[strongSwan-dev] PFKey plugin and memwipe

Jean-Francois HREN jean-francois.hren at stormshield.eu
Fri Sep 24 10:23:30 CEST 2021

Thank you for your help. 

I tested the branch and it works fine. 
I have a small remark though. You pass "&request" to memwipe calls. It works but maybe "request" or "&request[0]" would be more legible. 

Thank you. 

De: "Tobias Brunner" <tobias at strongswan.org> 
À: "jean-francois hren" <jean-francois.hren at stormshield.eu>, "dev" <dev at lists.strongswan.org> 
Envoyé: Jeudi 23 Septembre 2021 15:33:43 
Objet: Re: [strongSwan-dev] PFKey plugin and memwipe 

Hi Jean-Francois, 

> In the PFKey plugin for handling SP and SA 
> (src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c), no memwipe is 
> done after an SA add, query or update on the request and/or out buffers 
> as it is done in the Netlink plugin 
> (src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c). 
> Is there any technical reason it is not done ? 

No, I don't think there is. I pushed a fix to the pfkey-memwipe branch. 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20210924/24ffec8f/attachment.html>

More information about the Dev mailing list