From 4caffee590df58337646648a14949349c364dc4c Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Tue, 5 Jul 2022 13:44:31 +0200 Subject: [PATCH] ForceZero the private key on import error --- wolfcrypt/src/ed25519.c | 6 +++++- wolfcrypt/src/ed448.c | 6 +++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/wolfcrypt/src/ed25519.c b/wolfcrypt/src/ed25519.c index add7fb19f..436997668 100644 --- a/wolfcrypt/src/ed25519.c +++ b/wolfcrypt/src/ed25519.c @@ -1054,6 +1054,7 @@ int wc_ed25519_import_private_only(const byte* priv, word32 privSz, } if (ret != 0) { key->privKeySet = 0; + ForceZero(key->k, ED25519_KEY_SIZE); } return ret; @@ -1105,8 +1106,11 @@ int wc_ed25519_import_private_key_ex(const byte* priv, word32 privSz, /* import public key */ ret = wc_ed25519_import_public_ex(pub, pubSz, key, trusted); - if (ret != 0) + if (ret != 0) { + key->privKeySet = 0; + ForceZero(key->k, ED25519_KEY_SIZE); return ret; + } /* make the private key (priv + pub) */ XMEMCPY(key->k + ED25519_KEY_SIZE, key->p, ED25519_PUB_KEY_SIZE); diff --git a/wolfcrypt/src/ed448.c b/wolfcrypt/src/ed448.c index d306d068f..0423b2b2b 100644 --- a/wolfcrypt/src/ed448.c +++ b/wolfcrypt/src/ed448.c @@ -1009,6 +1009,7 @@ int wc_ed448_import_private_only(const byte* priv, word32 privSz, if ((ret != 0) && (key != NULL)) { /* No private key set on error. */ key->privKeySet = 0; + ForceZero(key->k, ED448_KEY_SIZE); } return ret; @@ -1059,8 +1060,11 @@ int wc_ed448_import_private_key_ex(const byte* priv, word32 privSz, /* import public key */ ret = wc_ed448_import_public_ex(pub, pubSz, key, trusted); - if (ret != 0) + if (ret != 0) { + key->privKeySet = 0; + ForceZero(key->k, ED448_KEY_SIZE); return ret; + } /* make the private key (priv + pub) */ XMEMCPY(key->k + ED448_KEY_SIZE, key->p, ED448_PUB_KEY_SIZE);