[PATCH] eap-sim: Improve derived-key error message.

Jouni Malinen j at w1.fi
Tue Jan 7 08:39:09 EST 2014


On Thu, Jan 02, 2014 at 02:32:02PM -0800, greearb at candelatech.com wrote:
> This error is caused by a crypto library that does not have
> proper support for the requested feature, so warn loudly
> about it.

That is not the only reason for this failure and anyway, all the
eap_sim_prf() callers are already using MSG_ERROR level message
displaying the failure.

> diff --git a/src/eap_common/eap_sim_common.c b/src/eap_common/eap_sim_common.c
>  static int eap_sim_prf(const u8 *key, u8 *x, size_t xlen)
>  {
> -	return fips186_2_prf(key, EAP_SIM_MK_LEN, x, xlen);
> +	int rv = fips186_2_prf(key, EAP_SIM_MK_LEN, x, xlen);
> +	if (rv < 0) {
> +		wpa_printf(MSG_ERROR, "EAP-SIM: Failed to derive keys: %i,"
> +			   " Compiled with INVALID CRYPTO LIBRARY?", rv);

I don't think this would that helpful way of addressing this. Better
fixes would be to add support for it in GnuTLS case or prevent that
build.

-- 
Jouni Malinen                                            PGP id EFC895FA


More information about the HostAP mailing list