wolfSSL
diff --git a/‎src/internal.c‎
Lines changed: 9 additions & 0 deletions b/‎src/internal.c‎
Lines changed: 9 additions & 0 deletions
diff --git a/‎wolfcrypt/src/port/caam/wolfcaam_ecdsa.c‎
Lines changed: 22 additions & 1 deletion b/‎wolfcrypt/src/port/caam/wolfcaam_ecdsa.c‎
Lines changed: 22 additions & 1 deletion
diff --git a/‎wolfcrypt/src/port/caam/wolfcaam_fsl_nxp.c‎
Lines changed: 20 additions & 4 deletions b/‎wolfcrypt/src/port/caam/wolfcaam_fsl_nxp.c‎
Lines changed: 20 additions & 4 deletions
diff --git a/‎wolfcrypt/src/port/devcrypto/devcrypto_rsa.c‎
Lines changed: 15 additions & 14 deletions b/‎wolfcrypt/src/port/devcrypto/devcrypto_rsa.c‎
Lines changed: 15 additions & 14 deletions
diff --git a/‎wolfcrypt/src/port/kcapi/kcapi_dh.c‎
Lines changed: 4 additions & 1 deletion b/‎wolfcrypt/src/port/kcapi/kcapi_dh.c‎
Lines changed: 4 additions & 1 deletion
diff --git a/‎wolfcrypt/src/port/kcapi/kcapi_ecc.c‎
Lines changed: 3 additions & 0 deletions b/‎wolfcrypt/src/port/kcapi/kcapi_ecc.c‎
Lines changed: 3 additions & 0 deletions
@@ -1180,6 +1180,8 @@ static int ImportKeyState(WOLFSSL* ssl, const byte* exp, word32 len, byte ver,
         word16 i, wordCount, wordAdj = 0;
 
         /* do window */
+        if (idx + OPAQUE16_LEN > len)
+            return BUFFER_E;
         ato16(exp + idx, &wordCount);
         idx += OPAQUE16_LEN;
 
@@ -1188,6 +1190,8 @@ static int ImportKeyState(WOLFSSL* ssl, const byte* exp, word32 len, byte ver,
             wordCount = WOLFSSL_DTLS_WINDOW_WORDS;
         }
 
+        if (idx + (wordCount * OPAQUE32_LEN) + wordAdj > len)
+            return BUFFER_E;
         XMEMSET(keys->peerSeq[0].window, 0xFF, DTLS_SEQ_SZ);
         for (i = 0; i < wordCount; i++) {
             ato32(exp + idx, &keys->peerSeq[0].window[i]);
@@ -1196,6 +1200,9 @@ static int ImportKeyState(WOLFSSL* ssl, const byte* exp, word32 len, byte ver,
         idx += wordAdj;
 
         /* do prevWindow */
+        wordAdj = 0;
+        if (idx + OPAQUE16_LEN > len)
+            return BUFFER_E;
         ato16(exp + idx, &wordCount);
         idx += OPAQUE16_LEN;
 
@@ -1204,6 +1211,8 @@ static int ImportKeyState(WOLFSSL* ssl, const byte* exp, word32 len, byte ver,
             wordCount = WOLFSSL_DTLS_WINDOW_WORDS;
         }
 
+        if (idx + (wordCount * OPAQUE32_LEN) + wordAdj > len)
+            return BUFFER_E;
         XMEMSET(keys->peerSeq[0].prevWindow, 0xFF, DTLS_SEQ_SZ);
         for (i = 0; i < wordCount; i++) {
             ato32(exp + idx, &keys->peerSeq[0].prevWindow[i]);
 
@@ -87,6 +87,7 @@ static int wc_CAAM_DevEccSign(const byte* in, int inlen, byte* out,
     /* private key */
     if (mp_to_unsigned_bin_len(wc_ecc_key_get_priv(key), pk, keySz) != MP_OKAY)
     {
+        ForceZero(pk, sizeof(pk));
         return MP_TO_E;
     }
 
@@ -108,10 +109,12 @@ static int wc_CAAM_DevEccSign(const byte* in, int inlen, byte* out,
         mp_free(&mps);
         if (ret != 0) {
             WOLFSSL_MSG("Issue converting to signature\n");
+            ForceZero(pk, sizeof(pk));
             return -1;
         }
     }
 
+    ForceZero(pk, sizeof(pk));
     return ret;
 }
 
@@ -201,6 +204,7 @@ static int wc_CAAM_DevEcdh(ecc_key* private_key, ecc_key* public_key, byte* out,
     if (mp_to_unsigned_bin_len(wc_ecc_key_get_priv(private_key), pk, keySz) !=
             MP_OKAY) {
         WOLFSSL_MSG("error getting private key buffer");
+        ForceZero(pk, sizeof(pk));
         return MP_TO_E;
     }
 
