summaryrefslogtreecommitdiff
path: root/src/eap_server/eap_server_sake.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/eap_server/eap_server_sake.c')
-rw-r--r--src/eap_server/eap_server_sake.c44
1 files changed, 28 insertions, 16 deletions
diff --git a/src/eap_server/eap_server_sake.c b/src/eap_server/eap_server_sake.c
index 66183f5..2fc2c05 100644
--- a/src/eap_server/eap_server_sake.c
+++ b/src/eap_server/eap_server_sake.c
@@ -204,7 +204,7 @@ static struct wpabuf * eap_sake_build_confirm(struct eap_sm *sm,
{
wpa_printf(MSG_INFO, "EAP-SAKE: Failed to compute MIC");
data->state = FAILURE;
- os_free(msg);
+ wpabuf_free(msg);
return NULL;
}
@@ -340,16 +340,25 @@ static void eap_sake_process_challenge(struct eap_sm *sm,
data->state = FAILURE;
return;
}
- eap_sake_derive_keys(sm->user->password,
- sm->user->password + EAP_SAKE_ROOT_SECRET_LEN,
- data->rand_s, data->rand_p,
- (u8 *) &data->tek, data->msk, data->emsk);
-
- eap_sake_compute_mic(data->tek.auth, data->rand_s, data->rand_p,
- sm->server_id, sm->server_id_len,
- data->peerid, data->peerid_len, 1,
- wpabuf_head(respData), wpabuf_len(respData),
- attr.mic_p, mic_p);
+ if (eap_sake_derive_keys(sm->user->password,
+ sm->user->password + EAP_SAKE_ROOT_SECRET_LEN,
+ data->rand_s, data->rand_p,
+ (u8 *) &data->tek, data->msk,
+ data->emsk) < 0) {
+ wpa_printf(MSG_INFO, "EAP-SAKE: Failed to derive keys");
+ data->state = FAILURE;
+ return;
+ }
+
+ if (eap_sake_compute_mic(data->tek.auth, data->rand_s, data->rand_p,
+ sm->server_id, sm->server_id_len,
+ data->peerid, data->peerid_len, 1,
+ wpabuf_head(respData), wpabuf_len(respData),
+ attr.mic_p, mic_p) < 0) {
+ wpa_printf(MSG_INFO, "EAP-SAKE: Failed to compute MIC");
+ data->state = FAILURE;
+ return;
+ }
if (os_memcmp_const(attr.mic_p, mic_p, EAP_SAKE_MIC_LEN) != 0) {
wpa_printf(MSG_INFO, "EAP-SAKE: Incorrect AT_MIC_P");
eap_sake_state(data, FAILURE);
@@ -382,11 +391,14 @@ static void eap_sake_process_confirm(struct eap_sm *sm,
return;
}
- eap_sake_compute_mic(data->tek.auth, data->rand_s, data->rand_p,
- sm->server_id, sm->server_id_len,
- data->peerid, data->peerid_len, 1,
- wpabuf_head(respData), wpabuf_len(respData),
- attr.mic_p, mic_p);
+ if (eap_sake_compute_mic(data->tek.auth, data->rand_s, data->rand_p,
+ sm->server_id, sm->server_id_len,
+ data->peerid, data->peerid_len, 1,
+ wpabuf_head(respData), wpabuf_len(respData),
+ attr.mic_p, mic_p) < 0) {
+ wpa_printf(MSG_INFO, "EAP-SAKE: Failed to compute MIC");
+ return;
+ }
if (os_memcmp_const(attr.mic_p, mic_p, EAP_SAKE_MIC_LEN) != 0) {
wpa_printf(MSG_INFO, "EAP-SAKE: Incorrect AT_MIC_P");
eap_sake_state(data, FAILURE);
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-01 11:29:24 +0000