search

mpeylo / cmpossl

An OpenSSL-based implementation of the Certificate Management Protocol (CMP), defined in IETF RFCs 4210, 4211, and 6712. It is being extended according to the emerging RFCs 'CMP Updates' (CMPv3), 'CMP Algorithms', and 'Lightweight CMP Profile'.
https://github.com/mpeylo/cmpossl/wiki
Other
35 stars 13 forks source link

Clearing the reference of confidential data (secretValue) copied to local variable #196

Closed hareesh-d closed 4 years ago

hareesh-d commented 5 years ago

Clearing the reference of confidential data (secretValue) copied to local variable

DDvO commented 4 years ago

Thanks for this PR. Good point, yet as far as I recall the issue has disappeared in our internal master branch. I can check in about a week after return from my vacation.

DDvO commented 4 years ago

I've checked: meanwhile our internal development master branch cmp-dev does not use any more an intermediate copy of the (potentially confidential) string data such that the problem addressed in this PR disappears after back-porting the new version to our release branch cmp, which I have just done. So we can close this PR.

BTW, the function OSSL_CMP_CTX_set1_secretValue() also cleanses any previous string value.

hareesh-d commented 4 years ago

I've checked: meanwhile our internal development master branch cmp-dev does not use any more an intermediate copy of the (potentially confidential) string data such that the problem addressed in this PR disappears after back-porting the new version to our release branch cmp, which I have just done. So we can close this PR.

BTW, the function OSSL_CMP_CTX_set1_secretValue() also cleanses any previous string value.

Ok.