@@ -209,6 +213,7 @@ static int wc_CAAM_DevEcdh(ecc_key* private_key, ecc_key* public_key, byte* out,
     if (ret == 0) {
         *outlen = keySz;
     }
+    ForceZero(pk, sizeof(pk));
     return ret;
 }
 
@@ -237,10 +242,12 @@ static int wc_CAAM_DevMakeEccKey(WC_RNG* rng, int keySize, ecc_key* key,
     ret = wc_DevCryptoEccKeyGen(curveId, blackKey, s, keySize, xy, keySize*2);
     if (wc_ecc_import_unsigned(key, xy, xy + keySize, s, curveId) != 0) {
         WOLFSSL_MSG("issue importing key");
+        ForceZero(s, sizeof(s));
         return -1;
     }
     key->blackKey = blackKey;
 
+    ForceZero(s, sizeof(s));
     (void)rng;
     return ret;
 }
@@ -340,13 +347,15 @@ int wc_CAAM_EccSign(const byte* in, int inlen, byte* out, word32* outlen,
         if (key->blackKey == CAAM_BLACK_KEY_CCM) {
             if (mp_to_unsigned_bin_len(wc_ecc_key_get_priv(key), pk,
                     keySz + WC_CAAM_MAC_SZ) != MP_OKAY) {
+                ForceZero(pk, sizeof(pk));
                 return MP_TO_E;
             }
             buf[idx].Length = keySz + WC_CAAM_MAC_SZ;
         }
         else {
             if (mp_to_unsigned_bin_len(wc_ecc_key_get_priv(key), pk, keySz) !=
                     MP_OKAY) {
+                ForceZero(pk, sizeof(pk));
                 return MP_TO_E;
             }
             buf[idx].Length = keySz;
@@ -376,8 +385,10 @@ int wc_CAAM_EccSign(const byte* in, int inlen, byte* out, word32* outlen,
     args[3] = keySz;
 
     ret = wc_caamAddAndWait(buf, idx, args, CAAM_ECDSA_SIGN);
-    if (ret != 0)
+    if (ret != 0) {
+        ForceZero(pk, sizeof(pk));
         return -1;
+    }
 
     /* convert signature from raw bytes to signature format */
     {
@@ -394,10 +405,12 @@ int wc_CAAM_EccSign(const byte* in, int inlen, byte* out, word32* outlen,
         mp_free(&mps);
         if (ret != 0) {
             WOLFSSL_MSG("Issue converting to signature");
+            ForceZero(pk, sizeof(pk));
             return -1;
         }
     }
 
+    ForceZero(pk, sizeof(pk));
     (void)devId;
     return MP_OKAY;
 }
@@ -610,13 +623,15 @@ int wc_CAAM_Ecdh(ecc_key* private_key, ecc_key* public_key, byte* out,
         if (private_key->blackKey == CAAM_BLACK_KEY_CCM) {
             if (mp_to_unsigned_bin_len(wc_ecc_key_get_priv(private_key), pk,
                 keySz + WC_CAAM_MAC_SZ) != MP_OKAY) {
+                ForceZero(pk, sizeof(pk));
                 return MP_TO_E;
             }
             buf[idx].Length = keySz + WC_CAAM_MAC_SZ;
         }
         else {
             if (mp_to_unsigned_bin_len(wc_ecc_key_get_priv(private_key), pk,
                     keySz) != MP_OKAY) {
+                ForceZero(pk, sizeof(pk));
                 return MP_TO_E;
             }
             buf[idx].Length = keySz;
@@ -646,6 +661,7 @@ int wc_CAAM_Ecdh(ecc_key* private_key, ecc_key* public_key, byte* out,
     args[2] = ecdsel;
     args[3] = keySz;
     ret = wc_caamAddAndWait(buf, idx, args, CAAM_ECDSA_ECDH);
+    ForceZero(pk, sizeof(pk));
     (void)devId;
     if (ret == 0) {
         *outlen = keySz;
@@ -737,20 +753,25 @@ int wc_CAAM_MakeEccKey(WC_RNG* rng, int keySize, ecc_key* key, int curveId,
         key->blackKey     = (pt[0] << 24) | (pt[1] << 16) | (pt[2] << 8) | pt[3];
         if (wc_ecc_import_unsigned(key, xy, xy + keySize, NULL, curveId) != 0) {
             WOLFSSL_MSG("issue importing public key");
+            ForceZero(s, sizeof(s));
             return -1;
         }
         key->partNum = args[2];
+        ForceZero(s, sizeof(s));
         return MP_OKAY;
     }
     else if (ret == 0) {
         if (wc_ecc_import_unsigned(key, xy, xy + keySize,
                    s, curveId) != 0) {
             WOLFSSL_MSG("issue importing key");
+            ForceZero(s, sizeof(s));
             return -1;
         }
         key->blackKey = args[0];
+        ForceZero(s, sizeof(s));
         return MP_OKAY;
     }
+    ForceZero(s, sizeof(s));
     return -1;
 }
 #endif /* WOLFSSL_KEY_GEN */
 
