mka: Clear out old/latest key values on CHANGE in CP state machine
The associated SAs have been deleted and the key server has changed so there's no point in keeping the key values. Note that this isn't specified in IEEE Std 802.1X-2010. Signed-off-by: Thomas Winter <Thomas.Winter@alliedtelesis.co.nz>
This commit is contained in:
parent
536a7cfcf7
commit
547ba732d3
1 changed files with 18 additions and 0 deletions
|
@ -141,6 +141,24 @@ SM_STATE(CP, CHANGE)
|
||||||
ieee802_1x_kay_delete_sas(sm->kay, sm->lki);
|
ieee802_1x_kay_delete_sas(sm->kay, sm->lki);
|
||||||
if (sm->oki)
|
if (sm->oki)
|
||||||
ieee802_1x_kay_delete_sas(sm->kay, sm->oki);
|
ieee802_1x_kay_delete_sas(sm->kay, sm->oki);
|
||||||
|
/* The standard doesn't say it but we should clear out the latest
|
||||||
|
* and old key values. Why would we keep advertising them if
|
||||||
|
* they've been deleted and the key server has been changed?
|
||||||
|
*/
|
||||||
|
os_free(sm->oki);
|
||||||
|
sm->oki = NULL;
|
||||||
|
sm->otx = FALSE;
|
||||||
|
sm->orx = FALSE;
|
||||||
|
sm->oan = 0;
|
||||||
|
ieee802_1x_kay_set_old_sa_attr(sm->kay, sm->oki, sm->oan,
|
||||||
|
sm->otx, sm->orx);
|
||||||
|
os_free(sm->lki);
|
||||||
|
sm->lki = NULL;
|
||||||
|
sm->lrx = FALSE;
|
||||||
|
sm->ltx = FALSE;
|
||||||
|
sm->lan = 0;
|
||||||
|
ieee802_1x_kay_set_latest_sa_attr(sm->kay, sm->lki, sm->lan,
|
||||||
|
sm->ltx, sm->lrx);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue