From: Jouni Malinen Date: Sun, 23 Mar 2008 10:07:59 +0000 (+0200) Subject: EAP-TTLS: Fixed implicit challenge derivation to use correct output length X-Git-Tag: hostap_0_6_4~102 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=30680e9332c96803533b9dae6105fd7b15b5bb52;p=thirdparty%2Fhostap.git EAP-TTLS: Fixed implicit challenge derivation to use correct output length The previous version was deriving unnecessarily large amount of output data for the implicit challenge. With the TLS PRF, this was not causing any problems because the output length is not explicitly bound into the derivation. Anyway, it is better to use the correct output length should the PRF be ever changed to a one that uses the output length to change the beginning of the output data. --- diff --git a/src/eap_peer/eap_ttls.c b/src/eap_peer/eap_ttls.c index 39a9f0a35..3dbed1b62 100644 --- a/src/eap_peer/eap_ttls.c +++ b/src/eap_peer/eap_ttls.c @@ -669,7 +669,7 @@ static int eap_ttls_phase2_request_mschapv2(struct eap_sm *sm, /* MS-CHAP-Challenge */ challenge = eap_ttls_implicit_challenge( - sm, data, EAP_TTLS_MSCHAPV2_CHALLENGE_LEN * 2 + 1); + sm, data, EAP_TTLS_MSCHAPV2_CHALLENGE_LEN + 1); if (challenge == NULL) { wpabuf_free(msg); wpa_printf(MSG_ERROR, "EAP-TTLS/MSCHAPV2: Failed to derive " @@ -753,7 +753,8 @@ static int eap_ttls_phase2_request_mschap(struct eap_sm *sm, identity, identity_len); /* MS-CHAP-Challenge */ - challenge = eap_ttls_implicit_challenge(sm, data, EAP_TLS_KEY_LEN); + challenge = eap_ttls_implicit_challenge( + sm, data, EAP_TTLS_MSCHAP_CHALLENGE_LEN + 1); if (challenge == NULL) { wpabuf_free(msg); wpa_printf(MSG_ERROR, "EAP-TTLS/MSCHAP: Failed to derive " @@ -901,7 +902,8 @@ static int eap_ttls_phase2_request_chap(struct eap_sm *sm, identity, identity_len); /* CHAP-Challenge */ - challenge = eap_ttls_implicit_challenge(sm, data, EAP_TLS_KEY_LEN); + challenge = eap_ttls_implicit_challenge( + sm, data, EAP_TTLS_CHAP_CHALLENGE_LEN + 1); if (challenge == NULL) { wpabuf_free(msg); wpa_printf(MSG_ERROR, "EAP-TTLS/CHAP: Failed to derive "