SKALE-3067-cleanup-sgx

4e2870ac · kladko · 4e3cd625 · 4e2870ac
Unverified Commit 4e2870ac authored Aug 10, 2020 by kladko
Hide whitespace changes
Inline Side-by-side

Showing with 181 additions and 15 deletions

secure_enclave.c secure_enclave/secure_enclave.c +181 -15

No files found.
--- a/secure_enclave/secure_enclave.c
+++ b/secure_enclave/secure_enclave.c
@@ -149,17 +149,24 @@ void *reallocate_function(void *ptr, size_t osize, size_t nsize) {
 void get_global_random(unsigned char *_randBuff, uint64_t _size) {
    char errString[BUF_LEN];
-    int *errStatus;
+    int status;
+    int *errStatus = &status;
+    *errString = 0;
+    *errStatus = UNKNOWN_ERROR;
    CHECK_STATE(_size <= 32)
    CHECK_STATE(_randBuff);
    sgx_sha_state_handle_t shaStateHandle;
-    assert(sgx_sha256_init(&shaStateHandle) == SGX_SUCCESS);
-    assert(sgx_sha256_update(globalRandom, 32, shaStateHandle) == SGX_SUCCESS);
+    CHECK_STATE(sgx_sha256_init(&shaStateHandle) == SGX_SUCCESS);
-    assert(sgx_sha256_get_hash(shaStateHandle, globalRandom) == SGX_SUCCESS);
+    CHECK_STATE(sgx_sha256_update(globalRandom, 32, shaStateHandle) == SGX_SUCCESS);
-    assert(sgx_sha256_get_hash(shaStateHandle, globalRandom) == SGX_SUCCESS);
+    CHECK_STATE(sgx_sha256_get_hash(shaStateHandle, globalRandom) == SGX_SUCCESS);
-    assert(sgx_sha256_close(shaStateHandle) == SGX_SUCCESS);
+    CHECK_STATE(sgx_sha256_get_hash(shaStateHandle, globalRandom) == SGX_SUCCESS);
+    CHECK_STATE(sgx_sha256_close(shaStateHandle) == SGX_SUCCESS);
    memcpy(_randBuff, globalRandom, _size);
 }
@@ -167,14 +174,15 @@ void get_global_random(unsigned char *_randBuff, uint64_t _size) {
 void trustedGenerateEcdsaKey(int *errStatus, char *errString,
                             uint8_t *encryptedPrivateKey, uint32_t *enc_len, char *pub_key_x, char *pub_key_y) {
    LOG_DEBUG(__FUNCTION__);
+    *errString = 0;
+    *errStatus = UNKNOWN_ERROR;
    CHECK_STATE(encryptedPrivateKey);
    CHECK_STATE(pub_key_x); CHECK_STATE(pub_key_y);
    domain_parameters curve = domain_parameters_init();
    domain_parameters_load_curve(curve, secp256k1);
@@ -235,6 +243,9 @@ void trustedGenerateEcdsaKey(int *errStatus, char *errString,
    *enc_len = sealedLen;
+    *errStatus = 0;
    mpz_clear(skey);
    domain_parameters_clear(curve);
    point_clear(Pkey);
@@ -248,6 +259,9 @@ void trustedGetPublicEcdsaKey(int *errStatus, char *errString,
    CHECK_STATE(pub_key_x);
    CHECK_STATE(pub_key_y);
+    *errString = 0;
+    *errStatus = UNKNOWN_ERROR;
    domain_parameters curve = domain_parameters_init();
    domain_parameters_load_curve(curve, secp256k1);
@@ -315,6 +329,8 @@ void trustedGetPublicEcdsaKey(int *errStatus, char *errString,
    }
    strncpy(pub_key_y + n_zeroes, arr_y, 1024 - n_zeroes);
+    *errStatus = 0;
    mpz_clear(privateKeyMpz);
    domain_parameters_clear(curve);
    point_clear(Pkey);
@@ -332,6 +348,9 @@ void trustedEcdsaSign(int *errStatus, char *errString, uint8_t *encryptedPrivate
