Zeroize PKCS#8 DER staging area in PEM write helper

julek-wolfssl · julek-wolfssl · commit 00fff0f3fc82 · 2026-04-17T16:48:06.000+02:00
F-2148

pem_write_mem_pkcs8privatekey stages the PKCS#8 DER encoded private key
at the tail of the PEM buffer, then writes the shorter PEM output at
the head of the same buffer. The DER tail is not overwritten, leaking
the plaintext private key to heap memory after the callers free. Zero
the DER staging area before returning.
diff --git a/src/pk.c b/src/pk.c
@@ -7208,6 +7208,12 @@ static int pem_write_mem_pkcs8privatekey(byte** pem, int* pemSz,
         }
     }
 
+    /* Zero the DER staging area at the tail of the buffer so the plaintext
+     * private key material is not left in freed heap memory. */
+    if (key != NULL && keySz > 0) {
+        ForceZero(key, keySz);
+    }
+
     /* Return appropriate return code. */
     return (res == 0) ? 0 : ret;
 

Original file line number	Diff line number	Diff line change
`@@ -7208,6 +7208,12 @@ static int pem_write_mem_pkcs8privatekey(byte** pem, int* pemSz,`
`7208`	`7208`	`}`
`7209`	`7209`	`}`
`7210`	`7210`
	`7211`	`+ /* Zero the DER staging area at the tail of the buffer so the plaintext`
	`7212`	`+ * private key material is not left in freed heap memory. */`
	`7213`	`+ if (key != NULL && keySz > 0) {`
	`7214`	`+ ForceZero(key, keySz);`
	`7215`	`+ }`
	`7216`	`+`
`7211`	`7217`	`/* Return appropriate return code. */`
`7212`	`7218`	`return (res == 0) ? 0 : ret;`
`7213`	`7219`