From 547ba732d37c26823d2b2a87957c784b0931335f Mon Sep 17 00:00:00 2001
From: Thomas Winter <Thomas.Winter@alliedtelesis.co.nz>
Date: Tue, 27 Aug 2019 15:55:36 +1200
Subject: [PATCH] mka: Clear out old/latest key values on CHANGE in CP state
 machine

The associated SAs have been deleted and the key server has changed so
there's no point in keeping the key values.

Note that this isn't specified in IEEE Std 802.1X-2010.

Signed-off-by: Thomas Winter <Thomas.Winter@alliedtelesis.co.nz>
---
 src/pae/ieee802_1x_cp.c | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/src/pae/ieee802_1x_cp.c b/src/pae/ieee802_1x_cp.c
index 27c6f0c5f..69e57587d 100644
--- a/src/pae/ieee802_1x_cp.c
+++ b/src/pae/ieee802_1x_cp.c
@@ -141,6 +141,24 @@ SM_STATE(CP, CHANGE)
 		ieee802_1x_kay_delete_sas(sm->kay, sm->lki);
 	if (sm->oki)
 		ieee802_1x_kay_delete_sas(sm->kay, sm->oki);
+	/* The standard doesn't say it but we should clear out the latest
+	 * and old key values. Why would we keep advertising them if
+	 * they've been deleted and the key server has been changed?
+	 */
+	os_free(sm->oki);
+	sm->oki = NULL;
+	sm->otx = FALSE;
+	sm->orx = FALSE;
+	sm->oan = 0;
+	ieee802_1x_kay_set_old_sa_attr(sm->kay, sm->oki, sm->oan,
+				       sm->otx, sm->orx);
+	os_free(sm->lki);
+	sm->lki = NULL;
+	sm->lrx = FALSE;
+	sm->ltx = FALSE;
+	sm->lan = 0;
+	ieee802_1x_kay_set_latest_sa_attr(sm->kay, sm->lki, sm->lan,
+					  sm->ltx, sm->lrx);
 }