<html><body><div style="font-family: arial, helvetica, sans-serif; font-size: 12pt; color: #000000"><div>Hello,<br></div><div><br data-mce-bogus="1"></div><div>In src/libcharon/sa/ikev2/keymat_v2.c (line 390) when rekeying, the shared secret is concatenated with the full nonce using a call to chunk_cat(). The secret chunk is moved using the mode "m" which does not clear the chunk afterward.<br data-mce-bogus="1"></div><div>I think it would be a good idea to change it to "s" since the shared secret chunk is usually cleared.<br data-mce-bogus="1"></div><div><br></div><div>Thank you.<br data-mce-bogus="1"></div><div><br data-mce-bogus="1"></div><div data-marker="__SIG_PRE__"><table width="500" border="0"><tbody><tr><td colspan="2" style="color:#404040;font-size:9pt;font-family:'arial' , sans-serif"><b>Jean-François HREN</b></td></tr><tr><td colspan="2" style="color:#404040;font-size:9pt;font-family:'arial' , sans-serif">Developper - Network Security R&D</td></tr><tr><td style="border-right:dotted #7f7f7f 1pt" width="160"><a href="http://www.stormshield.eu" target="_blank" rel="nofollow noopener noreferrer"><img src="https://mystormshield.eu/images/mailsignature.png" data-mce-src="https://mystormshield.eu/images/mailsignature.png"></a><br></td><td><table style="height:75px"><tbody><tr style="height:15px"><td style="color:rgb( 64 , 64 , 64 );font-size:9pt;font-family:'arial' , sans-serif;height:15px"><b>STORMSHIELD</b></td></tr><tr style="height:15px"><td style="color:rgb( 64 , 64 , 64 );font-size:9pt;font-family:'arial' , sans-serif;height:15px">2/6 Parc de l'Horizon</td></tr><tr style="height:15px"><td style="color:rgb( 64 , 64 , 64 );font-size:9pt;font-family:'arial' , sans-serif;height:15px">59650 Villeneuve d'Ascq - FRANCE</td></tr><tr style="height:15px"><td style="color:rgb( 64 , 64 , 64 );font-size:9pt;font-family:'arial' , sans-serif;height:15px">Mobile : +33 (0)6 23 08 80 81</td></tr><tr style="height:15px"><td style="color:rgb( 85 , 142 , 213 );font-size:9pt;font-family:'arial' , sans-serif;height:15px"><a href="https://twitter.com/Stormshield" style="text-decoration:none;color:#558ed5" rel="noopener nofollow noopener noreferrer" target="_blank">Twitter</a> . <a href="https://www.linkedin.com/company/22425?trk=cws-btn-overview-0-0" style="text-decoration:none;color:#558ed5" target="_blank" rel="nofollow noopener noreferrer">LinkedIn</a> . <a href="http://www.stormshield.eu" style="text-decoration:none;color:#558ed5" target="_blank" rel="nofollow noopener noreferrer">www.stormshield.eu</a><br></td></tr></tbody></table></td></tr></tbody></table><div><br></div><div id="mceResizeHandlen" class="mce-resizehandle" style="margin:0px;padding:0px"></div><div id="mceResizeHandlee" class="mce-resizehandle" style="margin:0px;padding:0px"></div><div id="mceResizeHandles" class="mce-resizehandle" style="margin:0px;padding:0px"></div><div id="mceResizeHandlew" class="mce-resizehandle" style="margin:0px;padding:0px"></div></div></div></body></html>