diff options
Diffstat (limited to 'contrib/hostapd/eap_ttls.c')
-rw-r--r-- | contrib/hostapd/eap_ttls.c | 22 |
1 files changed, 16 insertions, 6 deletions
diff --git a/contrib/hostapd/eap_ttls.c b/contrib/hostapd/eap_ttls.c index 1e4be75..569b1c3 100644 --- a/contrib/hostapd/eap_ttls.c +++ b/contrib/hostapd/eap_ttls.c @@ -23,6 +23,7 @@ #include "eap_tls_common.h" #include "ms_funcs.h" #include "md5.h" +#include "crypto.h" #include "tls.h" #include "eap_ttls.h" @@ -567,8 +568,9 @@ static void eap_ttls_process_phase2_chap(struct eap_sm *sm, const u8 *password, size_t password_len) { - MD5_CTX context; u8 *chal, hash[MD5_MAC_LEN]; + const u8 *addr[3]; + size_t len[3]; if (challenge == NULL || password == NULL || challenge_len != EAP_TTLS_CHAP_CHALLENGE_LEN || @@ -609,11 +611,13 @@ static void eap_ttls_process_phase2_chap(struct eap_sm *sm, free(chal); /* MD5(Ident + Password + Challenge) */ - MD5Init(&context); - MD5Update(&context, password, 1); - MD5Update(&context, sm->user->password, sm->user->password_len); - MD5Update(&context, challenge, challenge_len); - MD5Final(hash, &context); + addr[0] = password; + len[0] = 1; + addr[1] = sm->user->password; + len[1] = sm->user->password_len; + addr[2] = challenge; + len[2] = challenge_len; + md5_vector(3, addr, len, hash); if (memcmp(hash, password + 1, EAP_TTLS_CHAP_PASSWORD_LEN) == 0) { wpa_printf(MSG_DEBUG, "EAP-TTLS/CHAP: Correct user password"); @@ -1128,6 +1132,12 @@ static void eap_ttls_process(struct eap_sm *sm, void *priv, data->state, __func__); break; } + + if (tls_connection_get_write_alerts(sm->ssl_ctx, data->ssl.conn) > 1) { + wpa_printf(MSG_INFO, "EAP-TTLS: Locally detected fatal error " + "in TLS processing"); + eap_ttls_state(data, FAILURE); + } } |