diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c index ffa303d69..237549b56 100644 --- a/src/ap/ieee802_11.c +++ b/src/ap/ieee802_11.c @@ -839,6 +839,9 @@ void sae_accept_sta(struct hostapd_data *hapd, struct sta_info *sta) mlme_authenticate_indication(hapd, sta); wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH); sae_set_state(sta, SAE_ACCEPTED, "Accept Confirm"); + crypto_bignum_deinit(sta->sae->peer_commit_scalar_accepted, 0); + sta->sae->peer_commit_scalar_accepted = sta->sae->peer_commit_scalar; + sta->sae->peer_commit_scalar = NULL; wpa_auth_pmksa_add_sae(hapd->wpa_auth, sta->addr, sta->sae->pmk, sta->sae->pmkid); sae_sme_send_external_auth_status(hapd, sta, WLAN_STATUS_SUCCESS); diff --git a/src/common/sae.c b/src/common/sae.c index 94ec1a39c..7ed53be1c 100644 --- a/src/common/sae.c +++ b/src/common/sae.c @@ -123,6 +123,7 @@ void sae_clear_data(struct sae_data *sae) return; sae_clear_temp_data(sae); crypto_bignum_deinit(sae->peer_commit_scalar, 0); + crypto_bignum_deinit(sae->peer_commit_scalar_accepted, 0); os_memset(sae, 0, sizeof(*sae)); } @@ -1833,8 +1834,9 @@ static u16 sae_parse_commit_scalar(struct sae_data *sae, const u8 **pos, * shall be dropped if the peer-scalar is identical to the one used in * the existing protocol instance. */ - if (sae->state == SAE_ACCEPTED && sae->peer_commit_scalar && - crypto_bignum_cmp(sae->peer_commit_scalar, peer_scalar) == 0) { + if (sae->state == SAE_ACCEPTED && sae->peer_commit_scalar_accepted && + crypto_bignum_cmp(sae->peer_commit_scalar_accepted, + peer_scalar) == 0) { wpa_printf(MSG_DEBUG, "SAE: Do not accept re-use of previous " "peer-commit-scalar"); crypto_bignum_deinit(peer_scalar, 0); diff --git a/src/common/sae.h b/src/common/sae.h index b3787e4fc..e3e7d0eec 100644 --- a/src/common/sae.h +++ b/src/common/sae.h @@ -70,6 +70,7 @@ struct sae_data { u8 pmk[SAE_PMK_LEN]; u8 pmkid[SAE_PMKID_LEN]; struct crypto_bignum *peer_commit_scalar; + struct crypto_bignum *peer_commit_scalar_accepted; int group; unsigned int sync; /* protocol instance variable: Sync */ u16 rc; /* protocol instance variable: Rc (received send-confirm) */