Clear TK part of PTK after driver key configuration

There is no need for wpa_supplicant to maintain a copy of the TK part of
PTK after this has been configured to the driver, so clear that from
heap memory and only maintain KEK and KCK during association to allow
additional EAPOL-Key handshakes.

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
index 9a6153adcbf74a1f19160eb818141a3d99882dd5..c88f1e407e3826fecc694b920182857d11881123 100644 (file)
--- a/src/rsn_supp/wpa.c
+++ b/src/rsn_supp/wpa.c
@@ -609,6 +609,10 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm,
                return -1;
        }
 
+       /* TK is not needed anymore in supplicant */
+       os_memset(sm->ptk.tk1, 0, sizeof(sm->ptk.tk1));
+       os_memset(sm->ptk.u.tk2, 0, sizeof(sm->ptk.u.tk2));
+
        if (sm->wpa_ptk_rekey) {
                eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL);
                eloop_register_timeout(sm->wpa_ptk_rekey, 0, wpa_sm_rekey_ptk,