diff options
| author | Jouni Malinen <j@w1.fi> | 2017-10-08 13:18:02 +0300 |
|---|---|---|
| committer | Ivan Kutepov <its.kutepov@gmail.com> | 2017-10-19 21:53:12 +0300 |
| commit | 12b919a0cccf4e00302b5e65d9b272dc2e9bbcd6 (patch) | |
| tree | 0f9ab5a2d388a03a401135ef21be2a636f81d756 /src/rsn_supp | |
| parent | 6dadaf9fed1f2270dfdbe5879d18d23c8be24919 (diff) | |
| download | android_external_wpa_supplicant_8-12b919a0cccf4e00302b5e65d9b272dc2e9bbcd6.tar.gz android_external_wpa_supplicant_8-12b919a0cccf4e00302b5e65d9b272dc2e9bbcd6.tar.bz2 android_external_wpa_supplicant_8-12b919a0cccf4e00302b5e65d9b272dc2e9bbcd6.zip | |
Clear PMK length and check for this when deriving PTK
Instead of setting the default PMK length for the cleared PMK, set the
length to 0 and explicitly check for this when deriving PTK to avoid
unexpected key derivation with an all-zeroes key should it be possible
to somehow trigger PTK derivation to happen before PMK derivation.
Change-Id: Ifef3b2ca5ee19e6e89df75fef697e7215f926cb1
Signed-off-by: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'src/rsn_supp')
| -rw-r--r-- | src/rsn_supp/wpa.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c index 0ff0abe4..4b87db62 100644 --- a/src/rsn_supp/wpa.c +++ b/src/rsn_supp/wpa.c @@ -489,7 +489,8 @@ static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm, /* Calculate PTK which will be stored as a temporary PTK until it has * been verified when processing message 3/4. */ ptk = &sm->tptk; - wpa_derive_ptk(sm, src_addr, key, ptk); + if (wpa_derive_ptk(sm, src_addr, key, ptk) < 0) + goto failed; if (sm->pairwise_cipher == WPA_CIPHER_TKIP) { u8 buf[8]; /* Supplicant: swap tx/rx Mic keys */ @@ -2399,8 +2400,8 @@ void wpa_sm_set_pmk_from_pmksa(struct wpa_sm *sm) os_memcpy(sm->pmk, sm->cur_pmksa->pmk, sm->pmk_len); } else { wpa_printf(MSG_DEBUG, "WPA: No current PMKSA - clear PMK"); - sm->pmk_len = PMK_LEN; - os_memset(sm->pmk, 0, PMK_LEN); + sm->pmk_len = 0; + os_memset(sm->pmk, 0, PMK_LEN_MAX); } } |