From ddee60a8e5603a47c26b95b2f944427e6013ac03 Mon Sep 17 00:00:00 2001
From: Paul Selkirk <paul@psgd.org>
Date: Wed, 13 Feb 2019 16:05:42 -0500
Subject: If a KEK is given to keywrap/unwrap, zero it out of the keywrap core
 after use.

The key-export mechanism unwraps the key with the KEK from Master Key
Memory, then re-wraps it with a random KEK. If that random KEK stays in
the keywrap core, it will cause problems for all subsequent wrap/unwrap
operations.
---
 aes_keywrap.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/aes_keywrap.c b/aes_keywrap.c
index 63e0cf7..1ee857b 100644
--- a/aes_keywrap.c
+++ b/aes_keywrap.c
@@ -383,6 +383,8 @@ hal_error_t hal_aes_keywrap(hal_core_t *core,
   }
 
 out:
+  if (K != NULL)
+    hal_aes_keywrap_zero(core);
   if (free_core)
     hal_core_free(core);
   return err;
@@ -483,6 +485,8 @@ hal_error_t hal_aes_keyunwrap(hal_core_t *core,
   memmove(Q, Q + 8, m);
 
 out:
+  if (K != NULL)
+    hal_aes_keywrap_zero(core);
   if (free_core)
     hal_core_free(core);
   return err;
-- 
cgit v1.2.3