Clear last set keys (for testing purposes) from memory explicitly

This makes it easier to scan process memory for key information that is
not supposed to remain there after the last use.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>

diff --git a/src/ap/sta_info.c b/src/ap/sta_info.c
index ccd1ed931bad733ba7821fd0637ff9085c77e78c..62620e2a8d3e17606aa77c2669cf4609730812c5 100644 (file)
--- a/src/ap/sta_info.c
+++ b/src/ap/sta_info.c
@@ -410,6 +410,7 @@ void ap_free_sta(struct hostapd_data *hapd, struct sta_info *sta)
 
 #ifdef CONFIG_TESTING_OPTIONS
        os_free(sta->sae_postponed_commit);
+       forced_memzero(sta->last_tk, WPA_TK_MAX_LEN);
 #endif /* CONFIG_TESTING_OPTIONS */
 
        os_free(sta);

diff --git a/src/ap/wpa_auth_glue.c b/src/ap/wpa_auth_glue.c
index 3e992155395ea871f660d87b09c628bc81653dc5..1103a48d7e200b4ed0723e0f73d767443939c694 100644 (file)
--- a/src/ap/wpa_auth_glue.c
+++ b/src/ap/wpa_auth_glue.c
@@ -1631,4 +1631,10 @@ void hostapd_deinit_wpa(struct hostapd_data *hapd)
        hapd->l2 = NULL;
        hostapd_wpa_unregister_ft_oui(hapd);
 #endif /* CONFIG_IEEE80211R_AP */
+
+#ifdef CONFIG_TESTING_OPTIONS
+       forced_memzero(hapd->last_gtk, WPA_GTK_MAX_LEN);
+       forced_memzero(hapd->last_igtk, WPA_IGTK_MAX_LEN);
+       forced_memzero(hapd->last_bigtk, WPA_BIGTK_MAX_LEN);
+#endif /* CONFIG_TESTING_OPTIONS */
 }