    CHECK_STATE(sigS);
    CHECK_STATE(base > 0);
+    *errString = 0;
+    *errStatus = UNKNOWN_ERROR;
    char *arrR = NULL;
    char *arrS = NULL;
@@ -406,6 +425,8 @@ void trustedEcdsaSign(int *errStatus, char *errString, uint8_t *encryptedPrivate
    strncpy(sigS, arrS, 1024);
    *sig_v = sign->v;
+    *errStatus = 0;
    clean:
    mpz_clear(privateKeyMpz);
@@ -436,6 +457,7 @@ void trustedEncryptKey(int *errStatus, char *errString, const char *key,
    CHECK_STATE(key);
    CHECK_STATE(encryptedPrivateKey);
+    *errString = 0;
    *errStatus = UNKNOWN_ERROR;
    memset(errString, 0, BUF_LEN);
@@ -494,7 +516,8 @@ void trustedDecryptKey(int *errStatus, char *errString, uint8_t *encryptedPrivat
    uint32_t decLen;
-    *errStatus = -9;
+    *errString = 0;
+    *errStatus = UNKNOWN_ERROR;
    sgx_status_t status = sgx_unseal_data(
            (const sgx_sealed_data_t *) encryptedPrivateKey, NULL, 0, (uint8_t *) key, &decLen);
@@ -520,7 +543,6 @@ void trustedDecryptKey(int *errStatus, char *errString, uint8_t *encryptedPrivat
    }
    *errStatus = 0;
-    return;
 }
 void trustedBlsSignMessage(int *errStatus, char *errString, uint8_t *encryptedPrivateKey,
@@ -528,6 +550,9 @@ void trustedBlsSignMessage(int *errStatus, char *errString, uint8_t *encryptedPr
                           char *_hashY, char *signature) {
    LOG_DEBUG(__FUNCTION__);
+    *errString = 0;
+    *errStatus = UNKNOWN_ERROR;
    CHECK_STATE(encryptedPrivateKey);
    CHECK_STATE(_hashX);
    CHECK_STATE(_hashY);
@@ -554,12 +579,17 @@ void trustedBlsSignMessage(int *errStatus, char *errString, uint8_t *encryptedPr
        return;
    }
+    *errStatus = 0;
    free(sig);
 }
 void trustedGenDkgSecret(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint32_t *enc_len, size_t _t) {
    LOG_DEBUG(__FUNCTION__);
+    *errString = 0;
+    *errStatus = UNKNOWN_ERROR;
    CHECK_STATE(encrypted_dkg_secret);
    char dkg_secret[DKG_BUFER_LENGTH];
@@ -581,6 +611,9 @@ void trustedGenDkgSecret(int *errStatus, char *errString, uint8_t *encrypted_dkg
    }
    *enc_len = sealedLen;
+    *errStatus = 0;
 }
 void
@@ -588,6 +621,9 @@ trustedDecryptDkgSecret(int *errStatus, char *errString, uint8_t *encrypted_dkg_
                        uint32_t *dec_len) {
    LOG_DEBUG(__FUNCTION__);
+    *errString = 0;
+    *errStatus = UNKNOWN_ERROR;
    CHECK_STATE(encrypted_dkg_secret);
    uint32_t decr_len;
@@ -601,6 +637,8 @@ trustedDecryptDkgSecret(int *errStatus, char *errString, uint8_t *encrypted_dkg_
    }
    *dec_len = decr_len;
+    *errStatus = 0;
 }
 void trustedGetSecretShares(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint32_t *dec_len,
@@ -611,6 +649,9 @@ void trustedGetSecretShares(int *errStatus, char *errString, uint8_t *encrypted_
    CHECK_STATE(secret_shares);
    CHECK_STATE(_t <= _n);
+    *errString = 0;
+    *errStatus = UNKNOWN_ERROR;
    LOG_DEBUG(__FUNCTION__);
