[strongSwan-dev] PFKey plugin and memwipe

Jean-Francois HREN jean-francois.hren at stormshield.eu
Wed Sep 22 10:39:12 CEST 2021


Hello, 

In the PFKey plugin for handling SP and SA (src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c), no memwipe is done after an SA add, query or update on the request and/or out buffers as it is done in the Netlink plugin (src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c). 
Is there any technical reason it is not done ? 

Thank you. 

Jean-Fran├žois HREN 
Developper - Network Security R&D 
[ http://www.stormshield.eu/ ] 
	STORMSHIELD 
2/6 Parc de l'Horizon 
59650 Villeneuve d'Ascq - FRANCE 
Mobile : +33 (0)6 23 08 80 81 
[ https://twitter.com/Stormshield | Twitter ] . [ https://www.linkedin.com/company/22425?trk=cws-btn-overview-0-0 | LinkedIn ] . [ http://www.stormshield.eu/ | www.stormshield.eu ] 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20210922/910fced6/attachment.html>


More information about the Dev mailing list