector(3, addr, len, hash) < 0) {
+ wpa_printf(MSG_INFO, "RADIUS: MD5 not available");
+ goto out;
+ }
for (i = 0; i < 16; i++)
pos[i] ^= hash[i];
projects / thirdparty / hostap.git / commitdiff
