ETR01SDK-459: Enhance deinitialization on errors

[medexs]

Description

• Added missing secure zeroing.
• Added missing check of lt_handle_t.l3.session_status in lt_in__ecc_key_generate().
• Proper cleanup in lt_init().
• Removed redundant checks of lt_handle_t.l3.session_status in lt_l3_encrypt_request() and lt_l3_decrypt_response().
• Added missing lt_deinit() in lt_test_rev_handshake_req and lt_test_rev_startup_req.

---

Type of Change

Select the type(s) that best describe your change:

• 🐛 Bug fix
• ✨ New feature
• 🧹 Code cleanup or refactoring
• 📝 Documentation update
• 🔧 Build system or toolchain update
• 🔒 Security improvement
• Other (please describe):

---

Checklist

Before submitting, please confirm that you have completed the following:

• I opened the Pull Request to the develop branch
• I followed the project's code guidelines
• I formatted the code using clang-format with the recommended configuration
• I updated the changelog, or this change does not require it (e.g., internal or non-functional update)
• The project builds without errors or warnings
• I have verified the functionality against the hardware/model as applicable
• I have ensured that public APIs remain backward compatible (if applicable)
• This PR is ready for review by maintainers (no WIP commits left) and marked as Ready for Review

---

[Copilot]

Pull request overview

This pull request enhances error handling and cleanup in the libtropic library by adding missing secure memory zeroing, improving deinitialization logic, and ensuring proper cleanup on error paths. The changes focus on security improvements and more robust error handling throughout the codebase.

• Added secure zeroing of sensitive cryptographic material in key derivation functions
• Implemented proper cleanup with goto-based error handling in initialization functions
• Added missing session status checks and test cleanup procedures

Reviewed changes

Copilot reviewed 9 out of 9 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
src/libtropic.c	Added cleanup error handling in lt_init() to properly deinitialize resources on failure
src/libtropic_l3.c	Enhanced lt_in__session_start() with secure zeroing and improved cleanup flow; added session status check in lt_in__ecc_key_generate()
src/lt_hkdf.c	Added secure memory zeroing and goto-based cleanup pattern for sensitive intermediate values
src/lt_l3_process.c	Removed redundant session status checks from lt_l3_encrypt_request() and lt_l3_decrypt_response()
tests/functional/lt_test_rev_startup_req.c	Added lt_deinit() call in cleanup function for proper resource cleanup
tests/functional/lt_test_rev_handshake_req.c	Added lt_deinit() call at end of test for proper resource cleanup
src/lt_crypto_common.h	Added warning documentation about context initialization requirements
src/lt_aesgcm.h	Added warning documentation about deinit function assumptions
CHANGELOG.md	Updated to document all changes in this PR

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[medexs]

@copilot Do you think there are some other places where secure memory zeroing should be done?

[Copilot]

@medexs I've opened a new pull request, #409, to work on those changes. Once the pull request is ready, I'll request review from you.

[andreondra]

lt_in__session_start: having labels scattered around the function is not ideal. I think we can actually use one single label at the end, if we do a few modifications:

Variables: We can always zero all variables if we declare them at the beginning.
Crypto (AES, SHA): our CAL deinit functions allow to be called even when there was no init beforehand, right? If that's the case, we can always call them.

[medexs]

lt_in__session_start: having labels scattered around the function is not ideal. I think we can actually use one single label at the end, if we do a few modifications:

Variables: We can always zero all variables if we declare them at the beginning. Crypto (AES, SHA): our CAL deinit functions allow to be called even when there was no init beforehand, right? If that's the case, we can always call them.

The labels are not scattered randomly, they are always under a self-contained block of code, so the cleanup is done in parts. I just didn't want to zero out a ton of variables if only some of them were actually used.

I will try to refactor it.

[medexs]

@copilot I pushed some commits today, refactoring the goto cleanups. Can you check if I didn't do some mistake?

[Copilot]

@medexs I've opened a new pull request, #411, to work on those changes. Once the pull request is ready, I'll request review from you.

[medexs]

@andreondra , I refactored the cleanups:

• Use simpler names for the labels (have to be unique only in the function scope).
• Use the "stacked cleanup" approach - labels are declared at the end, which makes the code cleaner. I don't want to always do the same cleanup as you suggested, but I agree that the previous implementation was not clean enough.

Please, take a look at it.