security: Add proper memory zeroizing for sensitive data

- Zeroize clamped scalar 'e' in x25519_sw() before return
- Zeroize output on failure in compute_shared_secret()
- Zeroize output on failure in derive_public_key()
- Fix return value propagation in compute_shared_secret() and derive_public_key()
- Use memzero_explicit() consistently (not se050_x25519_sw_zeroize wrapper)

src/se050_x25519_sw.c

@@ -584,7 +584,13 @@ int x25519_sw(uint8_t out[32], const uint8_t scalar[32], const uint8_t point[32]
     /* Step 7: reject all-zero output */
     uint8_t acc = 0;
     for (i = 0; i < 32; i++) acc |= out[i];
-    if (acc == 0) return -1;
+    if (acc == 0) {
+        memzero_explicit(e, 32);
+        return -1;
+    }
+
+    /* Zeroize clamped scalar before return */
+    memzero_explicit(e, 32);
 
     return 0;
 }
@@ -620,9 +626,13 @@ int se050_x25519_sw_compute_shared_secret(uint8_t *shared_secret,
     uint8_t clamped[32];
     memcpy(clamped, private_key, 32);
     se050_x25519_sw_clamp(clamped);
-    x25519_sw(shared_secret, clamped, peer_public);
+    int ret = x25519_sw(shared_secret, clamped, peer_public);
-    se050_x25519_sw_zeroize(clamped, 32);
+    memzero_explicit(clamped, 32);
-    return 0;
+    if (ret < 0) {
+        /* Zeroize output on failure */
+        memzero_explicit(shared_secret, 32);
+    }
+    return ret;
 }
 
 int se050_x25519_sw_derive_public_key(uint8_t *public_key,
@@ -632,9 +642,12 @@ int se050_x25519_sw_derive_public_key(uint8_t *public_key,
     uint8_t clamped[32];
     memcpy(clamped, private_key, 32);
     se050_x25519_sw_clamp(clamped);
-    x25519_sw(public_key, clamped, (const uint8_t*)"basepoint");
+    int ret = x25519_sw(public_key, clamped, (const uint8_t*)"basepoint");
-    se050_x25519_sw_zeroize(clamped, 32);
+    memzero_explicit(clamped, 32);
-    return 0;
+    if (ret < 0) {
+        memzero_explicit(public_key, 32);
+    }
+    return ret;
 }
 
 #ifdef X25519_SW_TEST