Fix Fenrir F-1764: wolfTPM2_EncryptDecryptBlock output cleanup

dgarske · dgarske · commit b5f66e9d8687 · 2026-04-06T15:58:05.000-07:00
diff --git a/src/tpm2_wrap.c b/src/tpm2_wrap.c
@@ -5990,6 +5990,8 @@ int wolfTPM2_EncryptDecryptBlock(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* key,
         printf("TPM2_EncryptDecrypt2 failed 0x%x: %s\n", rc,
             TPM2_GetRCString(rc));
     #endif
+        TPM2_ForceZero(&encDecIn, sizeof(encDecIn));
+        TPM2_ForceZero(&encDecOut, sizeof(encDecOut));
         return rc;
     }
 
@@ -6005,6 +6007,8 @@ int wolfTPM2_EncryptDecryptBlock(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* key,
         inOutSz = encDecOut.outData.size;
     XMEMCPY(out, encDecOut.outData.buffer, inOutSz);
 
+    TPM2_ForceZero(&encDecIn, sizeof(encDecIn));
+    TPM2_ForceZero(&encDecOut, sizeof(encDecOut));
     return rc;
 }
 

Original file line number	Diff line number	Diff line change
`@@ -5990,6 +5990,8 @@ int wolfTPM2_EncryptDecryptBlock(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* key,`
`5990`	`5990`	`printf("TPM2_EncryptDecrypt2 failed 0x%x: %s\n", rc,`
`5991`	`5991`	`TPM2_GetRCString(rc));`
`5992`	`5992`	`#endif`
	`5993`	`+ TPM2_ForceZero(&encDecIn, sizeof(encDecIn));`
	`5994`	`+ TPM2_ForceZero(&encDecOut, sizeof(encDecOut));`
`5993`	`5995`	`return rc;`
`5994`	`5996`	`}`
`5995`	`5997`
`@@ -6005,6 +6007,8 @@ int wolfTPM2_EncryptDecryptBlock(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* key,`
`6005`	`6007`	`inOutSz = encDecOut.outData.size;`
`6006`	`6008`	`XMEMCPY(out, encDecOut.outData.buffer, inOutSz);`
`6007`	`6009`
	`6010`	`+ TPM2_ForceZero(&encDecIn, sizeof(encDecIn));`
	`6011`	`+ TPM2_ForceZero(&encDecOut, sizeof(encDecOut));`
`6008`	`6012`	`return rc;`
`6009`	`6013`	`}`
`6010`	`6014`