Hi Jean-Francois,
In the PFKey plugin for handling SP and SA (src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c), no memwipe is done after an SA add, query or update on the request and/or out buffers as it is done in the Netlink plugin (src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c).Is there any technical reason it is not done ?
No, I don't think there is. I pushed a fix to the pfkey-memwipe branch. Regards, Tobias
