keymat_v2: Properly wipe DH secret during IKE_SA rekeying

author Tobias Brunner <tobias@strongswan.org>

Mon, 20 Sep 2021 14:08:00 +0000 (16:08 +0200)

committer Tobias Brunner <tobias@strongswan.org>

Mon, 20 Sep 2021 14:10:03 +0000 (16:10 +0200)
author Tobias Brunner <tobias@strongswan.org>
Mon, 20 Sep 2021 14:08:00 +0000 (16:08 +0200)
committer Tobias Brunner <tobias@strongswan.org>
Mon, 20 Sep 2021 14:10:03 +0000 (16:10 +0200)
diff --git a/src/libcharon/sa/ikev2/keymat_v2.c b/src/libcharon/sa/ikev2/keymat_v2.c

index 00900a4269c6e86f79f6e3293814f15c74d7744f..7f8ea34e3337bb0f74db72928aa9c770b14c1a9d 100644 (file)
--- a/src/libcharon/sa/ikev2/keymat_v2.c
+++ b/src/libcharon/sa/ikev2/keymat_v2.c
@@ -387,7 +387,7 @@ METHOD(keymat_v2_t, derive_ike_keys, bool,
                         chunk_clear(&prf_plus_seed);
                         return FALSE;
                 }
-               secret = chunk_cat("mc", secret, full_nonce);
+               secret = chunk_cat("sc", secret, full_nonce);
                 if (rekey_prf->set_key(rekey_prf, rekey_skd) &&
                         rekey_prf->allocate_bytes(rekey_prf, secret, &skeyseed) &&
                         rekey_prf->set_key(rekey_prf, skeyseed))
author	Tobias Brunner <tobias@strongswan.org>
	Mon, 20 Sep 2021 14:08:00 +0000 (16:08 +0200)
committer	Tobias Brunner <tobias@strongswan.org>
	Mon, 20 Sep 2021 14:10:03 +0000 (16:10 +0200)