mka: Clear out old/latest key values on CHANGE in CP state machine

The associated SAs have been deleted and the key server has changed so
there's no point in keeping the key values.

Note that this isn't specified in IEEE Std 802.1X-2010.

Signed-off-by: Thomas Winter <Thomas.Winter@alliedtelesis.co.nz>

diff --git a/src/pae/ieee802_1x_cp.c b/src/pae/ieee802_1x_cp.c
index 27c6f0c5f8497ab154440bd6cbf2ad770136934b..69e57587dedd79c276f87ff7e222387cbbf51812 100644 (file)
--- a/src/pae/ieee802_1x_cp.c
+++ b/src/pae/ieee802_1x_cp.c
@@ -141,6 +141,24 @@ SM_STATE(CP, CHANGE)
                ieee802_1x_kay_delete_sas(sm->kay, sm->lki);
        if (sm->oki)
                ieee802_1x_kay_delete_sas(sm->kay, sm->oki);
+       /* The standard doesn't say it but we should clear out the latest
+        * and old key values. Why would we keep advertising them if
+        * they've been deleted and the key server has been changed?
+        */
+       os_free(sm->oki);
+       sm->oki = NULL;
+       sm->otx = FALSE;
+       sm->orx = FALSE;
+       sm->oan = 0;
+       ieee802_1x_kay_set_old_sa_attr(sm->kay, sm->oki, sm->oan,
+                                      sm->otx, sm->orx);
+       os_free(sm->lki);
+       sm->lki = NULL;
+       sm->lrx = FALSE;
+       sm->ltx = FALSE;
+       sm->lan = 0;
+       ieee802_1x_kay_set_latest_sa_attr(sm->kay, sm->lki, sm->lan,
+                                         sm->ltx, sm->lrx);
 }