[strongSwan-dev] Shared secret sensitive move
Jean-Francois HREN
jean-francois.hren at stormshield.eu
Mon Sep 20 15:42:53 CEST 2021
Hello,
In src/libcharon/sa/ikev2/keymat_v2.c (line 390) when rekeying, the shared secret is concatenated with the full nonce using a call to chunk_cat(). The secret chunk is moved using the mode "m" which does not clear the chunk afterward.
I think it would be a good idea to change it to "s" since the shared secret chunk is usually cleared.
Thank you.
Jean-François HREN
Developper - Network Security R&D
[ http://www.stormshield.eu/ ]
STORMSHIELD
2/6 Parc de l'Horizon
59650 Villeneuve d'Ascq - FRANCE
Mobile : +33 (0)6 23 08 80 81
[ https://twitter.com/Stormshield | Twitter ] . [ https://www.linkedin.com/company/22425?trk=cws-btn-overview-0-0 | LinkedIn ] . [ http://www.stormshield.eu/ | www.stormshield.eu ]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20210920/b767f397/attachment.html>
More information about the Dev
mailing list