jeltz/hostap
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

mka: Do not print contents of SAK to debug log

Browse source 
Log newly generated SAKs as well as unwrapped SAKs with wpa_hexdump_key()
rather than wpa_hexdump(). By default, the wpa_hexdump_key() function
will not display sensitive key data.

Signed-off-by: Michael Siedzik <msiedzik@extremenetworks.com>
This commit is contained in:
Mike Siedzik 2018-02-20 14:28:40 -05:00 committed by Jouni Malinen
parent 77977b3d5d
commit 3a52f6b387
1 changed files with 3 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
src/pae/ieee802_1x_kay.c
View file

@ -1626,7 +1626,8 @@ ieee802_1x_mka_decode_dist_sak_body(
os_free(unwrap_sak);
return -1;
}
wpa_hexdump(MSG_DEBUG, "\tAES Key Unwrap of SAK:", unwrap_sak, sak_len);
wpa_hexdump_key(MSG_DEBUG, "\tAES Key Unwrap of SAK:",
unwrap_sak, sak_len);
sa_key = os_zalloc(sizeof(*sa_key));
if (!sa_key) {
@ -2017,7 +2018,7 @@ ieee802_1x_kay_generate_new_sak(struct ieee802_1x_mka_participant *participant)
wpa_printf(MSG_ERROR, "KaY: SAK Length not support");
goto fail;
}
wpa_hexdump(MSG_DEBUG, "KaY: generated new SAK", key, key_len);
wpa_hexdump_key(MSG_DEBUG, "KaY: generated new SAK", key, key_len);
os_free(context);
context = NULL;