From 3a52f6b387e018fe04f4edc56573485b6751ac17 Mon Sep 17 00:00:00 2001 From: Mike Siedzik Date: Tue, 20 Feb 2018 14:28:40 -0500 Subject: [PATCH] mka: Do not print contents of SAK to debug log Log newly generated SAKs as well as unwrapped SAKs with wpa_hexdump_key() rather than wpa_hexdump(). By default, the wpa_hexdump_key() function will not display sensitive key data. Signed-off-by: Michael Siedzik --- src/pae/ieee802_1x_kay.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/pae/ieee802_1x_kay.c b/src/pae/ieee802_1x_kay.c index 0d93b43a7..0fe806f19 100644 --- a/src/pae/ieee802_1x_kay.c +++ b/src/pae/ieee802_1x_kay.c @@ -1626,7 +1626,8 @@ ieee802_1x_mka_decode_dist_sak_body( os_free(unwrap_sak); return -1; } - wpa_hexdump(MSG_DEBUG, "\tAES Key Unwrap of SAK:", unwrap_sak, sak_len); + wpa_hexdump_key(MSG_DEBUG, "\tAES Key Unwrap of SAK:", + unwrap_sak, sak_len); sa_key = os_zalloc(sizeof(*sa_key)); if (!sa_key) { @@ -2017,7 +2018,7 @@ ieee802_1x_kay_generate_new_sak(struct ieee802_1x_mka_participant *participant) wpa_printf(MSG_ERROR, "KaY: SAK Length not support"); goto fail; } - wpa_hexdump(MSG_DEBUG, "KaY: generated new SAK", key, key_len); + wpa_hexdump_key(MSG_DEBUG, "KaY: generated new SAK", key, key_len); os_free(context); context = NULL;