Zeroize EC DER buffer in i2d_ECPrivateKey error path

julek-wolfssl · julek-wolfssl · commit 87e5c62111d3 · 2026-04-17T16:47:47.000+02:00
F-2147

The error path in wolfSSL_i2d_ECPrivateKey could free an EC private key
DER staging buffer that may contain a partial private scalar. Zeroize
before XFREE.
diff --git a/src/pk_ec.c b/src/pk_ec.c
@@ -3524,6 +3524,9 @@ int wolfSSL_i2d_ECPrivateKey(const WOLFSSL_EC_KEY *key, unsigned char **out)
 
         /* Dispose of any allocated buffer on error. */
         if (err && (*out == buf)) {
+            if (buf != NULL) {
+                ForceZero(buf, len);
+            }
             XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
             *out = NULL;
         }

Original file line number	Diff line number	Diff line change
`@@ -3524,6 +3524,9 @@ int wolfSSL_i2d_ECPrivateKey(const WOLFSSL_EC_KEY key, unsigned char *out)`
`3524`	`3524`
`3525`	`3525`	`/* Dispose of any allocated buffer on error. */`
`3526`	`3526`	`if (err && (*out == buf)) {`
	`3527`	`+ if (buf != NULL) {`
	`3528`	`+ ForceZero(buf, len);`
	`3529`	`+ }`
`3527`	`3530`	`XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);`
`3528`	`3531`	`*out = NULL;`
`3529`	`3532`	`}`