Fix Fenrir F-1758/F-1759/F-1760: ECDH output cleanup on return

dgarske · dgarske · commit e6e230457f48 · 2026-04-06T15:58:05.000-07:00
diff --git a/src/tpm2_wrap.c b/src/tpm2_wrap.c
@@ -4560,6 +4560,7 @@ int wolfTPM2_ECDHGen(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* privKey,
         ecdhOut.pubPoint.size);
 #endif
 
+    TPM2_ForceZero(&ecdhOut, sizeof(ecdhOut));
     return rc;
 }
 
@@ -4609,6 +4610,7 @@ int wolfTPM2_ECDHGenZ(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* privKey,
     printf("TPM2_ECDH_ZGen: zPt %d\n", ecdhZOut.outPoint.size);
 #endif
 
+    TPM2_ForceZero(&ecdhZOut, sizeof(ecdhZOut));
     return rc;
 }
 
@@ -4699,6 +4701,7 @@ int wolfTPM2_ECDHEGenZ(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* parentKey,
     printf("TPM2_ZGen_2Phase: zPt %d\n", outZGen2Ph.outZ2.size);
 #endif
 
+    TPM2_ForceZero(&outZGen2Ph, sizeof(outZGen2Ph));
     return rc;
 }
 

Original file line number	Diff line number	Diff line change
`@@ -4560,6 +4560,7 @@ int wolfTPM2_ECDHGen(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* privKey,`
`4560`	`4560`	`ecdhOut.pubPoint.size);`
`4561`	`4561`	`#endif`
`4562`	`4562`
	`4563`	`+ TPM2_ForceZero(&ecdhOut, sizeof(ecdhOut));`
`4563`	`4564`	`return rc;`
`4564`	`4565`	`}`
`4565`	`4566`
`@@ -4609,6 +4610,7 @@ int wolfTPM2_ECDHGenZ(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* privKey,`
`4609`	`4610`	`printf("TPM2_ECDH_ZGen: zPt %d\n", ecdhZOut.outPoint.size);`
`4610`	`4611`	`#endif`
`4611`	`4612`
	`4613`	`+ TPM2_ForceZero(&ecdhZOut, sizeof(ecdhZOut));`
`4612`	`4614`	`return rc;`
`4613`	`4615`	`}`
`4614`	`4616`
`@@ -4699,6 +4701,7 @@ int wolfTPM2_ECDHEGenZ(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* parentKey,`
`4699`	`4701`	`printf("TPM2_ZGen_2Phase: zPt %d\n", outZGen2Ph.outZ2.size);`
`4700`	`4702`	`#endif`
`4701`	`4703`
	`4704`	`+ TPM2_ForceZero(&outZGen2Ph, sizeof(outZGen2Ph));`
`4702`	`4705`	`return rc;`
`4703`	`4706`	`}`
`4704`	`4707`