@@ -443,12 +443,14 @@ int wc_CAAM_EccSign(const byte* in, int inlen, byte* out, word32* outlen,
         if (key->blackKey == CAAM_BLACK_KEY_CCM) {
             if (mp_to_unsigned_bin_len(wc_ecc_key_get_priv(key), k,
                     kSz + WC_CAAM_MAC_SZ) != MP_OKAY) {
+                ForceZero(k, sizeof(k));
                 return MP_TO_E;
             }
         }
         else {
             if (mp_to_unsigned_bin_len(wc_ecc_key_get_priv(key), k, kSz) !=
                     MP_OKAY) {
+                ForceZero(k, sizeof(k));
                 return MP_TO_E;
             }
         }
@@ -457,6 +459,7 @@ int wc_CAAM_EccSign(const byte* in, int inlen, byte* out, word32* outlen,
     ecdsel = GetECDSEL(dp->id);
     if (ecdsel == 0) {
         WOLFSSL_MSG("unknown key type or size");
+        ForceZero(k, sizeof(k));
         return CRYPTOCB_UNAVAILABLE;
     }
 
@@ -469,6 +472,7 @@ int wc_CAAM_EccSign(const byte* in, int inlen, byte* out, word32* outlen,
             break;
         default:
             WOLFSSL_MSG("unknown/unsupported key type");
+            ForceZero(k, sizeof(k));
             return BAD_FUNC_ARG;
     }
 
@@ -508,10 +512,12 @@ int wc_CAAM_EccSign(const byte* in, int inlen, byte* out, word32* outlen,
         mp_free(&mps);
         if (ret != 0) {
             WOLFSSL_MSG("Issue converting to signature");
+            ForceZero(k, sizeof(k));
             return -1;
         }
     }
 
+    ForceZero(k, sizeof(k));
     return ret;
 }
 
@@ -697,22 +703,26 @@ int wc_CAAM_Ecdh(ecc_key* private_key, ecc_key* public_key, byte* out,
     if (private_key->blackKey == CAAM_BLACK_KEY_CCM) {
         if (mp_to_unsigned_bin_len(wc_ecc_key_get_priv(private_key), k,
                 keySz + WC_CAAM_MAC_SZ) != MP_OKAY) {
+            ForceZero(k, sizeof(k));
             return MP_TO_E;
         }
     }
     else {
         if (mp_to_unsigned_bin_len(wc_ecc_key_get_priv(private_key), k, keySz)
                 != MP_OKAY) {
+            ForceZero(k, sizeof(k));
             return MP_TO_E;
         }
     }
 
     if (*outlen < (word32)keySz) {
+        ForceZero(k, sizeof(k));
         return -1;
     }
 
     status = CAAM_ECC_ECDH(CAAM, &hndl, k, keySz, qxy, keySz*2, out, keySz,
         ecdsel, enc);
+    ForceZero(k, sizeof(k));
     if (status == kStatus_Success) {
         *outlen = keySz;
         return MP_OKAY;
@@ -762,17 +772,22 @@ int wc_CAAM_MakeEccKey(WC_RNG* rng, int keySize, ecc_key* key, int curveId,
         return CRYPTOCB_UNAVAILABLE;
     }
 
-    if (key->blackKey == CAAM_BLACK_KEY_ECB) {
+    switch (key->blackKey) {
+    case CAAM_BLACK_KEY_ECB:
         enc = CAAM_PKHA_ENC_PRI_AESECB;
-    }
-
-    if (key->blackKey == 0) {
+        break;
+    case 0:
     #ifdef WOLFSSL_CAAM_NO_BLACK_KEY
         enc = 0;
     #else
         key->blackKey = CAAM_BLACK_KEY_ECB;
         enc = CAAM_PKHA_ENC_PRI_AESECB;
     #endif
+        break;
+    default:
+        WOLFSSL_MSG("unknown/unsupported key type");
+        ForceZero(k, sizeof(k));
+        return BAD_FUNC_ARG;
     }
 
     status = CAAM_ECC_Keygen(CAAM, &hndl, k, &kSz, xy, &xySz, ecdsel,
@@ -787,6 +802,7 @@ int wc_CAAM_MakeEccKey(WC_RNG* rng, int keySize, ecc_key* key, int curveId,
         ret = -1;
     }
 
