[PATCH] eap-sim: Improve derived-key error message.
Ben Greear
greearb
Tue Jan 7 10:04:57 PST 2014
On 01/07/2014 05:39 AM, Jouni Malinen wrote:
> On Thu, Jan 02, 2014 at 02:32:02PM -0800, greearb at candelatech.com wrote:
>> This error is caused by a crypto library that does not have
>> proper support for the requested feature, so warn loudly
>> about it.
>
> That is not the only reason for this failure and anyway, all the
> eap_sim_prf() callers are already using MSG_ERROR level message
> displaying the failure.
I replaced two identical messages with a single message
with some extra information about why the error might
happen. It took quite a while for me to find that one
small line of text and figure out it was indicating the problem,
and more searching around in the code before I could figure out why.
At least for the encryption libraries I looked at, that
method cannot fail except when it is not implemented at
all.
>> diff --git a/src/eap_common/eap_sim_common.c b/src/eap_common/eap_sim_common.c
>> static int eap_sim_prf(const u8 *key, u8 *x, size_t xlen)
>> {
>> - return fips186_2_prf(key, EAP_SIM_MK_LEN, x, xlen);
>> + int rv = fips186_2_prf(key, EAP_SIM_MK_LEN, x, xlen);
>> + if (rv < 0) {
>> + wpa_printf(MSG_ERROR, "EAP-SIM: Failed to derive keys: %i,"
>> + " Compiled with INVALID CRYPTO LIBRARY?", rv);
>
> I don't think this would that helpful way of addressing this. Better
> fixes would be to add support for it in GnuTLS case or prevent that
> build.
A build-time failure would be better, but I haven't had time to work
on that yet.
Thanks,
Ben
--
Ben Greear <greearb at candelatech.com>
Candela Technologies Inc http://www.candelatech.com
More information about the Hostap
mailing list