@@ -9966,6 +9966,17 @@ static int TLSX_KeyShare_ProcessPqcHybridClient(WOLFSSL* ssl,
99669966
99679967 ssl->arrays->preMasterSz = ssSzEcc + ssSzPqc;
99689968 }
9969+ else
9970+ #ifdef WOLFSSL_ASYNC_CRYPT
9971+ if (ret != WC_NO_ERR_TRACE(WC_PENDING_E))
9972+ #endif
9973+ {
9974+ /* Clear the pre master secret buffer to prevent leaking any
9975+ * intermediate keys in the error case. Do not use preMasterSz
9976+ * here as it may already been set to the ECC shared secret size,
9977+ * which would be too small due to the PQC offset case. */
9978+ ForceZero(ssl->arrays->preMasterSecret, ENCRYPT_LEN);
9979+ }
99699980
99709981 TLSX_KeyShare_FreeAll(ecc_kse, ssl->heap);
99719982 TLSX_KeyShare_FreeAll(pqc_kse, ssl->heap);
@@ -10702,6 +10713,17 @@ static int TLSX_KeyShare_HandlePqcHybridKeyServer(WOLFSSL* ssl,
1070210713 * the server side. */
1070310714 ssl->namedGroup = keyShareEntry->group;
1070410715 }
10716+ else
10717+ #ifdef WOLFSSL_ASYNC_CRYPT
10718+ if (ret != WC_NO_ERR_TRACE(WC_PENDING_E))
10719+ #endif
10720+ {
10721+ /* Clear the pre master secret buffer to prevent leaking any
10722+ * intermediate keys in the error case. Do not use preMasterSz
10723+ * here as it may already been set to the ECC shared secret size,
10724+ * which would be too small due to the PQC offset case. */
10725+ ForceZero(ssl->arrays->preMasterSecret, ENCRYPT_LEN);
10726+ }
1070510727
1070610728 TLSX_KeyShare_FreeAll(ecc_kse, ssl->heap);
1070710729 TLSX_KeyShare_FreeAll(pqc_kse, ssl->heap);
0 commit comments