[strongSwan-dev] Shared secret sensitive move

[Tobias Brunner]

Hi Jean-Francois,

> In src/libcharon/sa/ikev2/keymat_v2.c (line 390) when rekeying, the 
> shared secret is concatenated with the full nonce using a call to 
> chunk_cat(). The secret chunk is moved using the mode "m" which does not 
> clear the chunk afterward.
> I think it would be a good idea to change it to "s" since the shared 
> secret chunk is usually cleared.

Good catch!  Fixed in master.

Thanks,
Tobias