    char decrypted_dkg_secret[DKG_BUFER_LENGTH];
@@ -626,6 +667,8 @@ void trustedGetSecretShares(int *errStatus, char *errString, uint8_t *encrypted_
    *dec_len = decr_len;
    calc_secret_shares(decrypted_dkg_secret, secret_shares, _t, _n);
+    *errStatus = 0;
 }
 void trustedGetPublicShares(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint32_t enc_len,
@@ -638,6 +681,9 @@ void trustedGetPublicShares(int *errStatus, char *errString, uint8_t *encrypted_
    CHECK_STATE(_t <= _n);
    CHECK_STATE(_n > 0);
+    *errString = 0;
+    *errStatus = UNKNOWN_ERROR;
    char *decrypted_dkg_secret = (char *) calloc(DKG_MAX_SEALED_LEN, 1);
    uint32_t decr_len;
    trustedDecryptDkgSecret(errStatus, errString, (uint8_t *) encrypted_dkg_secret, (uint8_t *) decrypted_dkg_secret,
@@ -654,6 +700,9 @@ void trustedGetPublicShares(int *errStatus, char *errString, uint8_t *encrypted_
        free(decrypted_dkg_secret);
        return;
    }
+    *errStatus = 0;
    free(decrypted_dkg_secret);
 }
@@ -662,6 +711,9 @@ void trustedSetEncryptedDkgPoly(int *errStatus, char *errString, uint8_t *encryp
    CHECK_STATE(encrypted_poly);
+    *errString = 0;
+    *errStatus = UNKNOWN_ERROR;
    memset(getThreadLocalDecryptedDkgPoly(), 0, DKG_BUFER_LENGTH);
    uint32_t decr_len;
    sgx_status_t status = sgx_unseal_data(
@@ -673,6 +725,8 @@ void trustedSetEncryptedDkgPoly(int *errStatus, char *errString, uint8_t *encryp
        snprintf(errString, BUF_LEN, "sgx_unseal_data - encrypted_poly failed with status %d", status);
        return;
    }
+    *errStatus = 0;
 }
 void trustedGetEncryptedSecretShare(int *errStatus, char *errString, uint8_t *encrypted_skey, uint32_t *dec_len,
@@ -688,6 +742,8 @@ void trustedGetEncryptedSecretShare(int *errStatus, char *errString, uint8_t *en
    CHECK_STATE(_t <= _n);
    CHECK_STATE(_n > 0);
+    *errString = 0;
+    *errStatus = UNKNOWN_ERROR;
    char skey[ECDSA_SKEY_LEN];
    char pub_key_x[BUF_LEN];
@@ -740,6 +796,8 @@ void trustedGetEncryptedSecretShare(int *errStatus, char *errString, uint8_t *en
    strncpy(result_str, cypher, strlen(cypher));
    strncpy(result_str + strlen(cypher), pub_key_x, strlen(pub_key_x));
    strncpy(result_str + strlen(pub_key_x) + strlen(pub_key_y), pub_key_y, strlen(pub_key_y));
+    *errStatus = 0;
 }
 void trustedComplaintResponse(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret,
@@ -751,6 +809,9 @@ void trustedComplaintResponse(int *errStatus, char *errString, uint8_t *encrypte
    CHECK_STATE(_t <= _n);
    CHECK_STATE(_n > 0);
+    *errString = 0;
+    *errStatus = UNKNOWN_ERROR;
    char decrypted_dkg_secret[DKG_BUFER_LENGTH];
    trustedDecryptDkgSecret(errStatus, errString, encrypted_dkg_secret, (uint8_t *) decrypted_dkg_secret, dec_len);
    if (*errStatus != 0) {
@@ -759,6 +820,8 @@ void trustedComplaintResponse(int *errStatus, char *errString, uint8_t *encrypte
    }
    calc_secret_shareG2_old(decrypted_dkg_secret, s_shareG2, _t, ind1);
