Zeroize RSA DER buffer in d2i_RSAPrivateKey_bio before free

julek-wolfssl · julek-wolfssl · commit 9925f90720c5 · 2026-04-17T16:47:33.000+02:00
F-2146

wolfSSL_d2i_RSAPrivateKey_bio read PKCS#1-encoded RSA private key DER
from a BIO into a heap buffer and freed it without ForceZero. Zeroize
before XFREE on both success and error paths.
diff --git a/src/pk_rsa.c b/src/pk_rsa.c
@@ -719,6 +719,9 @@ WOLFSSL_RSA* wolfSSL_d2i_RSAPrivateKey_bio(WOLFSSL_BIO *bio, WOLFSSL_RSA **out)
         key = NULL;
     }
     /* Dispose of allocated data. */
+    if (der != NULL) {
+        ForceZero(der, (word32)derLen);
+    }
     XFREE(der, bio ? bio->heap : NULL, DYNAMIC_TYPE_TMP_BUFFER);
     return key;
 }

Original file line number	Diff line number	Diff line change
`@@ -719,6 +719,9 @@ WOLFSSL_RSA* wolfSSL_d2i_RSAPrivateKey_bio(WOLFSSL_BIO bio, WOLFSSL_RSA *out)`
`719`	`719`	`key = NULL;`
`720`	`720`	`}`
`721`	`721`	`/* Dispose of allocated data. */`
	`722`	`+ if (der != NULL) {`
	`723`	`+ ForceZero(der, (word32)derLen);`
	`724`	`+ }`
`722`	`725`	`XFREE(der, bio ? bio->heap : NULL, DYNAMIC_TYPE_TMP_BUFFER);`
`723`	`726`	`return key;`
`724`	`727`	`}`