[strongSwan-dev] PFKey plugin and memwipe

Tobias Brunner tobias at strongswan.org
Thu Sep 23 15:33:43 CEST 2021


Hi Jean-Francois,

> In the PFKey plugin for handling SP and SA 
> (src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c), no memwipe is 
> done after an SA add, query or update on the request and/or out buffers 
> as it is done in the Netlink plugin 
> (src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c).
> Is there any technical reason it is not done ?

No, I don't think there is.  I pushed a fix to the pfkey-memwipe branch.

Regards,
Tobias


More information about the Dev mailing list