~indicator-network-developers/wpasupplicant/trunk

Committer: Jouni Malinen
Author(s): Andrei Otcheretianski
Date: 2020-10-19 21:37:01 UTC
Revision ID: git-v1:80662accb5e945a7ac285e023138a5f79798b417

SAE: Don't use potentially uninitialized keys

If SAE_CONFIG_PK is not defined and sae->pk isn't zero (which is
possible as it is controlled by the commit message status code),
sae_derive_keys() may end up deriving PMK and KCK from an
uninitialized array. Fix that.

Fixes: 6b9e99e571ee ("SAE-PK: Extend SAE functionality for AP validation")
Fixes: 20ccf97b3dc1 ("SAE-PK: AP functionality")
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>

files modified:
src/common/sae.c

Show diffs side-by-side

added added

removed removed

src/common/sae.c

1609

* octets). */

1610

crypto_bignum_to_bin(tmp, val, sizeof(val), sae->tmp->order_len);

1611

wpa_hexdump(MSG_DEBUG, "SAE: PMKID", val, SAE_PMKID_LEN);

1612

if (!sae->pk &&

1613

sae_kdf_hash(hash_len, keyseed, "SAE KCK and PMK",

1612

1613

#ifdef CONFIG_SAE_PK

1614

if (sae->pk) {

1615

if (sae_kdf_hash(hash_len, keyseed, "SAE-PK keys",

1616

val, sae->tmp->order_len,

1617

keys, 2 * hash_len + SAE_PMK_LEN) < 0)

1618

goto fail;

1619

} else {

1620

if (sae_kdf_hash(hash_len, keyseed, "SAE KCK and PMK",

1621

val, sae->tmp->order_len,

1622

keys, hash_len + SAE_PMK_LEN) < 0)

1623

goto fail;

1624

}

1625

#else /* CONFIG_SAE_PK */

1626

if (sae_kdf_hash(hash_len, keyseed, "SAE KCK and PMK",

1614

1627

val, sae->tmp->order_len,

1615

1628

keys, hash_len + SAE_PMK_LEN) < 0)

1616

1629

goto fail;

1617

#ifdef CONFIG_SAE_PK

1618

if (sae->pk &&

1619

sae_kdf_hash(hash_len, keyseed, "SAE-PK keys",

1620

val, sae->tmp->order_len,

1621

keys, 2 * hash_len + SAE_PMK_LEN) < 0)

1622

goto fail;

1623

#endif /* CONFIG_SAE_PK */

1630

#endif /* !CONFIG_SAE_PK */

1631

1624

1632

forced_memzero(keyseed, sizeof(keyseed));

1625

1633

os_memcpy(sae->tmp->kck, keys, hash_len);

1626

1634

sae->tmp->kck_len = hash_len;

Older »