password = buf;
}
- nt_password_hash((u8 *) password, strlen(password), password_hash);
+ if (nt_password_hash((u8 *) password, strlen(password), password_hash))
+ return -1;
for (i = 0; i < sizeof(password_hash); i++)
printf("%02x", password_hash[i]);
printf("\n");
os_memcpy(data->ap_response, pos, LEAP_RESPONSE_LEN);
if (pwhash) {
- hash_nt_password_hash(password, pw_hash_hash);
+ if (hash_nt_password_hash(password, pw_hash_hash)) {
+ ret->ignore = TRUE;
+ return NULL;
+ }
} else {
- nt_password_hash(password, password_len, pw_hash);
- hash_nt_password_hash(pw_hash, pw_hash_hash);
+ if (nt_password_hash(password, password_len, pw_hash) ||
+ hash_nt_password_hash(pw_hash, pw_hash_hash)) {
+ ret->ignore = TRUE;
+ return NULL;
+ }
}
challenge_response(data->ap_challenge, pw_hash_hash, expected);
if (key == NULL)
return NULL;
- if (pwhash)
- hash_nt_password_hash(password, pw_hash_hash);
- else {
- nt_password_hash(password, password_len, pw_hash);
- hash_nt_password_hash(pw_hash, pw_hash_hash);
+ if (pwhash) {
+ if (hash_nt_password_hash(password, pw_hash_hash)) {
+ os_free(key);
+ return NULL;
+ }
+ } else {
+ if (nt_password_hash(password, password_len, pw_hash) ||
+ hash_nt_password_hash(pw_hash, pw_hash_hash)) {
+ os_free(key);
+ return NULL;
+ }
}
wpa_hexdump_key(MSG_DEBUG, "EAP-LEAP: pw_hash_hash",
pw_hash_hash, 16);
"in Phase 1");
auth_challenge = data->auth_challenge;
}
- mschapv2_derive_response(identity, identity_len, password,
- password_len, pwhash, auth_challenge,
- peer_challenge, r->nt_response,
- data->auth_response, data->master_key);
+ if (mschapv2_derive_response(identity, identity_len, password,
+ password_len, pwhash, auth_challenge,
+ peer_challenge, r->nt_response,
+ data->auth_response, data->master_key)) {
+ wpa_printf(MSG_ERROR, "EAP-MSCHAPV2: Failed to derive "
+ "response");
+ wpabuf_free(resp);
+ return NULL;
+ }
data->auth_response_valid = 1;
data->master_key_valid = 1;
pos += EAP_TTLS_MSCHAPV2_CHALLENGE_LEN;
os_memset(pos, 0, 8); /* Reserved, must be zero */
pos += 8;
- mschapv2_derive_response(identity, identity_len, password,
- password_len, pwhash, challenge,
- peer_challenge, pos, data->auth_response,
- data->master_key);
+ if (mschapv2_derive_response(identity, identity_len, password,
+ password_len, pwhash, challenge,
+ peer_challenge, pos, data->auth_response,
+ data->master_key)) {
+ wpabuf_free(msg);
+ wpa_printf(MSG_ERROR, "EAP-TTLS/MSCHAPV2: Failed to derive "
+ "response");
+ return -1;
+ }
data->auth_response_valid = 1;
eap_ttlsv1_permute_inner(sm, data);
u8 expected[24];
const u8 *username, *user;
size_t username_len, user_len;
+ int res;
pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_MSCHAPV2, respData,
&len);
username, username_len);
if (sm->user->password_hash) {
- generate_nt_response_pwhash(data->auth_challenge,
- peer_challenge,
- username, username_len,
- sm->user->password,
- expected);
+ res = generate_nt_response_pwhash(data->auth_challenge,
+ peer_challenge,
+ username, username_len,
+ sm->user->password,
+ expected);
} else {
- generate_nt_response(data->auth_challenge, peer_challenge,
- username, username_len,
- sm->user->password,
- sm->user->password_len,
- expected);
+ res = generate_nt_response(data->auth_challenge,
+ peer_challenge,
+ username, username_len,
+ sm->user->password,
+ sm->user->password_len,
+ expected);
+ }
+ if (res) {
+ data->state = FAILURE;
+ return;
}
if (os_memcmp(nt_response, expected, 24) == 0) {
projects / thirdparty / hostap.git / commitdiff
