Clear PMK length and check for this when deriving PTK
Instead of setting the default PMK length for the cleared PMK, set the length to 0 and explicitly check for this when deriving PTK to avoid unexpected key derivation with an all-zeroes key should it be possible to somehow trigger PTK derivation to happen before PMK derivation. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen
parent
00583ef111
commit
b488a12948
2 changed files with 9 additions and 3 deletions
|
|
@ -585,7 +585,8 @@ static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm,
|
|||
/* Calculate PTK which will be stored as a temporary PTK until it has
|
||||
* been verified when processing message 3/4. */
|
||||
ptk = &sm->tptk;
|
||||
wpa_derive_ptk(sm, src_addr, key, ptk);
|
||||
if (wpa_derive_ptk(sm, src_addr, key, ptk) < 0)
|
||||
goto failed;
|
||||
if (sm->pairwise_cipher == WPA_CIPHER_TKIP) {
|
||||
u8 buf[8];
|
||||
/* Supplicant: swap tx/rx Mic keys */
|
||||
|
|
@ -2659,8 +2660,8 @@ void wpa_sm_set_pmk_from_pmksa(struct wpa_sm *sm)
|
|||
os_memcpy(sm->pmk, sm->cur_pmksa->pmk, sm->pmk_len);
|
||||
} else {
|
||||
wpa_printf(MSG_DEBUG, "WPA: No current PMKSA - clear PMK");
|
||||
sm->pmk_len = PMK_LEN;
|
||||
os_memset(sm->pmk, 0, PMK_LEN);
|
||||
sm->pmk_len = 0;
|
||||
os_memset(sm->pmk, 0, PMK_LEN_MAX);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue