From a5662e8f6ee6c617b573b7801bbf30534d9f3b41 Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Mon, 20 Sep 2021 16:08:00 +0200 Subject: [PATCH] keymat_v2: Properly wipe DH secret during IKE_SA rekeying While `secret` is wiped explicitly, it wasn't when concatenating with the nonces. --- src/libcharon/sa/ikev2/keymat_v2.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/libcharon/sa/ikev2/keymat_v2.c b/src/libcharon/sa/ikev2/keymat_v2.c index 00900a4269..7f8ea34e33 100644 --- a/src/libcharon/sa/ikev2/keymat_v2.c +++ b/src/libcharon/sa/ikev2/keymat_v2.c @@ -387,7 +387,7 @@ METHOD(keymat_v2_t, derive_ike_keys, bool, chunk_clear(&prf_plus_seed); return FALSE; } - secret = chunk_cat("mc", secret, full_nonce); + secret = chunk_cat("sc", secret, full_nonce); if (rekey_prf->set_key(rekey_prf, rekey_skd) && rekey_prf->allocate_bytes(rekey_prf, secret, &skeyseed) && rekey_prf->set_key(rekey_prf, skeyseed)) -- 2.47.2