SAE: Free temporary buffers when moving to Accepted state

Most of the variables are not needed anymore once the SAE instance
has entered Accepted state. Free these to save memory.

Signed-hostap: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2013-01-06 19:06:59 +02:00
parent 30846fa65f
commit b4fd3613d3
4 changed files with 29 additions and 3 deletions

View file

@ -510,8 +510,10 @@ static void handle_auth_sae(struct hostapd_data *hapd, struct sta_info *sta,
data = auth_build_sae_confirm(hapd, sta); data = auth_build_sae_confirm(hapd, sta);
if (data == NULL) if (data == NULL)
resp = WLAN_STATUS_UNSPECIFIED_FAILURE; resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
else else {
sta->sae->state = SAE_ACCEPTED; sta->sae->state = SAE_ACCEPTED;
sae_clear_temp_data(sta->sae);
}
} }
} else { } else {
hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,

View file

@ -65,22 +65,44 @@ int sae_set_group(struct sae_data *sae, int group)
} }
void sae_clear_data(struct sae_data *sae) void sae_clear_temp_data(struct sae_data *sae)
{ {
if (sae == NULL) if (sae == NULL)
return; return;
crypto_ec_deinit(sae->ec); crypto_ec_deinit(sae->ec);
sae->ec = NULL;
sae->dh = NULL;
crypto_bignum_deinit(sae->prime_buf, 0); crypto_bignum_deinit(sae->prime_buf, 0);
sae->prime_buf = NULL;
sae->prime = NULL;
crypto_bignum_deinit(sae->order_buf, 0); crypto_bignum_deinit(sae->order_buf, 0);
sae->order_buf = NULL;
sae->order = NULL;
crypto_bignum_deinit(sae->sae_rand, 1); crypto_bignum_deinit(sae->sae_rand, 1);
sae->sae_rand = NULL;
crypto_bignum_deinit(sae->pwe_ffc, 1); crypto_bignum_deinit(sae->pwe_ffc, 1);
sae->pwe_ffc = NULL;
crypto_bignum_deinit(sae->own_commit_scalar, 0); crypto_bignum_deinit(sae->own_commit_scalar, 0);
crypto_bignum_deinit(sae->peer_commit_scalar, 0); sae->own_commit_scalar = NULL;
crypto_bignum_deinit(sae->own_commit_element_ffc, 0); crypto_bignum_deinit(sae->own_commit_element_ffc, 0);
sae->own_commit_element_ffc = NULL;
crypto_bignum_deinit(sae->peer_commit_element_ffc, 0); crypto_bignum_deinit(sae->peer_commit_element_ffc, 0);
sae->peer_commit_element_ffc = NULL;
crypto_ec_point_deinit(sae->pwe_ecc, 1); crypto_ec_point_deinit(sae->pwe_ecc, 1);
sae->pwe_ecc = NULL;
crypto_ec_point_deinit(sae->own_commit_element_ecc, 0); crypto_ec_point_deinit(sae->own_commit_element_ecc, 0);
sae->own_commit_element_ecc = NULL;
crypto_ec_point_deinit(sae->peer_commit_element_ecc, 0); crypto_ec_point_deinit(sae->peer_commit_element_ecc, 0);
sae->peer_commit_element_ecc = NULL;
}
void sae_clear_data(struct sae_data *sae)
{
if (sae == NULL)
return;
sae_clear_temp_data(sae);
crypto_bignum_deinit(sae->peer_commit_scalar, 0);
os_memset(sae, 0, sizeof(*sae)); os_memset(sae, 0, sizeof(*sae));
} }

View file

@ -43,6 +43,7 @@ struct sae_data {
}; };
int sae_set_group(struct sae_data *sae, int group); int sae_set_group(struct sae_data *sae, int group);
void sae_clear_temp_data(struct sae_data *sae);
void sae_clear_data(struct sae_data *sae); void sae_clear_data(struct sae_data *sae);
int sae_prepare_commit(const u8 *addr1, const u8 *addr2, int sae_prepare_commit(const u8 *addr1, const u8 *addr2,

View file

@ -511,6 +511,7 @@ static int sme_sae_auth(struct wpa_supplicant *wpa_s, u16 auth_transaction,
if (sae_check_confirm(&wpa_s->sme.sae, data, len) < 0) if (sae_check_confirm(&wpa_s->sme.sae, data, len) < 0)
return -1; return -1;
wpa_s->sme.sae.state = SAE_ACCEPTED; wpa_s->sme.sae.state = SAE_ACCEPTED;
sae_clear_temp_data(&wpa_s->sme.sae);
return 1; return 1;
} }