Fix LMS/HSS key cleanup

tools/hsskeygen.c

@@ -56,6 +56,8 @@ int hsskeygen_main(int argc, char **argv)
 	uint8_t *ppubout = pubout;
 	size_t outlen = 0, puboutlen = 0;
 
+	memset(&key, 0, sizeof(key));
+
 	argc--;
 	argv++;
 
@@ -150,7 +152,7 @@ bad:
 
 	ret = 0;
 end:
-	gmssl_secure_clear(&key, sizeof(key));
+	hss_key_cleanup(&key);
 	gmssl_secure_clear(out, outlen);
 	if (outfile && outfp) fclose(outfp);
 	if (puboutfile && puboutfp) fclose(puboutfp);

tools/hsssign.c

@@ -46,6 +46,8 @@ int hsssign_main(int argc, char **argv)
 	uint8_t sig[HSS_SIGNATURE_MAX_SIZE];
 	size_t siglen;
 
+	memset(&key, 0, sizeof(key));
+
 	argc--;
 	argv++;
 
@@ -160,8 +162,8 @@ bad:
 	ret = 0;
 
 end:
+	hss_key_cleanup(&key);
 	gmssl_secure_clear(keybuf, sizeof(keybuf));
-	gmssl_secure_clear(&key, sizeof(key));
 	gmssl_secure_clear(&ctx, sizeof(ctx));
 	if (keyfp) fclose(keyfp);
 	if (infp && infp != stdin) fclose(infp);

tools/lmskeygen.c

@@ -50,6 +50,8 @@ int lmskeygen_main(int argc, char **argv)
 	uint8_t *ppubout = pubout;
 	size_t outlen = 0, puboutlen = 0;
 
+	memset(&key, 0, sizeof(key));
+
 	argc--;
 	argv++;
 
@@ -136,7 +138,7 @@ bad:
 
 	ret = 0;
 end:
-	gmssl_secure_clear(&key, sizeof(key));
+	lms_key_cleanup(&key);
 	gmssl_secure_clear(out, outlen);
 	if (outfile && outfp) fclose(outfp);
 	if (puboutfile && puboutfp) fclose(puboutfp);

tools/lmssign.c

@@ -46,6 +46,8 @@ int lmssign_main(int argc, char **argv)
 	uint8_t sig[LMS_SIGNATURE_MAX_SIZE];
 	size_t siglen;
 
+	memset(&key, 0, sizeof(key));
+
 	argc--;
 	argv++;
 
@@ -160,8 +162,8 @@ bad:
 	ret = 0;
 
 end:
+	lms_key_cleanup(&key);
 	gmssl_secure_clear(keybuf, sizeof(keybuf));
-	gmssl_secure_clear(&key, sizeof(key));
 	gmssl_secure_clear(&ctx, sizeof(ctx));
 	if (keyfp) fclose(keyfp);
 	if (infp && infp != stdin) fclose(infp);