+    *errStatus = 0;
 }
 void trustedDkgVerify(int *errStatus, char *errString, const char *public_shares, const char *s_share,
@@ -770,6 +833,9 @@ void trustedDkgVerify(int *errStatus, char *errString, const char *public_shares
    CHECK_STATE(encryptedPrivateKey);
    CHECK_STATE(_t);
+    *errString = 0;
+    *errStatus = UNKNOWN_ERROR;
    char skey[ECDSA_SKEY_LEN];
    sgx_status_t status = sgx_unseal_data(
            (const sgx_sealed_data_t *) encryptedPrivateKey, NULL, 0, (uint8_t *) skey, &key_len);
@@ -810,9 +876,9 @@ void trustedDkgVerify(int *errStatus, char *errString, const char *public_shares
    }
    *result = Verification(public_shares, s, _t, _ind);
-    mpz_clear(s);
-    snprintf(errString, BUF_LEN, "common_key in verification is %s", common_key);
+    *errStatus = 0;
+    mpz_clear(s);
 }
 void trustedCreateBlsKey(int *errStatus, char *errString, const char *s_shares,
@@ -828,6 +894,8 @@ void trustedCreateBlsKey(int *errStatus, char *errString, const char *s_shares,
    CHECK_STATE(encryptedPrivateKey);
    CHECK_STATE(encr_bls_key);
+    *errString = 0;
+    *errStatus = UNKNOWN_ERROR;
    char skey[ECDSA_SKEY_LEN];
    sgx_status_t status = sgx_unseal_data(
@@ -912,6 +980,8 @@ void trustedCreateBlsKey(int *errStatus, char *errString, const char *s_shares,
    }
    *enc_bls_key_len = sealedLen;
+    *errStatus = 0;
    mpz_clear(bls_key);
    mpz_clear(sum);
    mpz_clear(q);
@@ -927,6 +997,9 @@ void trustedGetBlsPubKey(int *errStatus, char *errString, uint8_t *encryptedPriv
    CHECK_STATE(encryptedPrivateKey);
    CHECK_STATE(bls_pub_key);
+    *errString = 0;
+    *errStatus = UNKNOWN_ERROR;
    char skey_hex[ECDSA_SKEY_LEN];
@@ -945,6 +1018,8 @@ void trustedGetBlsPubKey(int *errStatus, char *errString, uint8_t *encryptedPriv
        snprintf(errString, BUF_LEN, "could not calculate bls public key");
        return;
    }
+    *errStatus = 0;
 }
 void trustedGenerateSEK(int *errStatus, char *errString,
@@ -957,6 +1032,9 @@ void trustedGenerateSEK(int *errStatus, char *errString,
    CHECK_STATE(encrypted_SEK);
    CHECK_STATE(SEK_hex);
+    *errString = 0;
+    *errStatus = UNKNOWN_ERROR;
    uint8_t SEK_raw[SGX_AESGCM_KEY_SIZE];
    sgx_read_rand(SEK_raw, SGX_AESGCM_KEY_SIZE);
@@ -978,14 +1056,20 @@ void trustedGenerateSEK(int *errStatus, char *errString,
    }
    *enc_len = sealedLen;
+    *errStatus = 0;
 }
 void trustedSetSEK(int *errStatus, char *errString, uint8_t *encrypted_SEK, uint64_t encr_len) {
    LOG_DEBUG(__FUNCTION__);
+    *errString = 0;
+    *errStatus = UNKNOWN_ERROR;
    CHECK_STATE(encrypted_SEK);
    uint8_t aes_key_hex[SGX_AESGCM_KEY_SIZE * 2];
    memset(aes_key_hex, 0, SGX_AESGCM_KEY_SIZE * 2);
@@ -999,12 +1083,17 @@ void trustedSetSEK(int *errStatus, char *errString, uint8_t *encrypted_SEK, uint
    uint64_t len;
    hex2carray(aes_key_hex, &len, (uint8_t *) AES_key);
+    *errStatus = 0;
 }