+    ForceZero(k, sizeof(k));
     return ret;
 }
 #endif /* WOLFSSL_KEY_GEN */
 
@@ -156,9 +156,10 @@ static int _PrivateOperation(const byte* in, word32 inlen, byte* out,
     byte* u    = NULL;
     byte* n    = NULL;
     word32 dSz, pSz, qSz, dpSz = 0, dqSz = 0, uSz = 0, nSz;
+    word32 dAllocSz;
 
     dev = &key->ctx;
-    dSz = nSz = wc_RsaEncryptSize(key);
+    dAllocSz = dSz = nSz = wc_RsaEncryptSize(key);
     pSz = qSz = nSz / 2;
     if (outlen < dSz) {
         WOLFSSL_MSG("Output buffer is too small");
@@ -196,7 +197,7 @@ static int _PrivateOperation(const byte* in, word32 inlen, byte* out,
     if (!key->blackKey) { /* @TODO unexpected results with black key CRT form */
         if (ret == 0 && dpSz > 0) {
             dSz = 0; nSz = 0;
-            dq = (byte*)XMALLOC(dpSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+            dq = (byte*)XMALLOC(dqSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
             dp = (byte*)XMALLOC(dpSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
             u  = (byte*)XMALLOC(uSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
             if (dq == NULL || dp == NULL || u == NULL) {
@@ -237,12 +238,12 @@ static int _PrivateOperation(const byte* in, word32 inlen, byte* out,
         }
     }
 
-    XFREE(d, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    XFREE(p, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    XFREE(q, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    XFREE(dp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    XFREE(dq, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    XFREE(u, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    if (d)  { ForceZero(d, dAllocSz); XFREE(d, NULL, DYNAMIC_TYPE_TMP_BUFFER);  }
+    if (p)  { ForceZero(p, pSz);    XFREE(p, NULL, DYNAMIC_TYPE_TMP_BUFFER);  }
+    if (q)  { ForceZero(q, qSz);    XFREE(q, NULL, DYNAMIC_TYPE_TMP_BUFFER);  }
+    if (dp) { ForceZero(dp, dpSz);  XFREE(dp, NULL, DYNAMIC_TYPE_TMP_BUFFER); }
+    if (dq) { ForceZero(dq, dqSz);  XFREE(dq, NULL, DYNAMIC_TYPE_TMP_BUFFER); }
+    if (u)  { ForceZero(u, uSz);    XFREE(u, NULL, DYNAMIC_TYPE_TMP_BUFFER);  }
     XFREE(n, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 
     wc_DevCryptoFree(dev);
@@ -540,13 +541,13 @@ int wc_DevCrypto_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng)
     #endif
     }
 
-    XFREE(p, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
-    XFREE(q, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
-    XFREE(dp, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
-    XFREE(dq, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
-    XFREE(c, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
+    if (p)  { ForceZero(p, pSz);   XFREE(p, key->heap, DYNAMIC_TYPE_TMP_BUFFER);  }
+    if (q)  { ForceZero(q, qSz);   XFREE(q, key->heap, DYNAMIC_TYPE_TMP_BUFFER);  }
+    if (dp) { ForceZero(dp, dpSz); XFREE(dp, key->heap, DYNAMIC_TYPE_TMP_BUFFER); }
+    if (dq) { ForceZero(dq, dqSz); XFREE(dq, key->heap, DYNAMIC_TYPE_TMP_BUFFER); }
+    if (c)  { ForceZero(c, cSz);   XFREE(c, key->heap, DYNAMIC_TYPE_TMP_BUFFER);  }
     XFREE(n, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
-    XFREE(d, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
+    if (d)  { ForceZero(d, dSz);   XFREE(d, key->heap, DYNAMIC_TYPE_TMP_BUFFER);  }
 
     (void)rng;
     return ret;
 
@@ -127,7 +127,10 @@ static int KcapiDh_SetPrivKey(DhKey* key)
         }
     }
 
-    XFREE(priv, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
+    if (priv != NULL) {
+        ForceZero(priv, len);
+        XFREE(priv, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
+    }
     return ret;
 }
 #endif
 
