Merge pull request #325 from padelsbach/she-crypto-loadable-zero

bigbrett · web-flow · commit e90890a1c471 · 2026-03-23T21:16:58.000-06:00
Zero buffers at the end of wh_She_GenerateLoadableKey
diff --git a/src/wh_she_crypto.c b/src/wh_she_crypto.c
@@ -248,6 +248,12 @@ int wh_She_GenerateLoadableKey(uint8_t keyId,
                 messageFour, WH_SHE_M4_SZ, tmpKey, WH_SHE_KEY_SZ, NULL,
                 INVALID_DEVID);
     }
+
+    /* Clear buffers which may contain sensitive data */
+    memset(kdfInput, 0, sizeof(kdfInput));
+    memset(cmacOutput, 0, sizeof(cmacOutput));
+    memset(tmpKey, 0, sizeof(tmpKey));
+
     return ret;
 }
 

Original file line number	Diff line number	Diff line change
`@@ -248,6 +248,12 @@ int wh_She_GenerateLoadableKey(uint8_t keyId,`
`248`	`248`	`messageFour, WH_SHE_M4_SZ, tmpKey, WH_SHE_KEY_SZ, NULL,`
`249`	`249`	`INVALID_DEVID);`
`250`	`250`	`}`
	`251`	`+`
	`252`	`+ /* Clear buffers which may contain sensitive data */`
	`253`	`+ memset(kdfInput, 0, sizeof(kdfInput));`
	`254`	`+ memset(cmacOutput, 0, sizeof(cmacOutput));`
	`255`	`+ memset(tmpKey, 0, sizeof(tmpKey));`
	`256`	`+`
`251`	`257`	`return ret;`
`252`	`258`	`}`
`253`	`259`