Sample code uses aws_byte_buf_clean_up where it should've used aws_byte_buf_clean_up_secure

aws / aws-nitro-enclaves-sdk-c

This repo provides a C API for AWS Nitro Enclaves, including a KMS SDK that integrates it with attestation.

Apache License 2.0

99 stars 74 forks source link

Closed voronaam closed 2 years ago

voronaam commented 2 years ago

The sample code in the bin folder uses the non-zeroing variant to cleanup sensitive data buffers. As in

    aws_byte_buf_clean_up(&access_key_id_buf);
    aws_byte_buf_clean_up(&secret_access_key_buf);

and

aws_byte_buf_clean_up(&ciphertext_decrypted_b64);

Should use aws_byte_buf_clean_up_secure for all of those.

petreeftime commented 2 years ago

Fixed in #79