DPP: Do not continue if public key hash derivation fails

sha256_vector() result was ignored apart from printing out the failure
in the debug log. This is not really a normal case and it is better to
reject the full operation rather than try to continue with an incorrect
public key hash value.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

diff --git a/src/common/dpp.c b/src/common/dpp.c
index 6927be08a1f785f42af35c0e05d9116af96b66e2..d8cb4587481c552fcb8c5a3304e498ee588d2638 100644 (file)
--- a/src/common/dpp.c
+++ b/src/common/dpp.c
@@ -1352,11 +1352,12 @@ char * dpp_keygen(struct dpp_bootstrap_info *bi, const char *curve,
        addr[0] = wpabuf_head(der);
        len = wpabuf_len(der);
        res = sha256_vector(1, addr, &len, bi->pubkey_hash);
-       if (res < 0)
+       if (res < 0) {
                wpa_printf(MSG_DEBUG, "DPP: Failed to hash public key");
-       else
-               wpa_hexdump(MSG_DEBUG, "DPP: Public key hash", bi->pubkey_hash,
-                           SHA256_MAC_LEN);
+               goto fail;
+       }
+       wpa_hexdump(MSG_DEBUG, "DPP: Public key hash", bi->pubkey_hash,
+                   SHA256_MAC_LEN);
 
        base64 = base64_encode(wpabuf_head(der), wpabuf_len(der), &len);
        wpabuf_free(der);