Verify that EAPOL-Key MIC generation succeeds

This can now fail, e.g., if trying to use TKIP in FIPS mode.
2009-08-16 22:35:15 +03:00 · 2009-08-16 22:35:15 +03:00 · 04b6b3ed51
parent 7a215dfc2b
commit 04b6b3ed51
2 changed files with 10 additions and 5 deletions
--- a/src/common/wpa_common.c
+++ b/src/common/wpa_common.c
@ -50,10 +50,10 @@ int wpa_eapol_key_mic(const u8 *key, int ver, const u8 *buf, size_t len,

 	switch (ver) {
 	case WPA_KEY_INFO_TYPE_HMAC_MD5_RC4:
-		hmac_md5(key, 16, buf, len, mic);
-		break;
+		return hmac_md5(key, 16, buf, len, mic);
 	case WPA_KEY_INFO_TYPE_HMAC_SHA1_AES:
-		hmac_sha1(key, 16, buf, len, hash);
+		if (hmac_sha1(key, 16, buf, len, hash))
+			return -1;
 		os_memcpy(mic, hash, MD5_MAC_LEN);
 		break;
 #if defined(CONFIG_IEEE80211R) || defined(CONFIG_IEEE80211W)
--- a/src/rsn_supp/wpa.c
+++ b/src/rsn_supp/wpa.c
@ -119,11 +119,16 @@ void wpa_eapol_key_send(struct wpa_sm *sm, const u8 *kck,
 				   MAC2STR(dest));
 		}
 	}
-	if (key_mic)
-		wpa_eapol_key_mic(kck, ver, msg, msg_len, key_mic);
+	if (key_mic &&
+	    wpa_eapol_key_mic(kck, ver, msg, msg_len, key_mic)) {
+		wpa_printf(MSG_ERROR, "WPA: Failed to generate EAPOL-Key "
+			   "version %d MIC", ver);
+		goto out;
+	}
 	wpa_hexdump(MSG_MSGDUMP, "WPA: TX EAPOL-Key", msg, msg_len);
 	wpa_sm_ether_send(sm, dest, proto, msg, msg_len);
 	eapol_sm_notify_tx_eapol_key(sm->eapol);
+out:
 	os_free(msg);
 }