From 541cd39f14dffbb0020b6cc7c99f0acdbc8bc666 Mon Sep 17 00:00:00 2001 From: abdallah elhdad Date: Fri, 21 Nov 2025 18:36:48 +0200 Subject: [PATCH] zeroize sensitive buffers in ssh_sntrup761x25519_build_k Signed-off-by: abdallah elhdad Reviewed-by: Jakub Jelen Reviewed-by: Andreas Schneider --- src/sntrup761.c | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/src/sntrup761.c b/src/sntrup761.c index 52623d0c..bc96439a 100644 --- a/src/sntrup761.c +++ b/src/sntrup761.c @@ -153,7 +153,7 @@ static int ssh_sntrup761x25519_build_k(ssh_session session) rc = ssh_curve25519_create_k(session, k); if (rc != SSH_OK) { - return SSH_ERROR; + goto cleanup; } #ifdef DEBUG_CRYPTO @@ -176,7 +176,8 @@ static int ssh_sntrup761x25519_build_k(ssh_session session) SSH_LOG(SSH_LOG_TRACE, "Failed to encapsulate sntrup761 shared secret: %s", gpg_strerror(err)); - return SSH_ERROR; + rc = SSH_ERROR; + goto cleanup; } } else { gcry_error_t err; @@ -193,7 +194,8 @@ static int ssh_sntrup761x25519_build_k(ssh_session session) SSH_LOG(SSH_LOG_TRACE, "Failed to decapsulate sntrup761 shared secret: %s", gpg_strerror(err)); - return SSH_ERROR; + rc = SSH_ERROR; + goto cleanup; } } #else @@ -204,7 +206,8 @@ static int ssh_sntrup761x25519_build_k(ssh_session session) &rc, crypto_random); if (rc != 1) { - return SSH_ERROR; + rc = SSH_ERROR; + goto cleanup; } } else { sntrup761_dec(ssk, @@ -224,7 +227,8 @@ static int ssh_sntrup761x25519_build_k(ssh_session session) bignum_bin2bn(hss, sizeof hss, &session->next_crypto->shared_secret); if (session->next_crypto->shared_secret == NULL) { - return SSH_ERROR; + rc = SSH_ERROR; + goto cleanup; } #ifdef DEBUG_CRYPTO @@ -232,6 +236,11 @@ static int ssh_sntrup761x25519_build_k(ssh_session session) #endif return 0; +cleanup: + ssh_burn(ssk, sizeof ssk); + ssh_burn(hss, sizeof hss); + + return rc; } /** @internal