eddsa: zero orig_k after sign

JeremiahM37 · JeremiahM37 · commit b77791971eb6 · 2026-05-06T15:46:59.000Z
diff --git a/wolfcrypt/src/ed25519.c b/wolfcrypt/src/ed25519.c
@@ -548,6 +548,7 @@ int wc_ed25519_sign_msg_ex(const byte* in, word32 inLen, byte* out,
         }
         ret = ctMaskGT(c, 0) & SIG_VERIFY_E;
     }
+    ForceZero(orig_k, sizeof(orig_k));
 #endif
 
     return ret;
diff --git a/wolfcrypt/src/ed448.c b/wolfcrypt/src/ed448.c
@@ -505,6 +505,7 @@ int wc_ed448_sign_msg_ex(const byte* in, word32 inLen, byte* out,
         }
         ret = ctMaskGT(c, 0) & SIG_VERIFY_E;
     }
+    ForceZero(orig_k, sizeof(orig_k));
 #endif
 
     ForceZero(az, sizeof(az));

Original file line number	Diff line number	Diff line change
`@@ -548,6 +548,7 @@ int wc_ed25519_sign_msg_ex(const byte* in, word32 inLen, byte* out,`
`548`	`548`	`}`
`549`	`549`	`ret = ctMaskGT(c, 0) & SIG_VERIFY_E;`
`550`	`550`	`}`
	`551`	`+ ForceZero(orig_k, sizeof(orig_k));`
`551`	`552`	`#endif`
`552`	`553`
`553`	`554`	`return ret;`
Original file line number	Diff line number	Diff line change
`@@ -505,6 +505,7 @@ int wc_ed448_sign_msg_ex(const byte* in, word32 inLen, byte* out,`
`505`	`505`	`}`
`506`	`506`	`ret = ctMaskGT(c, 0) & SIG_VERIFY_E;`
`507`	`507`	`}`
	`508`	`+ ForceZero(orig_k, sizeof(orig_k));`
`508`	`509`	`#endif`
`509`	`510`
`510`	`511`	`ForceZero(az, sizeof(az));`