keymat_v2: Proper cleanup if derive_ike_keys() is called multiple times

diff --git a/src/libcharon/sa/ikev2/keymat_v2.c b/src/libcharon/sa/ikev2/keymat_v2.c
index 318838e3fd6f0822d565c721fcb6d1c7f3f8b568..0006cc0bf47dea0748b017a8538f076b7ed907ea 100644 (file)
--- a/src/libcharon/sa/ikev2/keymat_v2.c
+++ b/src/libcharon/sa/ikev2/keymat_v2.c
@@ -420,6 +420,7 @@ METHOD(keymat_v2_t, derive_ike_keys, bool,
 
        /* SK_d is used for generating CHILD_SA key mat => store for later use */
        key_size = this->prf->get_key_size(this->prf);
+       chunk_clear(&this->skd);
        if (!prf_plus->allocate_bytes(prf_plus, key_size, &this->skd))
        {
                goto failure;
@@ -433,6 +434,9 @@ METHOD(keymat_v2_t, derive_ike_keys, bool,
                goto failure;
        }
 
+       DESTROY_IF(this->aead_in);
+       DESTROY_IF(this->aead_out);
+
        if (encryption_algorithm_is_aead(alg))
        {
                if (!derive_ike_aead(this, alg, key_size, prf_plus))
@@ -455,6 +459,9 @@ METHOD(keymat_v2_t, derive_ike_keys, bool,
                }
        }
 
+       chunk_clear(&this->skp_build);
+       chunk_clear(&this->skp_verify);
+
        /* SK_pi/SK_pr used for authentication => stored for later */
        key_size = this->prf->get_key_size(this->prf);
        if (!prf_plus->allocate_bytes(prf_plus, key_size, &key))