dice: scrub non-IAK UDS buffer

F/2592

Author: danielinux

src/dice/dice.c

@@ -679,10 +679,13 @@ static int wolfboot_attest_get_private_key(ecc_key *key,
         return ret;
     }
 #else
-    if (hal_uds_derive_key(uds, uds_len) != 0) {
-        return -1;
+    int ret = -1;
+
+    if (hal_uds_derive_key(uds, uds_len) == 0) {
+        ret = wolfboot_dice_derive_attestation_key(key, uds, uds_len, claims);
     }
-    return wolfboot_dice_derive_attestation_key(key, uds, uds_len, claims);
+    wc_ForceZero(uds, sizeof(uds));
+    return ret;
 #endif
 }