From: Reto Buerki Date: Thu, 23 Apr 2015 06:46:18 +0000 (+0200) Subject: child-create: Make nonceg a member of child_create struct X-Git-Tag: 5.3.1rc1~35^2~2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=72376234cbc449b062c68a24837aeefacad44ade;p=thirdparty%2Fstrongswan.git child-create: Make nonceg a member of child_create struct This allows to control the life-cycle of a nonce in the context of the child create task. In the TKM use-case, it is required to reset the nonce context if the created nonce is not consumed. This happens if the child SA negotiation fails and it is detected before the SA is established via the TKM kernel plugin (i.e. rekey collision). --- diff --git a/src/libcharon/sa/ikev2/tasks/child_create.c b/src/libcharon/sa/ikev2/tasks/child_create.c index 6e00ebadaa..868f271648 100644 --- a/src/libcharon/sa/ikev2/tasks/child_create.c +++ b/src/libcharon/sa/ikev2/tasks/child_create.c @@ -64,6 +64,11 @@ struct private_child_create_t { */ chunk_t other_nonce; + /** + * nonce generator + */ + nonce_gen_t *nonceg; + /** * config to create the CHILD_SA from */ @@ -216,22 +221,12 @@ static status_t get_nonce(message_t *message, chunk_t *nonce) */ static status_t generate_nonce(private_child_create_t *this) { - nonce_gen_t *nonceg; - - nonceg = this->keymat->keymat.create_nonce_gen(&this->keymat->keymat); - if (!nonceg) - { - DBG1(DBG_IKE, "no nonce generator found to create nonce"); - return FAILED; - } - if (!nonceg->allocate_nonce(nonceg, NONCE_SIZE, &this->my_nonce)) + if (!this->nonceg->allocate_nonce(this->nonceg, NONCE_SIZE, + &this->my_nonce)) { DBG1(DBG_IKE, "nonce allocation failed"); - nonceg->destroy(nonceg); return FAILED; } - nonceg->destroy(nonceg); - return SUCCESS; } @@ -1631,6 +1626,7 @@ METHOD(task_t, destroy, void, } DESTROY_IF(this->config); + DESTROY_IF(this->nonceg); free(this); } @@ -1670,6 +1666,14 @@ child_create_t *child_create_create(ike_sa_t *ike_sa, .retry = FALSE, ); + this->nonceg = this->keymat->keymat.create_nonce_gen(&this->keymat->keymat); + if (!this->nonceg) + { + DBG1(DBG_IKE, "no nonce generator found to create nonce"); + free(this); + return NULL; + } + if (config) { this->public.task.build = _build_i;