From: Tobias Brunner Date: Fri, 23 Jul 2021 15:25:19 +0000 (+0200) Subject: pkcs11: Move shared secret calculation to get_shared_secret() X-Git-Tag: 5.9.7dr2~1^2~3 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=26ca0c9f70ed51dbd2d7113209d3e59cda1df3cf;p=thirdparty%2Fstrongswan.git pkcs11: Move shared secret calculation to get_shared_secret() --- diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_dh.c b/src/libstrongswan/plugins/pkcs11/pkcs11_dh.c index d08ebb33c4..a75cec6746 100644 --- a/src/libstrongswan/plugins/pkcs11/pkcs11_dh.c +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_dh.c @@ -60,6 +60,11 @@ struct private_pkcs11_dh_t { */ chunk_t pub_key; + /** + * Public value provided by peer + */ + chunk_t other; + /** * Shared secret */ @@ -122,6 +127,7 @@ METHOD(key_exchange_t, set_public_key, bool, return FALSE; } + chunk_clear(&this->other); switch (this->group) { case ECP_192_BIT: @@ -140,13 +146,14 @@ METHOD(key_exchange_t, set_public_key, bool, pubkey.len, pubkey.ptr, }; - value = chunk_from_thing(params); + this->other = chunk_clone(chunk_from_thing(params)); break; } default: + this->other = chunk_clone(value); break; } - return derive_secret(this, value); + return TRUE; } METHOD(key_exchange_t, get_public_key, bool, @@ -159,7 +166,8 @@ METHOD(key_exchange_t, get_public_key, bool, METHOD(key_exchange_t, get_shared_secret, bool, private_pkcs11_dh_t *this, chunk_t *secret) { - if (!this->secret.ptr) + if (!this->secret.ptr && + !derive_secret(this, this->other)) { return FALSE; } @@ -179,6 +187,7 @@ METHOD(key_exchange_t, destroy, void, this->lib->f->C_CloseSession(this->session); chunk_clear(&this->pub_key); chunk_clear(&this->secret); + chunk_clear(&this->other); free(this); }