 void trustedSetSEK_backup(int *errStatus, char *errString,
                          uint8_t *encrypted_SEK, uint32_t *enc_len, const char *SEK_hex) {
    LOG_DEBUG(__FUNCTION__);
+    *errString = 0;
+    *errStatus = UNKNOWN_ERROR;
    CHECK_STATE(encrypted_SEK);
    CHECK_STATE(SEK_hex);
@@ -1022,11 +1111,17 @@ void trustedSetSEK_backup(int *errStatus, char *errString,
    }
    *enc_len = sealedLen;
+    *errStatus = 0;
 }
 void trustedGenerateEcdsaKeyAES(int *errStatus, char *errString,
                                uint8_t *encryptedPrivateKey, uint32_t *enc_len, char *pub_key_x, char *pub_key_y) {
    LOG_DEBUG(__FUNCTION__);
+    *errString = 0;
+    *errStatus = UNKNOWN_ERROR;
    CHECK_STATE(encryptedPrivateKey);
    CHECK_STATE(pub_key_x); CHECK_STATE(pub_key_y);
@@ -1109,6 +1204,8 @@ void trustedGenerateEcdsaKeyAES(int *errStatus, char *errString,
        return;
    }
+    *errStatus = 0;
    mpz_clear(skey);
    domain_parameters_clear(curve);
    point_clear(Pkey);
@@ -1118,6 +1215,9 @@ void trustedGetPublicEcdsaKeyAES(int *errStatus, char *errString,
                                 uint8_t *encryptedPrivateKey, uint32_t enc_len, char *pub_key_x, char *pub_key_y) {
    LOG_DEBUG(__FUNCTION__);
+    *errString = 0;
+    *errStatus = UNKNOWN_ERROR;
    CHECK_STATE(encryptedPrivateKey);
    CHECK_STATE(pub_key_x); CHECK_STATE(pub_key_y);
@@ -1192,6 +1292,8 @@ void trustedGetPublicEcdsaKeyAES(int *errStatus, char *errString,
    }
    strncpy(pub_key_y + n_zeroes, arr_y, 1024 - n_zeroes);
+    *errStatus = 0;
    mpz_clear(privateKeyMpz);
    domain_parameters_clear(curve);
    point_clear(Pkey);
@@ -1206,6 +1308,9 @@ void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPriv
                         unsigned char *hash, char *sigR, char *sigS, uint8_t *sig_v, int base) {
    LOG_DEBUG(__FUNCTION__);
+    *errString = 0;
+    *errStatus = UNKNOWN_ERROR;
    CHECK_STATE(encryptedPrivateKey);
    CHECK_STATE(hash);
    CHECK_STATE(sigR);
@@ -1294,6 +1399,8 @@ void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPriv
    *sig_v = sign->v;
+    *errStatus = 0;
    mpz_clear(privateKeyMpz);
    mpz_clear(msgMpz);
    signature_free(sign);
@@ -1303,6 +1410,9 @@ void trustedEncryptKeyAES(int *errStatus, char *errString, const char *key,
                          uint8_t *encryptedPrivateKey, uint32_t *enc_len) {
    LOG_DEBUG(__FUNCTION__);
+    *errString = 0;
+    *errStatus = UNKNOWN_ERROR;
    CHECK_STATE(key);
    CHECK_STATE(encryptedPrivateKey);
@@ -1351,8 +1461,12 @@ void trustedEncryptKeyAES(int *errStatus, char *errString, const char *key,
 void trustedDecryptKeyAES(int *errStatus, char *errString, uint8_t *encryptedPrivateKey,
                          uint32_t enc_len, char *key) {
    LOG_DEBUG(__FUNCTION__);
+    *errString = 0;
+    *errStatus = UNKNOWN_ERROR;
    CHECK_STATE(encryptedPrivateKey);
    CHECK_STATE(key);
@@ -1376,8 +1490,9 @@ void trustedDecryptKeyAES(int *errStatus, char *errString, uint8_t *encryptedPri
