projects / strongswan.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 32e5c49)
prf-plus: Wipe seed and internal buffer
authorTobias Brunner <tobias@strongswan.org>
Tue, 25 Jul 2017 08:15:58 +0000 (10:15 +0200)
committerTobias Brunner <tobias@strongswan.org>
Mon, 7 Aug 2017 14:55:28 +0000 (16:55 +0200)
The buffer contains key material we handed out last and the seed can
contain the DH secret.

References #2388.

src/libstrongswan/crypto/prf_plus.c patch | blob | history

diff --git a/src/libstrongswan/crypto/prf_plus.c b/src/libstrongswan/crypto/prf_plus.c
index 6b7f8f8..a26010a 100644 (file)
--- a/src/libstrongswan/crypto/prf_plus.c
+++ b/src/libstrongswan/crypto/prf_plus.c
@@ -115,8 +115,8 @@ METHOD(prf_plus_t, allocate_bytes, bool,
 METHOD(prf_plus_t, destroy, void,
        private_prf_plus_t *this)
 {
-       free(this->buffer.ptr);
-       free(this->seed.ptr);
+       chunk_clear(&this->buffer);
+       chunk_clear(&this->seed);
        free(this);
 }
 
strongSwan - IPsec VPN