keymat_v2: Proper cleanup if derive_ike_keys() is called multiple times

2025-10-04 00:00:14 -04:00 · 2018-06-28 15:33:35 +02:00 · 2018-06-28 15:33:35 +02:00 · dcd5c945b5
commit dcd5c945b5
parent 5727ab2390
1 changed files with 7 additions and 0 deletions
--- a/src/libcharon/sa/ikev2/keymat_v2.c
+++ b/src/libcharon/sa/ikev2/keymat_v2.c
@ -413,6 +413,7 @@ METHOD(keymat_v2_t, derive_ike_keys, bool,

 	/* SK_d is used for generating CHILD_SA key mat => store for later use */
 	key_size = this->prf->get_key_size(this->prf);
+	chunk_clear(&this->skd);
 	if (!prf_plus->allocate_bytes(prf_plus, key_size, &this->skd))
 	{
 		goto failure;
@ -426,6 +427,9 @@ METHOD(keymat_v2_t, derive_ike_keys, bool,
 		goto failure;
 	}

+	DESTROY_IF(this->aead_in);
+	DESTROY_IF(this->aead_out);
+
 	if (encryption_algorithm_is_aead(alg))
 	{
 		if (!derive_ike_aead(this, alg, key_size, prf_plus, &sk_ei, &sk_er))
@ -449,6 +453,9 @@ METHOD(keymat_v2_t, derive_ike_keys, bool,
 		}
 	}

+	chunk_clear(&this->skp_build);
+	chunk_clear(&this->skp_verify);
+
 	/* SK_pi/SK_pr used for authentication => stored for later */
 	key_size = this->prf->get_key_size(this->prf);
 	if (!prf_plus->allocate_bytes(prf_plus, key_size, &sk_pi))