Zeroize buffer in wolfboot_dice_collect_claims

padelsbach · padelsbach · commit 0c851439ad9f · 2026-04-27T10:37:06.000-07:00
diff --git a/src/dice/dice.c b/src/dice/dice.c
@@ -517,11 +517,14 @@ static int wolfboot_dice_collect_claims(struct wolfboot_dice_claims *claims)
     XMEMSET(claims, 0, sizeof(*claims));
 
     if (hal_uds_derive_key(uds, uds_len) != 0) {
+        /* Buffer may be partially filled, zero it to be sure */
+        wc_ForceZero(uds, sizeof(uds));
         return WOLFBOOT_DICE_ERR_HW;
     }
 
     if (wolfboot_dice_get_ueid(claims->ueid, &claims->ueid_len,
                                uds, uds_len) != 0) {
+        wc_ForceZero(uds, sizeof(uds));
         return WOLFBOOT_DICE_ERR_HW;
     }
 
@@ -574,6 +577,7 @@ static int wolfboot_dice_collect_claims(struct wolfboot_dice_claims *claims)
         claims->component_count++;
     }
 
+    wc_ForceZero(uds, sizeof(uds));
     return WOLFBOOT_DICE_SUCCESS;
 }
 

Original file line number	Diff line number	Diff line change
`@@ -517,11 +517,14 @@ static int wolfboot_dice_collect_claims(struct wolfboot_dice_claims *claims)`
`517`	`517`	`XMEMSET(claims, 0, sizeof(*claims));`
`518`	`518`
`519`	`519`	`if (hal_uds_derive_key(uds, uds_len) != 0) {`
	`520`	`+ /* Buffer may be partially filled, zero it to be sure */`
	`521`	`+ wc_ForceZero(uds, sizeof(uds));`
`520`	`522`	`return WOLFBOOT_DICE_ERR_HW;`
`521`	`523`	`}`
`522`	`524`
`523`	`525`	`if (wolfboot_dice_get_ueid(claims->ueid, &claims->ueid_len,`
`524`	`526`	`uds, uds_len) != 0) {`
	`527`	`+ wc_ForceZero(uds, sizeof(uds));`
`525`	`528`	`return WOLFBOOT_DICE_ERR_HW;`
`526`	`529`	`}`
`527`	`530`
`@@ -574,6 +577,7 @@ static int wolfboot_dice_collect_claims(struct wolfboot_dice_claims *claims)`
`574`	`577`	`claims->component_count++;`
`575`	`578`	`}`
`576`	`579`
	`580`	`+ wc_ForceZero(uds, sizeof(uds));`
`577`	`581`	`return WOLFBOOT_DICE_SUCCESS;`
`578`	`582`	`}`
`579`	`583`