8 years ago · aae125e2cf
--- a/src/wps/wps_common.c
+++ b/src/wps/wps_common.c
@@ -129,23 +129,26 @@ int wps_derive_keys(struct wps_data *wps)
 
				 }
			
 
				 
			
 
				 
			
 
				-void wps_derive_psk(struct wps_data *wps, const u8 *dev_passwd,
			
 
				-		    size_t dev_passwd_len)
			
 
				+int wps_derive_psk(struct wps_data *wps, const u8 *dev_passwd,
			
 
				+		   size_t dev_passwd_len)
			
 
				 {
			
 
				 	u8 hash[SHA256_MAC_LEN];
			
 
				 
			
 
				-	hmac_sha256(wps->authkey, WPS_AUTHKEY_LEN, dev_passwd,
			
 
				-		    (dev_passwd_len + 1) / 2, hash);
			
 
				+	if (hmac_sha256(wps->authkey, WPS_AUTHKEY_LEN, dev_passwd,
			
 
				+			(dev_passwd_len + 1) / 2, hash) < 0)
			
 
				+		return -1;
			
 
				 	os_memcpy(wps->psk1, hash, WPS_PSK_LEN);
			
 
				-	hmac_sha256(wps->authkey, WPS_AUTHKEY_LEN,
			
 
				-		    dev_passwd + (dev_passwd_len + 1) / 2,
			
 
				-		    dev_passwd_len / 2, hash);
			
 
				+	if (hmac_sha256(wps->authkey, WPS_AUTHKEY_LEN,
			
 
				+			dev_passwd + (dev_passwd_len + 1) / 2,
			
 
				+			dev_passwd_len / 2, hash) < 0)
			
 
				+		return -1;
			
 
				 	os_memcpy(wps->psk2, hash, WPS_PSK_LEN);
			
 
				 
			
 
				 	wpa_hexdump_ascii_key(MSG_DEBUG, "WPS: Device Password",
			
 
				 			      dev_passwd, dev_passwd_len);
			
 
				 	wpa_hexdump_key(MSG_DEBUG, "WPS: PSK1", wps->psk1, WPS_PSK_LEN);
			
 
				 	wpa_hexdump_key(MSG_DEBUG, "WPS: PSK2", wps->psk2, WPS_PSK_LEN);
			
 
				+	return 0;
			
 
				 }
			
 
				 
			
 
				 
			
--- a/src/wps/wps_enrollee.c
+++ b/src/wps/wps_enrollee.c
@@ -173,7 +173,8 @@ static struct wpabuf * wps_build_m3(struct wps_data *wps)
 
				 		wpa_printf(MSG_DEBUG, "WPS: No Device Password available");
			
 
				 		return NULL;
			
 
				 	}
			
 
				-	wps_derive_psk(wps, wps->dev_password, wps->dev_password_len);
			
 
				+	if (wps_derive_psk(wps, wps->dev_password, wps->dev_password_len) < 0)
			
 
				+		return NULL;
			
 
				 
			
 
				 	if (wps->wps->ap && random_pool_ready() != 1) {
			
 
				 		wpa_printf(MSG_INFO,
			
--- a/src/wps/wps_i.h
+++ b/src/wps/wps_i.h
@@ -132,8 +132,8 @@ struct wps_data {
 
				 void wps_kdf(const u8 *key, const u8 *label_prefix, size_t label_prefix_len,
			
 
				 	     const char *label, u8 *res, size_t res_len);
			
 
				 int wps_derive_keys(struct wps_data *wps);
			
 
				-void wps_derive_psk(struct wps_data *wps, const u8 *dev_passwd,
			
 
				-		    size_t dev_passwd_len);
			
 
				+int wps_derive_psk(struct wps_data *wps, const u8 *dev_passwd,
			
 
				+		   size_t dev_passwd_len);
			
 
				 struct wpabuf * wps_decrypt_encr_settings(struct wps_data *wps, const u8 *encr,
			
 
				 					  size_t encr_len);
			
 
				 void wps_fail_event(struct wps_context *wps, enum wps_msg_type msg,
			
--- a/src/wps/wps_registrar.c
+++ b/src/wps/wps_registrar.c
@@ -1928,7 +1928,8 @@ static struct wpabuf * wps_build_m4(struct wps_data *wps)
 
				 
			
 
				 	wpa_printf(MSG_DEBUG, "WPS: Building Message M4");
			
 
				 
			
 
				-	wps_derive_psk(wps, wps->dev_password, wps->dev_password_len);
			
 
				+	if (wps_derive_psk(wps, wps->dev_password, wps->dev_password_len) < 0)
			
 
				+		return NULL;
			
 
				 
			
 
				 	plain = wpabuf_alloc(200);
			
 
				 	if (plain == NULL)