From: Tobias Brunner <tobias@strongswan.org>
Date: Wed, 6 Nov 2013 09:30:27 +0000 (+0100)
Subject: ikev2: Wipe (optional) shared secret during CHILD_SA key derivation
X-Git-Tag: 5.1.2rc1~57
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=72ffb20318cb76411443e450144065685058af30;p=thirdparty%2Fstrongswan.git

ikev2: Wipe (optional) shared secret during CHILD_SA key derivation
---

diff --git a/src/libcharon/sa/ikev2/keymat_v2.c b/src/libcharon/sa/ikev2/keymat_v2.c
index 85f891f7f5..8c7ba8d55d 100644
--- a/src/libcharon/sa/ikev2/keymat_v2.c
+++ b/src/libcharon/sa/ikev2/keymat_v2.c
@@ -453,17 +453,6 @@ METHOD(keymat_v2_t, derive_child_keys, bool,
 	chunk_t seed, secret = chunk_empty;
 	prf_plus_t *prf_plus;
 
-	if (dh)
-	{
-		if (dh->get_shared_secret(dh, &secret) != SUCCESS)
-		{
-			return FALSE;
-		}
-		DBG4(DBG_CHD, "DH secret %B", &secret);
-	}
-	seed = chunk_cata("mcc", secret, nonce_i, nonce_r);
-	DBG4(DBG_CHD, "seed %B", &seed);
-
 	if (proposal->get_algorithm(proposal, ENCRYPTION_ALGORITHM,
 								&enc_alg, &enc_size))
 	{
@@ -530,7 +519,21 @@ METHOD(keymat_v2_t, derive_child_keys, bool,
 	{
 		return FALSE;
 	}
+
+	if (dh)
+	{
+		if (dh->get_shared_secret(dh, &secret) != SUCCESS)
+		{
+			return FALSE;
+		}
+		DBG4(DBG_CHD, "DH secret %B", &secret);
+	}
+	seed = chunk_cata("scc", secret, nonce_i, nonce_r);
+	DBG4(DBG_CHD, "seed %B", &seed);
+
 	prf_plus = prf_plus_create(this->prf, TRUE, seed);
+	memwipe(seed.ptr, seed.len);
+
 	if (!prf_plus)
 	{
 		return FALSE;