@@ -120,6 +120,7 @@ int KcapiEcc_LoadKey(ecc_key* key, byte* pubkey_raw, word32* pubkey_sz,
             if (ret == 0) {
                 ret = kcapi_kpp_setkey(key->handle, priv, keySz);
             }
+            ForceZero(priv, sizeof(priv));
         }
         else {
             /* generate new ephemeral key */
@@ -241,6 +242,7 @@ int KcapiEcc_SharedSecret(ecc_key* private_key, ecc_key* public_key, byte* out,
                 ret = 0;
             }
         }
+        ForceZero(priv, sizeof(priv));
     }
     if (ret == 0) {
     #ifdef KCAPI_USE_XMALLOC
@@ -317,6 +319,7 @@ static int KcapiEcc_SetPrivKey(ecc_key* key)
         }
     }
 
+    ForceZero(priv, sizeof(priv));
     return ret;
 }
Original file line number	Diff line number	Diff line change
`@@ -87,6 +87,7 @@ static int wc_CAAM_DevEccSign(const byte* in, int inlen, byte* out,`
`87`	`87`	`/* private key */`
`88`	`88`	`if (mp_to_unsigned_bin_len(wc_ecc_key_get_priv(key), pk, keySz) != MP_OKAY)`
`89`	`89`	`{`
	`90`	`+ ForceZero(pk, sizeof(pk));`
`90`	`91`	`return MP_TO_E;`
`91`	`92`	`}`
`92`	`93`
`@@ -108,10 +109,12 @@ static int wc_CAAM_DevEccSign(const byte* in, int inlen, byte* out,`
`108`	`109`	`mp_free(&mps);`
`109`	`110`	`if (ret != 0) {`
`110`	`111`	`WOLFSSL_MSG("Issue converting to signature\n");`
	`112`	`+ ForceZero(pk, sizeof(pk));`
`111`	`113`	`return -1;`
`112`	`114`	`}`
`113`	`115`	`}`
`114`	`116`
	`117`	`+ ForceZero(pk, sizeof(pk));`
`115`	`118`	`return ret;`
`116`	`119`	`}`
`117`	`120`
`@@ -201,6 +204,7 @@ static int wc_CAAM_DevEcdh(ecc_key* private_key, ecc_key* public_key, byte* out,`
`201`	`204`	`if (mp_to_unsigned_bin_len(wc_ecc_key_get_priv(private_key), pk, keySz) !=`
`202`	`205`	`MP_OKAY) {`
`203`	`206`	`WOLFSSL_MSG("error getting private key buffer");`
	`207`	`+ ForceZero(pk, sizeof(pk));`
`204`	`208`	`return MP_TO_E;`
`205`	`209`	`}`
`206`	`210`
`@@ -209,6 +213,7 @@ static int wc_CAAM_DevEcdh(ecc_key* private_key, ecc_key* public_key, byte* out,`
`209`	`213`	`if (ret == 0) {`
`210`	`214`	`*outlen = keySz;`
`211`	`215`	`}`
	`216`	`+ ForceZero(pk, sizeof(pk));`
`212`	`217`	`return ret;`
`213`	`218`	`}`
`214`	`219`
`@@ -237,10 +242,12 @@ static int wc_CAAM_DevMakeEccKey(WC_RNG* rng, int keySize, ecc_key* key,`
`237`	`242`	`ret = wc_DevCryptoEccKeyGen(curveId, blackKey, s, keySize, xy, keySize*2);`
`238`	`243`	`if (wc_ecc_import_unsigned(key, xy, xy + keySize, s, curveId) != 0) {`
`239`	`244`	`WOLFSSL_MSG("issue importing key");`
	`245`	`+ ForceZero(s, sizeof(s));`
`240`	`246`	`return -1;`
`241`	`247`	`}`
`242`	`248`	`key->blackKey = blackKey;`
`243`	`249`
	`250`	`+ ForceZero(s, sizeof(s));`
`244`	`251`	`(void)rng;`
`245`	`252`	`return ret;`
`246`	`253`	`}`
`@@ -340,13 +347,15 @@ int wc_CAAM_EccSign(const byte* in, int inlen, byte* out, word32* outlen,`
`340`	`347`	`if (key->blackKey == CAAM_BLACK_KEY_CCM) {`
`341`	`348`	`if (mp_to_unsigned_bin_len(wc_ecc_key_get_priv(key), pk,`
