Closed hareesh-d closed 4 years ago
Thanks for this PR. Good point, yet as far as I recall the issue has disappeared in our internal master branch. I can check in about a week after return from my vacation.
I've checked: meanwhile our internal development master branch cmp-dev
does not use any more an intermediate copy of the (potentially confidential) string data such that the problem addressed in this PR disappears after back-porting the new version to our release branch cmp
, which I have just done. So we can close this PR.
BTW, the function OSSL_CMP_CTX_set1_secretValue()
also cleanses any previous string value.
I've checked: meanwhile our internal development master branch
cmp-dev
does not use any more an intermediate copy of the (potentially confidential) string data such that the problem addressed in this PR disappears after back-porting the new version to our release branchcmp
, which I have just done. So we can close this PR.BTW, the function
OSSL_CMP_CTX_set1_secretValue()
also cleanses any previous string value.
Ok.
Clearing the reference of confidential data (secretValue) copied to local variable