From db0108444e756d65e6c6b382e3192f0a17c583e5 Mon Sep 17 00:00:00 2001 From: Paul Adelsbach Date: Mon, 23 Mar 2026 15:49:35 -0700 Subject: [PATCH] Zero buffers at the end of wh_She_GenerateLoadableKey --- src/wh_she_crypto.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/wh_she_crypto.c b/src/wh_she_crypto.c index f4cee87fe..56cc2b4fd 100644 --- a/src/wh_she_crypto.c +++ b/src/wh_she_crypto.c @@ -248,6 +248,12 @@ int wh_She_GenerateLoadableKey(uint8_t keyId, messageFour, WH_SHE_M4_SZ, tmpKey, WH_SHE_KEY_SZ, NULL, INVALID_DEVID); } + + /* Clear buffers which may contain sensitive data */ + memset(kdfInput, 0, sizeof(kdfInput)); + memset(cmacOutput, 0, sizeof(cmacOutput)); + memset(tmpKey, 0, sizeof(tmpKey)); + return ret; }