`342`	`349`	`keySz + WC_CAAM_MAC_SZ) != MP_OKAY) {`
	`350`	`+ ForceZero(pk, sizeof(pk));`
`343`	`351`	`return MP_TO_E;`
`344`	`352`	`}`
`345`	`353`	`buf[idx].Length = keySz + WC_CAAM_MAC_SZ;`
`346`	`354`	`}`
`347`	`355`	`else {`
`348`	`356`	`if (mp_to_unsigned_bin_len(wc_ecc_key_get_priv(key), pk, keySz) !=`
`349`	`357`	`MP_OKAY) {`
	`358`	`+ ForceZero(pk, sizeof(pk));`
`350`	`359`	`return MP_TO_E;`
`351`	`360`	`}`
`352`	`361`	`buf[idx].Length = keySz;`
`@@ -376,8 +385,10 @@ int wc_CAAM_EccSign(const byte* in, int inlen, byte* out, word32* outlen,`
`376`	`385`	`args[3] = keySz;`
`377`	`386`
`378`	`387`	`ret = wc_caamAddAndWait(buf, idx, args, CAAM_ECDSA_SIGN);`
`379`		`- if (ret != 0)`
	`388`	`+ if (ret != 0) {`
	`389`	`+ ForceZero(pk, sizeof(pk));`
`380`	`390`	`return -1;`
	`391`	`+ }`
`381`	`392`
`382`	`393`	`/* convert signature from raw bytes to signature format */`
`383`	`394`	`{`
`@@ -394,10 +405,12 @@ int wc_CAAM_EccSign(const byte* in, int inlen, byte* out, word32* outlen,`
`394`	`405`	`mp_free(&mps);`
`395`	`406`	`if (ret != 0) {`
`396`	`407`	`WOLFSSL_MSG("Issue converting to signature");`
	`408`	`+ ForceZero(pk, sizeof(pk));`
`397`	`409`	`return -1;`
`398`	`410`	`}`
`399`	`411`	`}`
`400`	`412`
	`413`	`+ ForceZero(pk, sizeof(pk));`
`401`	`414`	`(void)devId;`
`402`	`415`	`return MP_OKAY;`
`403`	`416`	`}`
`@@ -610,13 +623,15 @@ int wc_CAAM_Ecdh(ecc_key* private_key, ecc_key* public_key, byte* out,`
`610`	`623`	`if (private_key->blackKey == CAAM_BLACK_KEY_CCM) {`
`611`	`624`	`if (mp_to_unsigned_bin_len(wc_ecc_key_get_priv(private_key), pk,`
`612`	`625`	`keySz + WC_CAAM_MAC_SZ) != MP_OKAY) {`
	`626`	`+ ForceZero(pk, sizeof(pk));`
`613`	`627`	`return MP_TO_E;`
`614`	`628`	`}`
`615`	`629`	`buf[idx].Length = keySz + WC_CAAM_MAC_SZ;`
`616`	`630`	`}`
`617`	`631`	`else {`
`618`	`632`	`if (mp_to_unsigned_bin_len(wc_ecc_key_get_priv(private_key), pk,`
`619`	`633`	`keySz) != MP_OKAY) {`
	`634`	`+ ForceZero(pk, sizeof(pk));`
`620`	`635`	`return MP_TO_E;`
`621`	`636`	`}`
`622`	`637`	`buf[idx].Length = keySz;`
`@@ -646,6 +661,7 @@ int wc_CAAM_Ecdh(ecc_key* private_key, ecc_key* public_key, byte* out,`
`646`	`661`	`args[2] = ecdsel;`
`647`	`662`	`args[3] = keySz;`
`648`	`663`	`ret = wc_caamAddAndWait(buf, idx, args, CAAM_ECDSA_ECDH);`
	`664`	`+ ForceZero(pk, sizeof(pk));`
`649`	`665`	`(void)devId;`
`650`	`666`	`if (ret == 0) {`
`651`	`667`	`*outlen = keySz;`
`@@ -737,20 +753,25 @@ int wc_CAAM_MakeEccKey(WC_RNG* rng, int keySize, ecc_key* key, int curveId,`
`737`	`753`	`key->blackKey = (pt[0] << 24) \| (pt[1] << 16) \| (pt[2] << 8) \| pt[3];`
`738`	`754`	`if (wc_ecc_import_unsigned(key, xy, xy + keySize, NULL, curveId) != 0) {`
`739`	`755`	`WOLFSSL_MSG("issue importing public key");`
	`756`	`+ ForceZero(s, sizeof(s));`
`740`	`757`	`return -1;`
`741`	`758`	`}`
`742`	`759`	`key->partNum = args[2];`
	`760`	`+ ForceZero(s, sizeof(s));`
