SAE: Add an explicit debug print for failure to derive PWE

The needed HMAC-SHA256 operation with short salt is something that can
fail if OpenSSL is forced to use the fips provider, so it is helpful to
get this failure case clearer in the debug log.

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/src/common/sae.c b/src/common/sae.c
index ce282db6b535d2e4639abd658a6d9f75aee896f7..801f36301d8fd37be5117fa5c70333bcdcf72078 100644 (file)
--- a/src/common/sae.c
+++ b/src/common/sae.c
@@ -366,8 +366,11 @@ static int sae_derive_pwe_ecc(struct sae_data *sae, const u8 *addr1,
                const_time_select_bin(found, stub_password, password,
                                      password_len, tmp_password);
                if (hmac_sha256_vector(addrs, sizeof(addrs), 2,
-                                      addr, len, pwd_seed) < 0)
+                                      addr, len, pwd_seed) < 0) {
+                       wpa_printf(MSG_INFO,
+                                  "SAE: hmac_sha256_vector() failed - cannot derive PWE");
                        break;
+               }
 
                res = sae_test_pwd_seed_ecc(sae, pwd_seed,
                                            prime, qr_bin, qnr_bin, x_cand_bin);