aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorAndrey Kartashev <andrey.kartashev@afconsult.com>2018-11-02 18:02:16 (GMT)
committerJouni Malinen <j@w1.fi>2018-12-26 14:42:25 (GMT)
commit54c6a69952e31b13cf6c75989ca472fb9e692a08 (patch)
treeddb1faedce9653319cb41159c687b58ef88c17bb /src
parent52171e18c9d4073915d6070c5662ac54b8413b67 (diff)
downloadhostap-54c6a69952e31b13cf6c75989ca472fb9e692a08.zip
hostap-54c6a69952e31b13cf6c75989ca472fb9e692a08.tar.gz
hostap-54c6a69952e31b13cf6c75989ca472fb9e692a08.tar.bz2
mka: Check for errors on create Secure Channel
It is possible that the driver fails to create Secure Channel (due to hardware limitations for example). Add checks of create_*_sc() result codes and abort procedure in case of failure. Signed-off-by: Andrey Kartashev <andrey.kartashev@afconsult.com>
Diffstat (limited to 'src')
-rw-r--r--src/pae/ieee802_1x_kay.c16
1 files changed, 13 insertions, 3 deletions
diff --git a/src/pae/ieee802_1x_kay.c b/src/pae/ieee802_1x_kay.c
index afa521e..dc9a47f 100644
--- a/src/pae/ieee802_1x_kay.c
+++ b/src/pae/ieee802_1x_kay.c
@@ -605,9 +605,13 @@ ieee802_1x_kay_create_live_peer(struct ieee802_1x_mka_participant *participant,
return NULL;
}
+ if (secy_create_receive_sc(participant->kay, rxsc)) {
+ os_free(rxsc);
+ os_free(peer);
+ return NULL;
+ }
dl_list_add(&participant->live_peers, &peer->list);
dl_list_add(&participant->rxsc_list, &rxsc->list);
- secy_create_receive_sc(participant->kay, rxsc);
wpa_printf(MSG_DEBUG, "KaY: Live peer created");
ieee802_1x_kay_dump_peer(peer);
@@ -665,10 +669,15 @@ ieee802_1x_kay_move_live_peer(struct ieee802_1x_mka_participant *participant,
ieee802_1x_kay_dump_peer(peer);
dl_list_del(&peer->list);
+ if (secy_create_receive_sc(participant->kay, rxsc)) {
+ wpa_printf(MSG_ERROR, "KaY: Can't create SC, discard peer");
+ os_free(rxsc);
+ os_free(peer);
+ return NULL;
+ }
dl_list_add_tail(&participant->live_peers, &peer->list);
dl_list_add(&participant->rxsc_list, &rxsc->list);
- secy_create_receive_sc(participant->kay, rxsc);
return peer;
}
@@ -3502,7 +3511,8 @@ ieee802_1x_kay_create_mka(struct ieee802_1x_kay *kay,
secy_cp_control_protect_frames(kay, kay->macsec_protect);
secy_cp_control_replay(kay, kay->macsec_replay_protect,
kay->macsec_replay_window);
- secy_create_transmit_sc(kay, participant->txsc);
+ if (secy_create_transmit_sc(kay, participant->txsc))
+ goto fail;
/* to derive KEK from CAK and CKN */
participant->kek.len = mka_alg_tbl[kay->mka_algindex].kek_len;