From af1f0694e1b710366e8b6559a881c082e6c3df93 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <quic_jouni@quicinc.com>
Date: Sat, 26 Feb 2022 01:10:32 +0200
Subject: [PATCH] Clear last set keys (for testing purposes) from memory
 explicitly

This makes it easier to scan process memory for key information that is
not supposed to remain there after the last use.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
---
 src/ap/sta_info.c      | 1 +
 src/ap/wpa_auth_glue.c | 6 ++++++
 2 files changed, 7 insertions(+)

diff --git a/src/ap/sta_info.c b/src/ap/sta_info.c
index ccd1ed931..62620e2a8 100644
--- a/src/ap/sta_info.c
+++ b/src/ap/sta_info.c
@@ -410,6 +410,7 @@ void ap_free_sta(struct hostapd_data *hapd, struct sta_info *sta)
 
 #ifdef CONFIG_TESTING_OPTIONS
 	os_free(sta->sae_postponed_commit);
+	forced_memzero(sta->last_tk, WPA_TK_MAX_LEN);
 #endif /* CONFIG_TESTING_OPTIONS */
 
 	os_free(sta);
diff --git a/src/ap/wpa_auth_glue.c b/src/ap/wpa_auth_glue.c
index 3e9921553..1103a48d7 100644
--- a/src/ap/wpa_auth_glue.c
+++ b/src/ap/wpa_auth_glue.c
@@ -1631,4 +1631,10 @@ void hostapd_deinit_wpa(struct hostapd_data *hapd)
 	hapd->l2 = NULL;
 	hostapd_wpa_unregister_ft_oui(hapd);
 #endif /* CONFIG_IEEE80211R_AP */
+
+#ifdef CONFIG_TESTING_OPTIONS
+	forced_memzero(hapd->last_gtk, WPA_GTK_MAX_LEN);
+	forced_memzero(hapd->last_igtk, WPA_IGTK_MAX_LEN);
+	forced_memzero(hapd->last_bigtk, WPA_BIGTK_MAX_LEN);
+#endif /* CONFIG_TESTING_OPTIONS */
 }