SAE: Free temporary buffers when moving to Accepted state

author Jouni Malinen <j@w1.fi>

Sun, 6 Jan 2013 17:06:59 +0000 (19:06 +0200)

committer Jouni Malinen <j@w1.fi>

Sat, 12 Jan 2013 15:51:54 +0000 (17:51 +0200)
author Jouni Malinen <j@w1.fi>
Sun, 6 Jan 2013 17:06:59 +0000 (19:06 +0200)
committer Jouni Malinen <j@w1.fi>
Sat, 12 Jan 2013 15:51:54 +0000 (17:51 +0200)
diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c

index 95bdc676c7a29ef5ee2286bbe9df71fb4aa35524..79235dfd086756e9bfce4cf19657384e83440e01 100644 (file)
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -510,8 +510,10 @@ static void handle_auth_sae(struct hostapd_data *hapd, struct sta_info *sta,
                         data = auth_build_sae_confirm(hapd, sta);
                         if (data == NULL)
                                 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
-                       else
+                       else {
                                 sta->sae->state = SAE_ACCEPTED;
+                               sae_clear_temp_data(sta->sae);
+                       }
                 }
         } else {
                 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
diff --git a/src/common/sae.c b/src/common/sae.c

index 6cf027298c5e4612a06ca425e41ef40d36a7c1b6..06dadb674ca22ededcd6c342f031d0d3cc055d4b 100644 (file)
--- a/src/common/sae.c
+++ b/src/common/sae.c
@@ -65,22 +65,44 @@ int sae_set_group(struct sae_data *sae, int group)
  }
  
  
-void sae_clear_data(struct sae_data *sae)
+void sae_clear_temp_data(struct sae_data *sae)
  {
         if (sae == NULL)
                 return;
         crypto_ec_deinit(sae->ec);
+       sae->ec = NULL;
+       sae->dh = NULL;
         crypto_bignum_deinit(sae->prime_buf, 0);
+       sae->prime_buf = NULL;
+       sae->prime = NULL;
         crypto_bignum_deinit(sae->order_buf, 0);
+       sae->order_buf = NULL;
+       sae->order = NULL;
         crypto_bignum_deinit(sae->sae_rand, 1);
+       sae->sae_rand = NULL;
         crypto_bignum_deinit(sae->pwe_ffc, 1);
+       sae->pwe_ffc = NULL;
         crypto_bignum_deinit(sae->own_commit_scalar, 0);
-       crypto_bignum_deinit(sae->peer_commit_scalar, 0);
+       sae->own_commit_scalar = NULL;
         crypto_bignum_deinit(sae->own_commit_element_ffc, 0);
+       sae->own_commit_element_ffc = NULL;
         crypto_bignum_deinit(sae->peer_commit_element_ffc, 0);
+       sae->peer_commit_element_ffc = NULL;
         crypto_ec_point_deinit(sae->pwe_ecc, 1);
+       sae->pwe_ecc = NULL;
         crypto_ec_point_deinit(sae->own_commit_element_ecc, 0);
+       sae->own_commit_element_ecc = NULL;
         crypto_ec_point_deinit(sae->peer_commit_element_ecc, 0);
+       sae->peer_commit_element_ecc = NULL;
+}
+
+
+void sae_clear_data(struct sae_data *sae)
+{
+       if (sae == NULL)
+               return;
+       sae_clear_temp_data(sae);
+       crypto_bignum_deinit(sae->peer_commit_scalar, 0);
         os_memset(sae, 0, sizeof(*sae));
  }
  
diff --git a/src/common/sae.h b/src/common/sae.h

index 39b377daef508903561981c2bbc2cd4fac4a7e3f..384a7bebfc67e34a9f95df09a5c13afc829618db 100644 (file)
--- a/src/common/sae.h
+++ b/src/common/sae.h
@@ -43,6 +43,7 @@ struct sae_data {
  };
  
  int sae_set_group(struct sae_data *sae, int group);
+void sae_clear_temp_data(struct sae_data *sae);
  void sae_clear_data(struct sae_data *sae);
  
  int sae_prepare_commit(const u8 *addr1, const u8 *addr2,
diff --git a/wpa_supplicant/sme.c b/wpa_supplicant/sme.c

index 1c760e7bb63003acd1437d1d7fcb905d68b8143d..cb94db8d30b156a5f98cf6e48e0423859659c538 100644 (file)
--- a/wpa_supplicant/sme.c
+++ b/wpa_supplicant/sme.c
@@ -511,6 +511,7 @@ static int sme_sae_auth(struct wpa_supplicant *wpa_s, u16 auth_transaction,
                 if (sae_check_confirm(&wpa_s->sme.sae, data, len) < 0)
                         return -1;
                 wpa_s->sme.sae.state = SAE_ACCEPTED;
+               sae_clear_temp_data(&wpa_s->sme.sae);
                 return 1;
         }
author	Jouni Malinen <j@w1.fi>
	Sun, 6 Jan 2013 17:06:59 +0000 (19:06 +0200)
committer	Jouni Malinen <j@w1.fi>
	Sat, 12 Jan 2013 15:51:54 +0000 (17:51 +0200)
src/ap/ieee802_11.c		patch \| blob \| blame \| history
src/common/sae.c		patch \| blob \| blame \| history
src/common/sae.h		patch \| blob \| blame \| history
wpa_supplicant/sme.c		patch \| blob \| blame \| history