        return;
    }
-    *errStatus = 0;
    memcpy(errString, AES_key, 1024);
+    *errStatus = 0;
 }
 void trustedBlsSignMessageAES(int *errStatus, char *errString, uint8_t *encryptedPrivateKey,
@@ -1385,6 +1500,9 @@ void trustedBlsSignMessageAES(int *errStatus, char *errString, uint8_t *encrypte
                              char *_hashY, char *signature) {
    LOG_DEBUG(__FUNCTION__);
+    *errString = 0;
+    *errStatus = UNKNOWN_ERROR;
    CHECK_STATE(encryptedPrivateKey);
    CHECK_STATE(_hashX);
    CHECK_STATE(_hashY);
@@ -1411,14 +1529,18 @@ void trustedBlsSignMessageAES(int *errStatus, char *errString, uint8_t *encrypte
        *errStatus = -1;
        return;
    }
+    *errStatus = 0;
 }
 void
 trustedGenDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint32_t *enc_len, size_t _t) {
    LOG_DEBUG(__FUNCTION__);
-    CHECK_STATE(encrypted_dkg_secret);
+    *errString = 0;
+    *errStatus = UNKNOWN_ERROR;
+    CHECK_STATE(encrypted_dkg_secret);
    char dkg_secret[DKG_BUFER_LENGTH];
    memset(dkg_secret, 0, DKG_BUFER_LENGTH);
@@ -1454,12 +1576,18 @@ trustedGenDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_s
                 "encrypted poly is not equal to decrypted poly");
        *errStatus = -333;
    }
+    *errStatus = 0;
 }
 void
 trustedDecryptDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret,
                           uint8_t *decrypted_dkg_secret,
                           uint32_t *dec_len) {
+    *errString = 0;
+    *errStatus = UNKNOWN_ERROR;
    LOG_DEBUG(__FUNCTION__);
    CHECK_STATE(encrypted_dkg_secret);
@@ -1470,15 +1598,21 @@ trustedDecryptDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_d
    if (status != SGX_SUCCESS) {
        snprintf(errString, BUF_LEN, "aes decrypt data - encrypted_dkg_secret failed with status %d", status);
+        LOG_ERROR(errString);
        *errStatus = status;
        return;
    }
+    *errStatus = 0;
 }
 void trustedSetEncryptedDkgPolyAES(int *errStatus, char *errString, uint8_t *encrypted_poly, uint64_t *enc_len) {
    LOG_DEBUG(__FUNCTION__);
+    *errString = 0;
+    *errStatus = UNKNOWN_ERROR;
    CHECK_STATE(encrypted_poly);
    memset(getThreadLocalDecryptedDkgPoly(), 0, DKG_BUFER_LENGTH);
@@ -1490,12 +1624,19 @@ void trustedSetEncryptedDkgPolyAES(int *errStatus, char *errString, uint8_t *enc
        snprintf(errString, BUF_LEN, "sgx_unseal_data - encrypted_poly failed with status %d", status);
        return;
    }
+    *errStatus = 0;
 }
 void trustedGetEncryptedSecretShareAES(int *errStatus, char *errString, uint8_t *encrypted_skey, uint32_t *dec_len,
                                       char *result_str, char *s_shareG2, char *pub_keyB, uint8_t _t, uint8_t _n,
                                       uint8_t ind) {
+    LOG_DEBUG(__FUNCTION__);
+    *errString = 0;
+    *errStatus = UNKNOWN_ERROR;
    CHECK_STATE(encrypted_skey);
    CHECK_STATE(result_str);
