Add extra zeroization to LMS and LMOTS
Signed-off-by: Raef Coles <raef.coles@arm.com>
diff --git a/library/lms.c b/library/lms.c
index f30f349..876deeb 100644
--- a/library/lms.c
+++ b/library/lms.c
@@ -516,7 +516,7 @@
ret = calculate_merkle_tree( ctx, ( unsigned char * )tree );
if( ret != 0 )
{
- return( ret );
+ goto exit;
}
for( height = 0; height < MBEDTLS_LMS_H_TREE_HEIGHT(ctx->params.type);
@@ -531,7 +531,12 @@
curr_node_id >>=1;
}
- return( 0 );
+ ret = 0;
+
+exit:
+ mbedtls_platform_zeroize( tree, sizeof( tree ) );
+
+ return( ret );
}
void mbedtls_lms_private_init( mbedtls_lms_private_t *ctx )
@@ -688,7 +693,7 @@
ret = calculate_merkle_tree( priv_ctx, ( unsigned char * )tree );
if( ret != 0 )
{
- return( ret );
+ goto exit;
}
/* Root node is always at position 1, due to 1-based indexing */
@@ -697,7 +702,12 @@
ctx->have_public_key = 1;
- return( 0 );
+ ret = 0;
+
+exit:
+ mbedtls_platform_zeroize( tree, sizeof( tree ) );
+
+ return( ret );
}