From: Jouni Malinen <j@w1.fi>
Date: Sat, 19 Dec 2015 18:34:27 +0000 (+0200)
Subject: EAP-PEAP peer: Check SHA1 result when deriving Compond_MAC
X-Git-Tag: hostap_2_6~1155
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4b90fcdb76f13488933eb9a755c5a5b388739abb;p=thirdparty%2Fhostap.git

EAP-PEAP peer: Check SHA1 result when deriving Compond_MAC

This handles a mostly theoretical case where hmac_sha1_vector() might
fail for some reason.

Signed-off-by: Jouni Malinen <j@w1.fi>
---

diff --git a/src/eap_peer/eap_peap.c b/src/eap_peer/eap_peap.c
index 286c9390e..164ac267c 100644
--- a/src/eap_peer/eap_peap.c
+++ b/src/eap_peer/eap_peap.c
@@ -334,7 +334,8 @@ static int eap_tlv_add_cryptobinding(struct eap_sm *sm,
 		    addr[0], len[0]);
 	wpa_hexdump(MSG_MSGDUMP, "EAP-PEAP: Compound_MAC data 2",
 		    addr[1], len[1]);
-	hmac_sha1_vector(data->cmk, 20, 2, addr, len, mac);
+	if (hmac_sha1_vector(data->cmk, 20, 2, addr, len, mac) < 0)
+		return -1;
 	wpa_hexdump(MSG_MSGDUMP, "EAP-PEAP: Compound_MAC", mac, SHA1_MAC_LEN);
 	data->crypto_binding_used = 1;