aboutsummaryrefslogtreecommitdiffstats
path: root/src/rsn_supp
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2014-12-29 11:00:03 (GMT)
committerJouni Malinen <j@w1.fi>2014-12-29 17:44:51 (GMT)
commit7193254456259a4171ba61f8c6f7ae2a382385df (patch)
tree74985d0db363881f54352547620359806cd0cd43 /src/rsn_supp
parent13113d127c032fec3a37dbbd004e92180716800a (diff)
downloadhostap-7193254456259a4171ba61f8c6f7ae2a382385df.zip
hostap-7193254456259a4171ba61f8c6f7ae2a382385df.tar.gz
hostap-7193254456259a4171ba61f8c6f7ae2a382385df.tar.bz2
Clear temporary keys from WPA supplicant state machine when not needed
PMK and PTK are not needed in the supplicant state machine after disassociation since core wpa_supplicant will reconfigure them for the next association. As such, clear these from heap in wpa_sm_notify_disassoc() to reduce time and number of places storing key material in memory. In addition, clear FT keys in case of CONFIG_IEEE80211R=y build (sm->xxkey stored a copy of PSK in case of FT-PSK). Signed-off-by: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'src/rsn_supp')
-rw-r--r--src/rsn_supp/wpa.c11
1 files changed, 9 insertions, 2 deletions
diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
index 7c2761c..9a6153a 100644
--- a/src/rsn_supp/wpa.c
+++ b/src/rsn_supp/wpa.c
@@ -2140,6 +2140,7 @@ void wpa_sm_deinit(struct wpa_sm *sm)
os_free(sm->assoc_wpa_ie);
os_free(sm->ap_wpa_ie);
os_free(sm->ap_rsn_ie);
+ wpa_sm_drop_sa(sm);
os_free(sm->ctx);
peerkey_deinit(sm);
#ifdef CONFIG_IEEE80211R
@@ -2228,6 +2229,9 @@ void wpa_sm_notify_disassoc(struct wpa_sm *sm)
#ifdef CONFIG_TDLS
wpa_tdls_disassoc(sm);
#endif /* CONFIG_TDLS */
+
+ /* Keys are not needed in the WPA state machine anymore */
+ wpa_sm_drop_sa(sm);
}
@@ -2700,7 +2704,6 @@ int wpa_sm_pmksa_cache_list(struct wpa_sm *sm, char *buf, size_t len)
}
-#ifdef CONFIG_TESTING_OPTIONS
void wpa_sm_drop_sa(struct wpa_sm *sm)
{
wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Clear old PMK and PTK");
@@ -2709,8 +2712,12 @@ void wpa_sm_drop_sa(struct wpa_sm *sm)
os_memset(sm->pmk, 0, sizeof(sm->pmk));
os_memset(&sm->ptk, 0, sizeof(sm->ptk));
os_memset(&sm->tptk, 0, sizeof(sm->tptk));
+#ifdef CONFIG_IEEE80211R
+ os_memset(sm->xxkey, 0, sizeof(sm->xxkey));
+ os_memset(sm->pmk_r0, 0, sizeof(sm->pmk_r0));
+ os_memset(sm->pmk_r1, 0, sizeof(sm->pmk_r1));
+#endif /* CONFIG_IEEE80211R */
}
-#endif /* CONFIG_TESTING_OPTIONS */
int wpa_sm_has_ptk(struct wpa_sm *sm)