Skip to content

Commit 44fcd9f

Browse files
committed
Fix Fenrir F-1761: wolfTPM2_RsaDecrypt output cleanup on all return paths
1 parent e6e2304 commit 44fcd9f

1 file changed

Lines changed: 3 additions & 0 deletions

File tree

src/tpm2_wrap.c

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4800,10 +4800,12 @@ int wolfTPM2_RsaDecrypt(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* key,
48004800
printf("TPM2_RSA_Decrypt failed %d: %s\n", rc,
48014801
wolfTPM2_GetRCString(rc));
48024802
#endif
4803+
TPM2_ForceZero(&rsaDecOut, sizeof(rsaDecOut));
48034804
return rc;
48044805
}
48054806

48064807
if (*msgSz < rsaDecOut.message.size) {
4808+
TPM2_ForceZero(&rsaDecOut, sizeof(rsaDecOut));
48074809
return BUFFER_E;
48084810
}
48094811
*msgSz = rsaDecOut.message.size;
@@ -4813,6 +4815,7 @@ int wolfTPM2_RsaDecrypt(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* key,
48134815
printf("TPM2_RSA_Decrypt: %d\n", rsaDecOut.message.size);
48144816
#endif
48154817

4818+
TPM2_ForceZero(&rsaDecOut, sizeof(rsaDecOut));
48164819
return rc;
48174820
}
48184821

0 commit comments

Comments
 (0)