Browse Source

DPP: Do not continue if public key hash derivation fails

sha256_vector() result was ignored apart from printing out the failure
in the debug log. This is not really a normal case and it is better to
reject the full operation rather than try to continue with an incorrect
public key hash value.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen 7 years ago
parent
commit
f981ce7298
1 changed files with 5 additions and 4 deletions
  1. 5 4
      src/common/dpp.c

+ 5 - 4
src/common/dpp.c

@@ -1352,11 +1352,12 @@ char * dpp_keygen(struct dpp_bootstrap_info *bi, const char *curve,
 	addr[0] = wpabuf_head(der);
 	len = wpabuf_len(der);
 	res = sha256_vector(1, addr, &len, bi->pubkey_hash);
-	if (res < 0)
+	if (res < 0) {
 		wpa_printf(MSG_DEBUG, "DPP: Failed to hash public key");
-	else
-		wpa_hexdump(MSG_DEBUG, "DPP: Public key hash", bi->pubkey_hash,
-			    SHA256_MAC_LEN);
+		goto fail;
+	}
+	wpa_hexdump(MSG_DEBUG, "DPP: Public key hash", bi->pubkey_hash,
+		    SHA256_MAC_LEN);
 
 	base64 = base64_encode(wpabuf_head(der), wpabuf_len(der), &len);
 	wpabuf_free(der);