From: Martin Willi <martin@revosec.ch>
Date: Wed, 18 Jul 2012 14:46:05 +0000 (+0200)
Subject: Fix EAP-MSCHAPv2 master key derivation, broken with 87dd205b
X-Git-Tag: 5.0.1~278
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=09e3717525420d62d5636962c29808d665aa8d13;p=thirdparty%2Fstrongswan.git

Fix EAP-MSCHAPv2 master key derivation, broken with 87dd205b
---

diff --git a/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c b/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c
index 8ae20783db..80b39bc623 100644
--- a/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c
+++ b/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c
@@ -461,13 +461,21 @@ static status_t GenerateMSK(chunk_t password_hash_hash,
 		return FAILED;
 	}
 
-	master = chunk_create(master_key, 16);
 	concat = chunk_cata("ccc", password_hash_hash, nt_response, magic1);
+	if (!hasher->get_hash(hasher, concat, master_key))
+	{
+		hasher->destroy(hasher);
+		return FAILED;
+	}
+	master = chunk_create(master_key, 16);
 	concat = chunk_cata("cccc", master, shapad1, magic2, shapad2);
+	if (!hasher->get_hash(hasher, concat, master_receive_key))
+	{
+		hasher->destroy(hasher);
+		return FAILED;
+	}
 	concat = chunk_cata("cccc", master, shapad1, magic3, shapad2);
-	if (!hasher->get_hash(hasher, concat, master_key) ||
-		!hasher->get_hash(hasher, concat, master_receive_key) ||
-		!hasher->get_hash(hasher, concat, master_send_key))
+	if (!hasher->get_hash(hasher, concat, master_send_key))
 	{
 		hasher->destroy(hasher);
 		return FAILED;