linuxkm ecdh: force zero shared secret buffer, and clear old key.

linuxkm/lkcapi_ecdh_glue.c

@@ -30,6 +30,14 @@
 #include <wolfssl/wolfcrypt/ecc.h>
 #include <crypto/ecdh.h>
 
+/* need misc.c for ForceZero(). */
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
 #define WOLFKM_ECDH_DRIVER       ("ecdh-wolfcrypt")
 
 #define WOLFKM_ECDH_P192_NAME    ("ecdh-nist-p192")
@@ -167,6 +175,24 @@ static int km_ecdh_set_secret(struct crypto_kpp *tfm, const void *buf,
         return -EINVAL;
     }
 
+    if (ctx->key->type == ECC_PRIVATEKEY ||
+        ctx->key->type == ECC_PRIVATEKEY_ONLY) {
+        /* private key already set. force clear it. */
+        wc_ecc_free(ctx->key);
+
+        err = wc_ecc_init(ctx->key);
+        if (unlikely(err < 0)) {
+            return -ENOMEM;
+        }
+
+        #ifdef ECC_TIMING_RESISTANT
+        err = wc_ecc_set_rng(ctx->key, &ctx->rng);
+        if (unlikely(err < 0)) {
+            return -ENOMEM;
+        }
+        #endif /* ECC_TIMING_RESISTANT */
+    }
+
     if (!params.key || !params.key_size) {
         /* Empty secret payload. Generate our own ecc key pair */
         err = wc_ecc_make_key_ex(&ctx->rng, ctx->curve_len, ctx->key,
@@ -544,7 +570,11 @@ static int km_ecdh_compute_shared_secret(struct kpp_request *req)
     scatterwalk_map_and_copy(shared_secret, req->dst, 0, shared_secret_len, 1);
 
 ecdh_shared_secret_end:
-    if (shared_secret) { free(shared_secret); shared_secret = NULL; }
+    if (shared_secret) {
+        ForceZero(shared_secret, shared_secret_len);
+        free(shared_secret);
+        shared_secret = NULL;
+    }
     if (pub) { free(pub); pub = NULL; }
 
     if (ecc_pub) {