[PATCH] eap-sim: Improve derived-key error message.
Jouni Malinen
j
Tue Jan 7 05:39:09 PST 2014
On Thu, Jan 02, 2014 at 02:32:02PM -0800, greearb at candelatech.com wrote:
> This error is caused by a crypto library that does not have
> proper support for the requested feature, so warn loudly
> about it.
That is not the only reason for this failure and anyway, all the
eap_sim_prf() callers are already using MSG_ERROR level message
displaying the failure.
> diff --git a/src/eap_common/eap_sim_common.c b/src/eap_common/eap_sim_common.c
> static int eap_sim_prf(const u8 *key, u8 *x, size_t xlen)
> {
> - return fips186_2_prf(key, EAP_SIM_MK_LEN, x, xlen);
> + int rv = fips186_2_prf(key, EAP_SIM_MK_LEN, x, xlen);
> + if (rv < 0) {
> + wpa_printf(MSG_ERROR, "EAP-SIM: Failed to derive keys: %i,"
> + " Compiled with INVALID CRYPTO LIBRARY?", rv);
I don't think this would that helpful way of addressing this. Better
fixes would be to add support for it in GnuTLS case or prevent that
build.
--
Jouni Malinen PGP id EFC895FA
More information about the Hostap
mailing list