    CHECK_STATE(s_shareG2);
@@ -1558,6 +1699,8 @@ void trustedGetEncryptedSecretShareAES(int *errStatus, char *errString, uint8_t
    strncpy(result_str, cypher, strlen(cypher));
    strncpy(result_str + strlen(cypher), pub_key_x, strlen(pub_key_x));
    strncpy(result_str + strlen(pub_key_x) + strlen(pub_key_y), pub_key_y, strlen(pub_key_y));
+    *errStatus = 0;
 }
 void trustedGetPublicSharesAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_secret, uint32_t enc_len,
@@ -1565,6 +1708,9 @@ void trustedGetPublicSharesAES(int *errStatus, char *errString, uint8_t *encrypt
                               unsigned _t, unsigned _n) {
    LOG_DEBUG(__FUNCTION__);
+    *errString = 0;
+    *errStatus = UNKNOWN_ERROR;
    CHECK_STATE(encrypted_dkg_secret);
    CHECK_STATE(public_shares);
    CHECK_STATE(_t <= _n && _n > 0)
@@ -1589,6 +1735,8 @@ void trustedGetPublicSharesAES(int *errStatus, char *errString, uint8_t *encrypt
        return;
    }
+    *errStatus = 0;
    free(decrypted_dkg_secret);
 }
@@ -1596,6 +1744,10 @@ void trustedDkgVerifyAES(int *errStatus, char *errString, const char *public_sha
                         uint8_t *encryptedPrivateKey, uint64_t enc_len, unsigned _t, int _ind, int *result) {
    LOG_DEBUG(__FUNCTION__);
+    *errString = 0;
+    *errStatus = UNKNOWN_ERROR;
    CHECK_STATE(public_shares);
    CHECK_STATE(s_share);
    CHECK_STATE(encryptedPrivateKey);
@@ -1645,9 +1797,13 @@ void trustedDkgVerifyAES(int *errStatus, char *errString, const char *public_sha
    }
    *result = Verification(public_shares, s, _t, _ind);
-    mpz_clear(s);
    snprintf(errString, BUF_LEN, "public shares %s", public_shares);
+    *errStatus = 0;
+    mpz_clear(s);
 }
 void trustedCreateBlsKeyAES(int *errStatus, char *errString, const char *s_shares,
@@ -1655,6 +1811,9 @@ void trustedCreateBlsKeyAES(int *errStatus, char *errString, const char *s_share
                            uint32_t *enc_bls_key_len) {
    LOG_DEBUG(__FUNCTION__);
+    *errString = 0;
+    *errStatus = UNKNOWN_ERROR;
    CHECK_STATE(s_shares);
    CHECK_STATE(encryptedPrivateKey);
    CHECK_STATE(encr_bls_key);
@@ -1762,6 +1921,8 @@ void trustedCreateBlsKeyAES(int *errStatus, char *errString, const char *s_share
    }
    *enc_bls_key_len = strlen(key_share) + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE;
+    *errStatus = 0;
    mpz_clear(bls_key);
    mpz_clear(sum);
    mpz_clear(q);
@@ -1772,6 +1933,9 @@ trustedGetBlsPubKeyAES(int *errStatus, char *errString, uint8_t *encryptedPrivat
                       char *bls_pub_key) {
    LOG_DEBUG(__FUNCTION__);
+    *errString = 0;
+    *errStatus = UNKNOWN_ERROR;
    CHECK_STATE(bls_pub_key);
    CHECK_STATE(encryptedPrivateKey);
@@ -1792,4 +1956,6 @@ trustedGetBlsPubKeyAES(int *errStatus, char *errString, uint8_t *encryptedPrivat
        snprintf(errString, BUF_LEN, "could not calculate bls public key");
        return;
    }
+    *errStatus = 0;
 }