From: Andrei Otcheretianski Date: Mon, 19 Oct 2020 08:06:30 +0000 (+0300) Subject: SAE: Don't use potentially uninitialized keys X-Git-Tag: hostap_2_10~807 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=80662accb5e945a7ac285e023138a5f79798b417;p=thirdparty%2Fhostap.git SAE: Don't use potentially uninitialized keys If SAE_CONFIG_PK is not defined and sae->pk isn't zero (which is possible as it is controlled by the commit message status code), sae_derive_keys() may end up deriving PMK and KCK from an uninitialized array. Fix that. Fixes: 6b9e99e571ee ("SAE-PK: Extend SAE functionality for AP validation") Fixes: 20ccf97b3dc1 ("SAE-PK: AP functionality") Signed-off-by: Andrei Otcheretianski --- diff --git a/src/common/sae.c b/src/common/sae.c index 057e1ce3b..372905db0 100644 --- a/src/common/sae.c +++ b/src/common/sae.c @@ -1609,18 +1609,26 @@ static int sae_derive_keys(struct sae_data *sae, const u8 *k) * octets). */ crypto_bignum_to_bin(tmp, val, sizeof(val), sae->tmp->order_len); wpa_hexdump(MSG_DEBUG, "SAE: PMKID", val, SAE_PMKID_LEN); - if (!sae->pk && - sae_kdf_hash(hash_len, keyseed, "SAE KCK and PMK", - val, sae->tmp->order_len, - keys, hash_len + SAE_PMK_LEN) < 0) - goto fail; + #ifdef CONFIG_SAE_PK - if (sae->pk && - sae_kdf_hash(hash_len, keyseed, "SAE-PK keys", + if (sae->pk) { + if (sae_kdf_hash(hash_len, keyseed, "SAE-PK keys", + val, sae->tmp->order_len, + keys, 2 * hash_len + SAE_PMK_LEN) < 0) + goto fail; + } else { + if (sae_kdf_hash(hash_len, keyseed, "SAE KCK and PMK", + val, sae->tmp->order_len, + keys, hash_len + SAE_PMK_LEN) < 0) + goto fail; + } +#else /* CONFIG_SAE_PK */ + if (sae_kdf_hash(hash_len, keyseed, "SAE KCK and PMK", val, sae->tmp->order_len, - keys, 2 * hash_len + SAE_PMK_LEN) < 0) + keys, hash_len + SAE_PMK_LEN) < 0) goto fail; -#endif /* CONFIG_SAE_PK */ +#endif /* !CONFIG_SAE_PK */ + forced_memzero(keyseed, sizeof(keyseed)); os_memcpy(sae->tmp->kck, keys, hash_len); sae->tmp->kck_len = hash_len;