`743`	`761`	`return MP_OKAY;`
`744`	`762`	`}`
`745`	`763`	`else if (ret == 0) {`
`746`	`764`	`if (wc_ecc_import_unsigned(key, xy, xy + keySize,`
`747`	`765`	`s, curveId) != 0) {`
`748`	`766`	`WOLFSSL_MSG("issue importing key");`
	`767`	`+ ForceZero(s, sizeof(s));`
`749`	`768`	`return -1;`
`750`	`769`	`}`
`751`	`770`	`key->blackKey = args[0];`
	`771`	`+ ForceZero(s, sizeof(s));`
`752`	`772`	`return MP_OKAY;`
`753`	`773`	`}`
	`774`	`+ ForceZero(s, sizeof(s));`
`754`	`775`	`return -1;`
`755`	`776`	`}`
`756`	`777`	`#endif /* WOLFSSL_KEY_GEN */`
Original file line number	Diff line number	Diff line change
`@@ -443,12 +443,14 @@ int wc_CAAM_EccSign(const byte* in, int inlen, byte* out, word32* outlen,`
`443`	`443`	`if (key->blackKey == CAAM_BLACK_KEY_CCM) {`
`444`	`444`	`if (mp_to_unsigned_bin_len(wc_ecc_key_get_priv(key), k,`
`445`	`445`	`kSz + WC_CAAM_MAC_SZ) != MP_OKAY) {`
	`446`	`+ ForceZero(k, sizeof(k));`
`446`	`447`	`return MP_TO_E;`
`447`	`448`	`}`
`448`	`449`	`}`
`449`	`450`	`else {`
`450`	`451`	`if (mp_to_unsigned_bin_len(wc_ecc_key_get_priv(key), k, kSz) !=`
`451`	`452`	`MP_OKAY) {`
	`453`	`+ ForceZero(k, sizeof(k));`
`452`	`454`	`return MP_TO_E;`
`453`	`455`	`}`
`454`	`456`	`}`
`@@ -457,6 +459,7 @@ int wc_CAAM_EccSign(const byte* in, int inlen, byte* out, word32* outlen,`
`457`	`459`	`ecdsel = GetECDSEL(dp->id);`
`458`	`460`	`if (ecdsel == 0) {`
`459`	`461`	`WOLFSSL_MSG("unknown key type or size");`
	`462`	`+ ForceZero(k, sizeof(k));`
`460`	`463`	`return CRYPTOCB_UNAVAILABLE;`
`461`	`464`	`}`
`462`	`465`
`@@ -469,6 +472,7 @@ int wc_CAAM_EccSign(const byte* in, int inlen, byte* out, word32* outlen,`
`469`	`472`	`break;`
`470`	`473`	`default:`
`471`	`474`	`WOLFSSL_MSG("unknown/unsupported key type");`
	`475`	`+ ForceZero(k, sizeof(k));`
`472`	`476`	`return BAD_FUNC_ARG;`
`473`	`477`	`}`
`474`	`478`
`@@ -508,10 +512,12 @@ int wc_CAAM_EccSign(const byte* in, int inlen, byte* out, word32* outlen,`
`508`	`512`	`mp_free(&mps);`
`509`	`513`	`if (ret != 0) {`
`510`	`514`	`WOLFSSL_MSG("Issue converting to signature");`
	`515`	`+ ForceZero(k, sizeof(k));`
`511`	`516`	`return -1;`
`512`	`517`	`}`
`513`	`518`	`}`
`514`	`519`
	`520`	`+ ForceZero(k, sizeof(k));`
`515`	`521`	`return ret;`
`516`	`522`	`}`
`517`	`523`
`@@ -697,22 +703,26 @@ int wc_CAAM_Ecdh(ecc_key* private_key, ecc_key* public_key, byte* out,`
`697`	`703`	`if (private_key->blackKey == CAAM_BLACK_KEY_CCM) {`
`698`	`704`	`if (mp_to_unsigned_bin_len(wc_ecc_key_get_priv(private_key), k,`
`699`	`705`	`keySz + WC_CAAM_MAC_SZ) != MP_OKAY) {`
	`706`	`+ ForceZero(k, sizeof(k));`
`700`	`707`	`return MP_TO_E;`
`701`	`708`	`}`
`702`	`709`	`}`
`703`	`710`	`else {`
`704`	`711`	`if (mp_to_unsigned_bin_len(wc_ecc_key_get_priv(private_key), k, keySz)`
`705`	`712`	`!= MP_OKAY) {`
	`713`	`+ ForceZero(k, sizeof(k));`
`706`	`714`	`return MP_TO_E;`
`707`	`715`	`}`
`708`	`716`	`}`
`709`	`717`
