Zeroize EC DER buffer in PEM write error path

julek-wolfssl · julek-wolfssl · commit dfd37f42993b · 2026-04-17T16:45:29.000+02:00
F-2141

The error path in wolfSSL_PEM_write_mem_ECPrivateKey freed the EC
private key DER staging buffer without ForceZero. Zeroize before free.
diff --git a/src/pk_ec.c b/src/pk_ec.c
@@ -4095,6 +4095,7 @@ int wolfSSL_PEM_write_mem_ECPrivateKey(WOLFSSL_EC_KEY* ec,
         derSz = wc_EccKeyToDer((ecc_key*)ec->internal, derBuf, der_max_len);
         if (derSz < 0) {
             WOLFSSL_MSG("wc_EccKeyToDer failed");
+            ForceZero(derBuf, der_max_len);
             XFREE(derBuf, NULL, DYNAMIC_TYPE_DER);
             ret = 0;
         }

Original file line number	Diff line number	Diff line change
`@@ -4095,6 +4095,7 @@ int wolfSSL_PEM_write_mem_ECPrivateKey(WOLFSSL_EC_KEY* ec,`
`4095`	`4095`	`derSz = wc_EccKeyToDer((ecc_key*)ec->internal, derBuf, der_max_len);`
`4096`	`4096`	`if (derSz < 0) {`
`4097`	`4097`	`WOLFSSL_MSG("wc_EccKeyToDer failed");`
	`4098`	`+ ForceZero(derBuf, der_max_len);`
`4098`	`4099`	`XFREE(derBuf, NULL, DYNAMIC_TYPE_DER);`
`4099`	`4100`	`ret = 0;`
`4100`	`4101`	`}`