Skip to content

Commit da2c3dd

Browse files
danielinuxdanielinux
committed
dice: zero ECC signing key context on cleanup
F/2593
1 parent 8dbc7d6 commit da2c3dd

1 file changed

Lines changed: 30 additions & 16 deletions

File tree

src/dice/dice.c

Lines changed: 30 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -809,7 +809,10 @@ static int wolfboot_dice_sign_tbs(const uint8_t *tbs,
809809
{
810810
ecc_key key;
811811
WC_RNG rng;
812-
int ret;
812+
int ret = WOLFBOOT_DICE_ERR_CRYPTO;
813+
int wc_ret;
814+
int key_inited = 0;
815+
int rng_inited = 0;
813816
uint8_t hash[SHA256_DIGEST_SIZE];
814817
uint8_t der_sig[128];
815818
word32 der_sig_len = sizeof(der_sig);
@@ -823,16 +826,18 @@ static int wolfboot_dice_sign_tbs(const uint8_t *tbs,
823826
}
824827

825828
wc_ecc_init(&key);
829+
key_inited = 1;
826830
if (wolfboot_attest_get_private_key(&key, claims) != 0) {
827-
wc_ecc_free(&key);
828-
return WOLFBOOT_DICE_ERR_HW;
831+
ret = WOLFBOOT_DICE_ERR_HW;
832+
goto cleanup;
829833
}
830834

831835
(void)wc_ecc_set_deterministic(&key, 1);
832836
if (wc_InitRng(&rng) != 0) {
833-
wc_ecc_free(&key);
834-
return WOLFBOOT_DICE_ERR_HW;
837+
ret = WOLFBOOT_DICE_ERR_HW;
838+
goto cleanup;
835839
}
840+
rng_inited = 1;
836841

837842
{
838843
wc_Sha256 sha;
@@ -841,26 +846,35 @@ static int wolfboot_dice_sign_tbs(const uint8_t *tbs,
841846
wc_Sha256Final(&sha, hash);
842847
}
843848

844-
ret = wc_ecc_sign_hash(hash, sizeof(hash), der_sig, &der_sig_len, &rng, &key);
845-
wc_FreeRng(&rng);
846-
if (ret != 0) {
847-
wc_ecc_free(&key);
848-
return WOLFBOOT_DICE_ERR_CRYPTO;
849+
wc_ret = wc_ecc_sign_hash(hash, sizeof(hash), der_sig, &der_sig_len, &rng, &key);
850+
if (wc_ret != 0) {
851+
ret = WOLFBOOT_DICE_ERR_CRYPTO;
852+
goto cleanup;
849853
}
850854

851-
ret = wc_ecc_sig_to_rs(der_sig, der_sig_len, r, &r_len, s, &s_len);
852-
if (ret != 0 || r_len > sizeof(r) || s_len > sizeof(s)) {
853-
wc_ecc_free(&key);
854-
return WOLFBOOT_DICE_ERR_CRYPTO;
855+
wc_ret = wc_ecc_sig_to_rs(der_sig, der_sig_len, r, &r_len, s, &s_len);
856+
if (wc_ret != 0 || r_len > sizeof(r) || s_len > sizeof(s)) {
857+
ret = WOLFBOOT_DICE_ERR_CRYPTO;
858+
goto cleanup;
855859
}
856860

857861
XMEMSET(sig, 0, WOLFBOOT_DICE_SIG_LEN);
858862
XMEMCPY(sig + (sizeof(r) - r_len), r, r_len);
859863
XMEMCPY(sig + sizeof(r) + (sizeof(s) - s_len), s, s_len);
860864
*sig_len = WOLFBOOT_DICE_SIG_LEN;
865+
ret = WOLFBOOT_DICE_SUCCESS;
861866

862-
wc_ecc_free(&key);
863-
return WOLFBOOT_DICE_SUCCESS;
867+
cleanup:
868+
if (rng_inited) {
869+
wc_FreeRng(&rng);
870+
}
871+
if (key_inited) {
872+
wc_ecc_free(&key);
873+
wc_ForceZero(&key, sizeof(key));
874+
}
875+
wc_ForceZero(hash, sizeof(hash));
876+
wc_ForceZero(der_sig, sizeof(der_sig));
877+
return ret;
864878
}
865879

866880
static int wolfboot_dice_build_token(uint8_t *token_buf,

0 commit comments

Comments
 (0)