From: Adrian-Ken Rueegsegger <ken@codelabs.ch>
Date: Tue, 11 Sep 2012 17:13:29 +0000 (+0200)
Subject: Do not return shared secret in TKM Diffie-Hellman
X-Git-Tag: 5.0.3rc1~39^2~56
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=db97fd74d3185b02b25942972a181ee600d6b9b5;p=thirdparty%2Fstrongswan.git

Do not return shared secret in TKM Diffie-Hellman

Since the TKM handles all relevant key material, charon-tkm must not
have access to it anymore. Thus the ike_dh_get_shared_secret operation
is not available anymore.
---

diff --git a/src/charon-tkm/src/tkm/tkm_diffie_hellman.c b/src/charon-tkm/src/tkm/tkm_diffie_hellman.c
index cef53464c7..19f57de016 100644
--- a/src/charon-tkm/src/tkm/tkm_diffie_hellman.c
+++ b/src/charon-tkm/src/tkm/tkm_diffie_hellman.c
@@ -61,13 +61,7 @@ METHOD(diffie_hellman_t, get_my_public_value, void,
 METHOD(diffie_hellman_t, get_shared_secret, status_t,
 	private_tkm_diffie_hellman_t *this, chunk_t *secret)
 {
-	dh_key_type shared_secret;
-	if (ike_dh_get_shared_secret(this->context_id, &shared_secret) != TKM_OK)
-	{
-		return FAILED;
-	}
-
-	sequence_to_chunk(&shared_secret.data[0], shared_secret.size, secret);
+	*secret = chunk_empty;
 	return SUCCESS;
 }