@@ -1609,18 +1609,26 @@ static int sae_derive_keys(struct sae_data *sae, const u8 *k)
* octets). */
crypto_bignum_to_bin(tmp, val, sizeof(val), sae->tmp->order_len);
wpa_hexdump(MSG_DEBUG, "SAE: PMKID", val, SAE_PMKID_LEN);
- if (!sae->pk &&
- sae_kdf_hash(hash_len, keyseed, "SAE KCK and PMK",
- val, sae->tmp->order_len,
- keys, hash_len + SAE_PMK_LEN) < 0)
- goto fail;
+
#ifdef CONFIG_SAE_PK
- if (sae->pk &&
- sae_kdf_hash(hash_len, keyseed, "SAE-PK keys",
+ if (sae->pk) {
+ if (sae_kdf_hash(hash_len, keyseed, "SAE-PK keys",
val, sae->tmp->order_len,
keys, 2 * hash_len + SAE_PMK_LEN) < 0)
+ goto fail;
+ } else {
+ if (sae_kdf_hash(hash_len, keyseed, "SAE KCK and PMK",
+ val, sae->tmp->order_len,
+ keys, hash_len + SAE_PMK_LEN) < 0)
+ goto fail;
+ }
+#else /* CONFIG_SAE_PK */
+ if (sae_kdf_hash(hash_len, keyseed, "SAE KCK and PMK",
+ val, sae->tmp->order_len,
+ keys, hash_len + SAE_PMK_LEN) < 0)
goto fail;
-#endif /* CONFIG_SAE_PK */
+#endif /* !CONFIG_SAE_PK */
+
forced_memzero(keyseed, sizeof(keyseed));
os_memcpy(sae->tmp->kck, keys, hash_len);
sae->tmp->kck_len = hash_len;
If SAE_CONFIG_PK is not defined and sae->pk isn't zero (which is possible as it is controlled by the commit message status code), sae_derive_keys() may end up deriving PMK and KCK from an uninitialized array. Fix that. Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com> --- src/common/sae.c | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-)