Wipe memory after using key material (incomplete, to be continued)

author: Martin Willi <martin@revosec.ch> 2011-05-09 14:33:22 +0200
committer: Martin Willi <martin@revosec.ch> 2011-05-09 14:36:15 +0200
commit: f7812f6492b31413735c009fd2a76c7587346074 (patch)
tree: 917ace75f7a744ae592e9f5dfaf0cefb94add0d1 /src/libstrongswan/plugins/xcbc
parent: 7dc48bab1bfc92dcf614ef2c12e0dd5e333844ec (diff)
download: strongswan-f7812f6492b31413735c009fd2a76c7587346074.tar.bz2
strongswan-f7812f6492b31413735c009fd2a76c7587346074.tar.xz
1 files changed, 4 insertions, 0 deletions
diff --git a/src/libstrongswan/plugins/xcbc/xcbc.c b/src/libstrongswan/plugins/xcbc/xcbc.c
index be18d92b8..8ddde962c 100644
--- a/src/libstrongswan/plugins/xcbc/xcbc.c
+++ b/src/libstrongswan/plugins/xcbc/xcbc.c
@@ -236,13 +236,17 @@ METHOD(xcbc_t, set_key, void,
 	memset(k1.ptr, 0x01, this->b);
 	this->k1->encrypt(this->k1, k1, iv, NULL);
 	this->k1->set_key(this->k1, k1);
+
+	memwipe(k1.ptr, k1.len);
 }
 
 METHOD(xcbc_t, destroy, void,
 	private_xcbc_t *this)
 {
 	this->k1->destroy(this->k1);
+	memwipe(this->k2, this->b);
 	free(this->k2);
+	memwipe(this->k3, this->b);
 	free(this->k3);
 	free(this->e);
 	free(this->remaining);
author	Martin Willi <martin@revosec.ch>	2011-05-09 14:33:22 +0200
committer	Martin Willi <martin@revosec.ch>	2011-05-09 14:36:15 +0200
commit	f7812f6492b31413735c009fd2a76c7587346074 (patch)
tree	917ace75f7a744ae592e9f5dfaf0cefb94add0d1 /src/libstrongswan/plugins/xcbc
parent	7dc48bab1bfc92dcf614ef2c12e0dd5e333844ec (diff)
download	strongswan-f7812f6492b31413735c009fd2a76c7587346074.tar.bz2 strongswan-f7812f6492b31413735c009fd2a76c7587346074.tar.xz