prf-plus: Wipe seed and internal buffer
authorTobias Brunner <tobias@strongswan.org>
Tue, 25 Jul 2017 08:15:58 +0000 (10:15 +0200)
committerTobias Brunner <tobias@strongswan.org>
Mon, 7 Aug 2017 14:55:28 +0000 (16:55 +0200)
The buffer contains key material we handed out last and the seed can
contain the DH secret.

References #2388.

src/libstrongswan/crypto/prf_plus.c

index 6b7f8f8..a26010a 100644 (file)
@@ -115,8 +115,8 @@ METHOD(prf_plus_t, allocate_bytes, bool,
 METHOD(prf_plus_t, destroy, void,
        private_prf_plus_t *this)
 {
-       free(this->buffer.ptr);
-       free(this->seed.ptr);
+       chunk_clear(&this->buffer);
+       chunk_clear(&this->seed);
        free(this);
 }