Fix LMS/HSS key cleanup

2026-05-06 16:36:16 +08:00 · 2025-12-18 18:36:25 +08:00
parent a03f5132cd
commit f813838ad4
4 changed files with 12 additions and 4 deletions
--- a/tools/hsskeygen.c
+++ b/tools/hsskeygen.c
@@ -56,6 +56,8 @@ int hsskeygen_main(int argc, char **argv)
 	uint8_t *ppubout = pubout;
 	size_t outlen = 0, puboutlen = 0;
 	memset(&key, 0, sizeof(key));
 	argc--;
 	argv++;
@@ -150,7 +152,7 @@ bad:
 	ret = 0;
 end:
-	gmssl_secure_clear(&key, sizeof(key));
+	hss_key_cleanup(&key);
 	gmssl_secure_clear(out, outlen);
 	if (outfile && outfp) fclose(outfp);
 	if (puboutfile && puboutfp) fclose(puboutfp);
--- a/tools/hsssign.c
+++ b/tools/hsssign.c
@@ -46,6 +46,8 @@ int hsssign_main(int argc, char **argv)
 	uint8_t sig[HSS_SIGNATURE_MAX_SIZE];
 	size_t siglen;
 	memset(&key, 0, sizeof(key));
 	argc--;
 	argv++;
@@ -160,8 +162,8 @@ bad:
 	ret = 0;
 end:
 	hss_key_cleanup(&key);
 	gmssl_secure_clear(keybuf, sizeof(keybuf));
 	gmssl_secure_clear(&key, sizeof(key));
 	gmssl_secure_clear(&ctx, sizeof(ctx));
 	if (keyfp) fclose(keyfp);
 	if (infp && infp != stdin) fclose(infp);
--- a/tools/lmskeygen.c
+++ b/tools/lmskeygen.c
@@ -50,6 +50,8 @@ int lmskeygen_main(int argc, char **argv)
 	uint8_t *ppubout = pubout;
 	size_t outlen = 0, puboutlen = 0;
 	memset(&key, 0, sizeof(key));
 	argc--;
 	argv++;
@@ -136,7 +138,7 @@ bad:
 	ret = 0;
 end:
-	gmssl_secure_clear(&key, sizeof(key));
+	lms_key_cleanup(&key);
 	gmssl_secure_clear(out, outlen);
 	if (outfile && outfp) fclose(outfp);
 	if (puboutfile && puboutfp) fclose(puboutfp);
--- a/tools/lmssign.c
+++ b/tools/lmssign.c
@@ -46,6 +46,8 @@ int lmssign_main(int argc, char **argv)
 	uint8_t sig[LMS_SIGNATURE_MAX_SIZE];
 	size_t siglen;
 	memset(&key, 0, sizeof(key));
 	argc--;
 	argv++;
@@ -160,8 +162,8 @@ bad:
 	ret = 0;
 end:
 	lms_key_cleanup(&key);
 	gmssl_secure_clear(keybuf, sizeof(keybuf));
 	gmssl_secure_clear(&key, sizeof(key));
 	gmssl_secure_clear(&ctx, sizeof(ctx));
 	if (keyfp) fclose(keyfp);
 	if (infp && infp != stdin) fclose(infp);