aboutsummaryrefslogtreecommitdiffstats
path: root/src/wps
diff options
context:
space:
mode:
authorJouni Malinen <jouni@qca.qualcomm.com>2016-05-16 16:35:03 (GMT)
committerJouni Malinen <j@w1.fi>2016-05-16 16:35:03 (GMT)
commitaae125e2cff0fe4da509ab0b0232ba890cf5bb1d (patch)
tree6e83937d5e2ce01dfcece5116005033915e0ea2a /src/wps
parent7d1007a6740a49b6e6bb0e91808ebb8fc9d5789d (diff)
downloadhostap-aae125e2cff0fe4da509ab0b0232ba890cf5bb1d.zip
hostap-aae125e2cff0fe4da509ab0b0232ba890cf5bb1d.tar.gz
hostap-aae125e2cff0fe4da509ab0b0232ba890cf5bb1d.tar.bz2
WPS: Fix debug prints in wps_derive_psk() error case
Check for hmac_sha256() failures and exit from wps_derive_psk() without printing out the derived keys if anything fails. This removes a valgrind warning on uninitialized value when running the ap_wps_m3_oom test case. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Diffstat (limited to 'src/wps')
-rw-r--r--src/wps/wps_common.c17
-rw-r--r--src/wps/wps_enrollee.c3
-rw-r--r--src/wps/wps_i.h4
-rw-r--r--src/wps/wps_registrar.c3
4 files changed, 16 insertions, 11 deletions
diff --git a/src/wps/wps_common.c b/src/wps/wps_common.c
index 7e48dd8..2e34721 100644
--- a/src/wps/wps_common.c
+++ b/src/wps/wps_common.c
@@ -129,23 +129,26 @@ int wps_derive_keys(struct wps_data *wps)
}
-void wps_derive_psk(struct wps_data *wps, const u8 *dev_passwd,
- size_t dev_passwd_len)
+int wps_derive_psk(struct wps_data *wps, const u8 *dev_passwd,
+ size_t dev_passwd_len)
{
u8 hash[SHA256_MAC_LEN];
- hmac_sha256(wps->authkey, WPS_AUTHKEY_LEN, dev_passwd,
- (dev_passwd_len + 1) / 2, hash);
+ if (hmac_sha256(wps->authkey, WPS_AUTHKEY_LEN, dev_passwd,
+ (dev_passwd_len + 1) / 2, hash) < 0)
+ return -1;
os_memcpy(wps->psk1, hash, WPS_PSK_LEN);
- hmac_sha256(wps->authkey, WPS_AUTHKEY_LEN,
- dev_passwd + (dev_passwd_len + 1) / 2,
- dev_passwd_len / 2, hash);
+ if (hmac_sha256(wps->authkey, WPS_AUTHKEY_LEN,
+ dev_passwd + (dev_passwd_len + 1) / 2,
+ dev_passwd_len / 2, hash) < 0)
+ return -1;
os_memcpy(wps->psk2, hash, WPS_PSK_LEN);
wpa_hexdump_ascii_key(MSG_DEBUG, "WPS: Device Password",
dev_passwd, dev_passwd_len);
wpa_hexdump_key(MSG_DEBUG, "WPS: PSK1", wps->psk1, WPS_PSK_LEN);
wpa_hexdump_key(MSG_DEBUG, "WPS: PSK2", wps->psk2, WPS_PSK_LEN);
+ return 0;
}
diff --git a/src/wps/wps_enrollee.c b/src/wps/wps_enrollee.c
index c0c2b9c..4175077 100644
--- a/src/wps/wps_enrollee.c
+++ b/src/wps/wps_enrollee.c
@@ -173,7 +173,8 @@ static struct wpabuf * wps_build_m3(struct wps_data *wps)
wpa_printf(MSG_DEBUG, "WPS: No Device Password available");
return NULL;
}
- wps_derive_psk(wps, wps->dev_password, wps->dev_password_len);
+ if (wps_derive_psk(wps, wps->dev_password, wps->dev_password_len) < 0)
+ return NULL;
if (wps->wps->ap && random_pool_ready() != 1) {
wpa_printf(MSG_INFO,
diff --git a/src/wps/wps_i.h b/src/wps/wps_i.h
index f7154f8..fe0c60b 100644
--- a/src/wps/wps_i.h
+++ b/src/wps/wps_i.h
@@ -132,8 +132,8 @@ struct wps_data {
void wps_kdf(const u8 *key, const u8 *label_prefix, size_t label_prefix_len,
const char *label, u8 *res, size_t res_len);
int wps_derive_keys(struct wps_data *wps);
-void wps_derive_psk(struct wps_data *wps, const u8 *dev_passwd,
- size_t dev_passwd_len);
+int wps_derive_psk(struct wps_data *wps, const u8 *dev_passwd,
+ size_t dev_passwd_len);
struct wpabuf * wps_decrypt_encr_settings(struct wps_data *wps, const u8 *encr,
size_t encr_len);
void wps_fail_event(struct wps_context *wps, enum wps_msg_type msg,
diff --git a/src/wps/wps_registrar.c b/src/wps/wps_registrar.c
index e0c6a91..fac8bd8 100644
--- a/src/wps/wps_registrar.c
+++ b/src/wps/wps_registrar.c
@@ -1928,7 +1928,8 @@ static struct wpabuf * wps_build_m4(struct wps_data *wps)
wpa_printf(MSG_DEBUG, "WPS: Building Message M4");
- wps_derive_psk(wps, wps->dev_password, wps->dev_password_len);
+ if (wps_derive_psk(wps, wps->dev_password, wps->dev_password_len) < 0)
+ return NULL;
plain = wpabuf_alloc(200);
if (plain == NULL)