From: Jouni Malinen <jouni@qca.qualcomm.com>
Date: Wed, 29 Nov 2017 19:40:31 +0000 (+0200)
Subject: DPP: Do not continue if public key hash derivation fails
X-Git-Tag: hostap_2_7~758
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f981ce7298e6cf6fe1480605e53255edaf72dd26;p=thirdparty%2Fhostap.git

DPP: Do not continue if public key hash derivation fails

sha256_vector() result was ignored apart from printing out the failure
in the debug log. This is not really a normal case and it is better to
reject the full operation rather than try to continue with an incorrect
public key hash value.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
---

diff --git a/src/common/dpp.c b/src/common/dpp.c
index 6927be08a..d8cb45874 100644
--- a/src/common/dpp.c
+++ b/src/common/dpp.c
@@ -1352,11 +1352,12 @@ char * dpp_keygen(struct dpp_bootstrap_info *bi, const char *curve,
 	addr[0] = wpabuf_head(der);
 	len = wpabuf_len(der);
 	res = sha256_vector(1, addr, &len, bi->pubkey_hash);
-	if (res < 0)
+	if (res < 0) {
 		wpa_printf(MSG_DEBUG, "DPP: Failed to hash public key");
-	else
-		wpa_hexdump(MSG_DEBUG, "DPP: Public key hash", bi->pubkey_hash,
-			    SHA256_MAC_LEN);
+		goto fail;
+	}
+	wpa_hexdump(MSG_DEBUG, "DPP: Public key hash", bi->pubkey_hash,
+		    SHA256_MAC_LEN);
 
 	base64 = base64_encode(wpabuf_head(der), wpabuf_len(der), &len);
 	wpabuf_free(der);