diff options
| -rw-r--r-- | src/charon-tkm/src/tkm/tkm_kernel_ipsec.c | 4 | ||||
| -rw-r--r-- | src/charon-tkm/src/tkm/tkm_keymat.c | 8 | ||||
| -rw-r--r-- | src/charon-tkm/src/tkm/tkm_listener.c | 2 | ||||
| -rw-r--r-- | src/charon-tkm/src/tkm/tkm_utils.c | 4 | ||||
| -rw-r--r-- | src/charon-tkm/src/tkm/tkm_utils.h | 4 | ||||
| -rw-r--r-- | src/charon-tkm/tests/utils_tests.c | 2 |
6 files changed, 14 insertions, 10 deletions
diff --git a/src/charon-tkm/src/tkm/tkm_kernel_ipsec.c b/src/charon-tkm/src/tkm/tkm_kernel_ipsec.c index 95b378fde..4e813a035 100644 --- a/src/charon-tkm/src/tkm/tkm_kernel_ipsec.c +++ b/src/charon-tkm/src/tkm/tkm_kernel_ipsec.c @@ -145,7 +145,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t, else if (nonce_loc_id != 0 && esa.dh_id == 0) { nonce_type nc_rem; - chunk_to_sequence(nonce_rem, &nc_rem); + chunk_to_sequence(nonce_rem, &nc_rem, sizeof(nonce_type)); if (ike_esa_create_no_pfs(esa_id, esa.isa_id, 1, 1, nonce_loc_id, nc_rem, initiator, ntohl(spi_loc), ntohl(spi_rem)) != TKM_OK) @@ -159,7 +159,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t, else { nonce_type nc_rem; - chunk_to_sequence(nonce_rem, &nc_rem); + chunk_to_sequence(nonce_rem, &nc_rem, sizeof(nonce_type)); if (ike_esa_create(esa_id, esa.isa_id, 1, 1, esa.dh_id, nonce_loc_id, nc_rem, initiator, ntohl(spi_loc), ntohl(spi_rem)) != TKM_OK) diff --git a/src/charon-tkm/src/tkm/tkm_keymat.c b/src/charon-tkm/src/tkm/tkm_keymat.c index c310d2200..9beb10430 100644 --- a/src/charon-tkm/src/tkm/tkm_keymat.c +++ b/src/charon-tkm/src/tkm/tkm_keymat.c @@ -219,13 +219,13 @@ METHOD(keymat_v2_t, derive_ike_keys, bool, if (this->initiator) { - chunk_to_sequence(&nonce_r, &nonce_rem); + chunk_to_sequence(&nonce_r, &nonce_rem, sizeof(nonce_type)); spi_loc = id->get_initiator_spi(id); spi_rem = id->get_responder_spi(id); } else { - chunk_to_sequence(&nonce_i, &nonce_rem); + chunk_to_sequence(&nonce_i, &nonce_rem, sizeof(nonce_type)); spi_loc = id->get_responder_spi(id); spi_rem = id->get_initiator_spi(id); } @@ -390,14 +390,14 @@ METHOD(keymat_v2_t, get_psk_sig, bool, signature_type signature; init_message_type msg; - chunk_to_sequence(&ike_sa_init, &msg); + chunk_to_sequence(&ike_sa_init, &msg, sizeof(init_message_type)); chunk_t idx_chunk, chunk = chunk_alloca(4); chunk.ptr[0] = id->get_type(id); memcpy(chunk.ptr + 1, reserved, 3); idx_chunk = chunk_cata("cc", chunk, id->get_encoding(id)); idx_type idx; - chunk_to_sequence(&idx_chunk, &idx); + chunk_to_sequence(&idx_chunk, &idx, sizeof(idx_type)); if (ike_isa_sign_psk(this->isa_ctx_id, msg, idx, verify == TRUE, &signature) != TKM_OK) diff --git a/src/charon-tkm/src/tkm/tkm_listener.c b/src/charon-tkm/src/tkm/tkm_listener.c index 557b276b8..8bf92f4e7 100644 --- a/src/charon-tkm/src/tkm/tkm_listener.c +++ b/src/charon-tkm/src/tkm/tkm_listener.c @@ -60,7 +60,7 @@ METHOD(listener_t, authorize, bool, } signature_type signature; - chunk_to_sequence(auth, &signature); + chunk_to_sequence(auth, &signature, sizeof(signature_type)); if (ike_isa_auth_psk(isa_id, signature) != TKM_OK) { DBG1(DBG_IKE, "TKM based authentication failed" diff --git a/src/charon-tkm/src/tkm/tkm_utils.c b/src/charon-tkm/src/tkm/tkm_utils.c index e60db5906..28fcdd1d1 100644 --- a/src/charon-tkm/src/tkm/tkm_utils.c +++ b/src/charon-tkm/src/tkm/tkm_utils.c @@ -30,8 +30,10 @@ void sequence_to_chunk(const byte_t * const first, const uint32_t len, memcpy(chunk->ptr, first, len); } -void chunk_to_sequence(const chunk_t * const chunk, void *sequence) +void chunk_to_sequence(const chunk_t * const chunk, void *sequence, + const uint32_t typelen) { + memset(sequence, 0, typelen); sequence_type *seq = sequence; seq->size = chunk->len; memcpy(seq->data, chunk->ptr, seq->size); diff --git a/src/charon-tkm/src/tkm/tkm_utils.h b/src/charon-tkm/src/tkm/tkm_utils.h index c78ffd549..37a2c7ce5 100644 --- a/src/charon-tkm/src/tkm/tkm_utils.h +++ b/src/charon-tkm/src/tkm/tkm_utils.h @@ -35,7 +35,9 @@ void sequence_to_chunk(const byte_t * const first, const uint32_t len, * * @param chunk pointer to chunk struct * @param sequence pointer to variable-length sequence + * @param typelen length of sequence type */ -void chunk_to_sequence(const chunk_t * const chunk, void *sequence); +void chunk_to_sequence(const chunk_t * const chunk, void *sequence, + const uint32_t typelen); #endif /** TKM_UTILS_H_ */ diff --git a/src/charon-tkm/tests/utils_tests.c b/src/charon-tkm/tests/utils_tests.c index acc93ecf9..b3ead7633 100644 --- a/src/charon-tkm/tests/utils_tests.c +++ b/src/charon-tkm/tests/utils_tests.c @@ -41,7 +41,7 @@ START_TEST(test_chunk_to_sequence) chunk_t chunk = chunk_from_thing("ABCDEFGH"); key_type key; - chunk_to_sequence(&chunk, &key); + chunk_to_sequence(&chunk, &key, sizeof(key_type)); fail_if(key.size != chunk.len, "Seq size mismatch"); uint32_t i; |