[PATCH] eap-sim: Improve derived-key error message.

Jouni Malinen j at w1.fi
Tue Jan 7 08:39:09 EST 2014

On Thu, Jan 02, 2014 at 02:32:02PM -0800, greearb at candelatech.com wrote:
> This error is caused by a crypto library that does not have
> proper support for the requested feature, so warn loudly
> about it.

That is not the only reason for this failure and anyway, all the
eap_sim_prf() callers are already using MSG_ERROR level message
displaying the failure.

> diff --git a/src/eap_common/eap_sim_common.c b/src/eap_common/eap_sim_common.c
>  static int eap_sim_prf(const u8 *key, u8 *x, size_t xlen)
>  {
> -	return fips186_2_prf(key, EAP_SIM_MK_LEN, x, xlen);
> +	int rv = fips186_2_prf(key, EAP_SIM_MK_LEN, x, xlen);
> +	if (rv < 0) {
> +		wpa_printf(MSG_ERROR, "EAP-SIM: Failed to derive keys: %i,"
> +			   " Compiled with INVALID CRYPTO LIBRARY?", rv);

I don't think this would that helpful way of addressing this. Better
fixes would be to add support for it in GnuTLS case or prevent that

Jouni Malinen                                            PGP id EFC895FA

More information about the HostAP mailing list