Add extra zeroization to LMS and LMOTS

Signed-off-by: Raef Coles <raef.coles@arm.com>
2025-05-10 08:59:05 +08:00 · 2022-10-12 10:47:27 +01:00 · 2022-10-12 10:47:27 +01:00 · 142e577c34
commit 142e577c34
parent 9fc303a99a
2 changed files with 28 additions and 9 deletions
--- a/library/lmots.c
+++ b/library/lmots.c
@ -700,7 +700,7 @@ int mbedtls_lmots_calculate_public_key( mbedtls_lmots_public_t *ctx,
                            NULL, ( unsigned char * )y_hashed_digits );
    if( ret )
    {
-        return( ret );
+        goto exit;
    }
    ret = public_key_from_hashed_digit_array( &priv_ctx->params,
@ -708,7 +708,7 @@ int mbedtls_lmots_calculate_public_key( mbedtls_lmots_public_t *ctx,
                                              ctx->public_key );
    if( ret )
    {
-        return( ret );
+        goto exit;
    }
    memcpy( &ctx->params, &priv_ctx->params,
@ -716,6 +716,9 @@ int mbedtls_lmots_calculate_public_key( mbedtls_lmots_public_t *ctx,
    ctx->have_public_key = 1;
 exit:
    mbedtls_platform_zeroize( y_hashed_digits, sizeof( y_hashed_digits ) );
    return( ret );
 }
@ -765,14 +768,14 @@ int mbedtls_lmots_sign( mbedtls_lmots_private_t *ctx,
                                            tmp_digit_array );
    if( ret )
    {
-        return( ret );
+        goto exit;
    }
    ret = hash_digit_array( &ctx->params, ( unsigned char * )ctx->private_key,
                            NULL, tmp_digit_array, ( unsigned char * )tmp_sig );
    if( ret )
    {
-        return( ret );
+        goto exit;
    }
    mbedtls_lms_unsigned_int_to_network_bytes( ctx->params.type,
@ -810,7 +813,13 @@ int mbedtls_lmots_sign( mbedtls_lmots_private_t *ctx,
        *sig_len = MBEDTLS_LMOTS_SIG_LEN(ctx->params.type);
    }
-    return( 0 );
+    ret = 0;
 exit:
    mbedtls_platform_zeroize( tmp_digit_array, sizeof( tmp_digit_array ) );
    mbedtls_platform_zeroize( tmp_sig, sizeof( tmp_sig ) );
    return ( ret );
 }
 #endif /* defined(MBEDTLS_LMS_PRIVATE) */
--- a/library/lms.c
+++ b/library/lms.c
@ -516,7 +516,7 @@ static int get_merkle_path( mbedtls_lms_private_t *ctx,
    ret = calculate_merkle_tree( ctx, ( unsigned char * )tree );
    if( ret != 0 )
    {
-        return( ret );
+        goto exit;
    }
    for( height = 0; height < MBEDTLS_LMS_H_TREE_HEIGHT(ctx->params.type);
@ -531,7 +531,12 @@ static int get_merkle_path( mbedtls_lms_private_t *ctx,
        curr_node_id >>=1;
    }
-    return( 0 );
+    ret = 0;
 exit:
    mbedtls_platform_zeroize( tree, sizeof( tree ) );
    return( ret );
 }
 void mbedtls_lms_private_init( mbedtls_lms_private_t *ctx )
@ -688,7 +693,7 @@ int mbedtls_lms_calculate_public_key( mbedtls_lms_public_t *ctx,
    ret = calculate_merkle_tree( priv_ctx, ( unsigned char * )tree );
    if( ret != 0 )
    {
-        return( ret );
+        goto exit;
    }
    /* Root node is always at position 1, due to 1-based indexing */
@ -697,7 +702,12 @@ int mbedtls_lms_calculate_public_key( mbedtls_lms_public_t *ctx,
    ctx->have_public_key = 1;
-    return( 0 );
+    ret = 0;
 exit:
    mbedtls_platform_zeroize( tree, sizeof( tree ) );
    return( ret );
 }