EAP-TTLS: Fixed implicit challenge derivation to use correct output length

The previous version was deriving unnecessarily large amount of output data for the implicit challenge. With the TLS PRF, this was not causing any problems because the output length is not explicitly bound into the derivation. Anyway, it is better to use the correct output length should the PRF be ever changed to a one that uses the output length to change the beginning of the output data.
2008-03-23 12:07:59 +02:00 · 2008-03-23 12:07:59 +02:00 · 30680e9332
commit 30680e9332
parent e7d8003358
1 changed files with 5 additions and 3 deletions
--- a/src/eap_peer/eap_ttls.c
+++ b/src/eap_peer/eap_ttls.c
@ -669,7 +669,7 @@ static int eap_ttls_phase2_request_mschapv2(struct eap_sm *sm,

 	/* MS-CHAP-Challenge */
 	challenge = eap_ttls_implicit_challenge(
-		sm, data, EAP_TTLS_MSCHAPV2_CHALLENGE_LEN * 2 + 1);
+		sm, data, EAP_TTLS_MSCHAPV2_CHALLENGE_LEN + 1);
 	if (challenge == NULL) {
 		wpabuf_free(msg);
 		wpa_printf(MSG_ERROR, "EAP-TTLS/MSCHAPV2: Failed to derive "
@ -753,7 +753,8 @@ static int eap_ttls_phase2_request_mschap(struct eap_sm *sm,
 			       identity, identity_len);

 	/* MS-CHAP-Challenge */
-	challenge = eap_ttls_implicit_challenge(sm, data, EAP_TLS_KEY_LEN);
+	challenge = eap_ttls_implicit_challenge(
+		sm, data, EAP_TTLS_MSCHAP_CHALLENGE_LEN + 1);
 	if (challenge == NULL) {
 		wpabuf_free(msg);
 		wpa_printf(MSG_ERROR, "EAP-TTLS/MSCHAP: Failed to derive "
@ -901,7 +902,8 @@ static int eap_ttls_phase2_request_chap(struct eap_sm *sm,
 			       identity, identity_len);

 	/* CHAP-Challenge */
-	challenge = eap_ttls_implicit_challenge(sm, data, EAP_TLS_KEY_LEN);
+	challenge = eap_ttls_implicit_challenge(
+		sm, data, EAP_TTLS_CHAP_CHALLENGE_LEN + 1);
 	if (challenge == NULL) {
 		wpabuf_free(msg);
 		wpa_printf(MSG_ERROR, "EAP-TTLS/CHAP: Failed to derive "