`710`	`718`	`if (*outlen < (word32)keySz) {`
	`719`	`+ ForceZero(k, sizeof(k));`
`711`	`720`	`return -1;`
`712`	`721`	`}`
`713`	`722`
`714`	`723`	`status = CAAM_ECC_ECDH(CAAM, &hndl, k, keySz, qxy, keySz*2, out, keySz,`
`715`	`724`	`ecdsel, enc);`
	`725`	`+ ForceZero(k, sizeof(k));`
`716`	`726`	`if (status == kStatus_Success) {`
`717`	`727`	`*outlen = keySz;`
`718`	`728`	`return MP_OKAY;`
`@@ -762,17 +772,22 @@ int wc_CAAM_MakeEccKey(WC_RNG* rng, int keySize, ecc_key* key, int curveId,`
`762`	`772`	`return CRYPTOCB_UNAVAILABLE;`
`763`	`773`	`}`
`764`	`774`
`765`		`- if (key->blackKey == CAAM_BLACK_KEY_ECB) {`
	`775`	`+ switch (key->blackKey) {`
	`776`	`+ case CAAM_BLACK_KEY_ECB:`
`766`	`777`	`enc = CAAM_PKHA_ENC_PRI_AESECB;`
`767`		`- }`
`768`		`-`
`769`		`- if (key->blackKey == 0) {`
	`778`	`+ break;`
	`779`	`+ case 0:`
`770`	`780`	`#ifdef WOLFSSL_CAAM_NO_BLACK_KEY`
`771`	`781`	`enc = 0;`
`772`	`782`	`#else`
`773`	`783`	`key->blackKey = CAAM_BLACK_KEY_ECB;`
`774`	`784`	`enc = CAAM_PKHA_ENC_PRI_AESECB;`
`775`	`785`	`#endif`
	`786`	`+ break;`
	`787`	`+ default:`
	`788`	`+ WOLFSSL_MSG("unknown/unsupported key type");`
	`789`	`+ ForceZero(k, sizeof(k));`
	`790`	`+ return BAD_FUNC_ARG;`
`776`	`791`	`}`
`777`	`792`
`778`	`793`	`status = CAAM_ECC_Keygen(CAAM, &hndl, k, &kSz, xy, &xySz, ecdsel,`
`@@ -787,6 +802,7 @@ int wc_CAAM_MakeEccKey(WC_RNG* rng, int keySize, ecc_key* key, int curveId,`
`787`	`802`	`ret = -1;`
`788`	`803`	`}`
`789`	`804`
	`805`	`+ ForceZero(k, sizeof(k));`
`790`	`806`	`return ret;`
`791`	`807`	`}`
`792`	`808`	`#endif /* WOLFSSL_KEY_GEN */`
Original file line number	Diff line number	Diff line change
`@@ -127,7 +127,10 @@ static int KcapiDh_SetPrivKey(DhKey* key)`
`127`	`127`	`}`
`128`	`128`	`}`
`129`	`129`
`130`		`- XFREE(priv, key->heap, DYNAMIC_TYPE_TMP_BUFFER);`
	`130`	`+ if (priv != NULL) {`
	`131`	`+ ForceZero(priv, len);`
	`132`	`+ XFREE(priv, key->heap, DYNAMIC_TYPE_TMP_BUFFER);`
	`133`	`+ }`
`131`	`134`	`return ret;`
`132`	`135`	`}`
`133`	`136`	`#endif`
Original file line number	Diff line number	Diff line change
`@@ -120,6 +120,7 @@ int KcapiEcc_LoadKey(ecc_key* key, byte* pubkey_raw, word32* pubkey_sz,`
`120`	`120`	`if (ret == 0) {`
`121`	`121`	`ret = kcapi_kpp_setkey(key->handle, priv, keySz);`
`122`	`122`	`}`
	`123`	`+ ForceZero(priv, sizeof(priv));`
`123`	`124`	`}`
`124`	`125`	`else {`
`125`	`126`	`/* generate new ephemeral key */`
`@@ -241,6 +242,7 @@ int KcapiEcc_SharedSecret(ecc_key* private_key, ecc_key* public_key, byte* out,`
`241`	`242`	`ret = 0;`
`242`	`243`	`}`
`243`	`244`	`}`
	`245`	`+ ForceZero(priv, sizeof(priv));`
`244`	`246`	`}`
`245`	`247`	`if (ret == 0) {`
`246`	`248`	`#ifdef KCAPI_USE_XMALLOC`
`@@ -317,6 +319,7 @@ static int KcapiEcc_SetPrivKey(ecc_key* key)`
`317`	`319`	`}`
`318`	`320`	`}`
`319`	`321`
	`322`	`+ ForceZero(priv, sizeof(priv));`
`320`	`323`	`return ret;`
`321`	`324`	`}`
`322`	`325`