From 296493acf014cf89a29fbc1f3bd7d40cd522d643 Mon Sep 17 00:00:00 2001 From: Eric Blankenhorn Date: Thu, 5 Mar 2026 15:43:10 -0600 Subject: [PATCH] f283 harden GeneratePrivateDh186 --- wolfcrypt/src/dh.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/wolfcrypt/src/dh.c b/wolfcrypt/src/dh.c index f6c97d3cb4..b9e3ed6fa3 100644 --- a/wolfcrypt/src/dh.c +++ b/wolfcrypt/src/dh.c @@ -1157,8 +1157,9 @@ static int GeneratePrivateDh186(DhKey* key, WC_RNG* rng, byte* priv, if (err == MP_OKAY) err = mp_read_unsigned_bin(tmpX, cBuf, cSz); if (err != MP_OKAY) { - mp_clear(tmpX); + mp_forcezero(tmpX); mp_clear(tmpQ); + ForceZero(cBuf, cSz); #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) XFREE(cBuf, key->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(tmpQ, key->heap, DYNAMIC_TYPE_DH);