Skip to content

fix(dh): wipe DH private key from stack#267

Open
MarkAtwood wants to merge 1 commit into
wolfSSL:mainfrom
MarkAtwood:fix/wipe-dh-priv-stack
Open

fix(dh): wipe DH private key from stack#267
MarkAtwood wants to merge 1 commit into
wolfSSL:mainfrom
MarkAtwood:fix/wipe-dh-priv-stack

Conversation

@MarkAtwood

Copy link
Copy Markdown

Bug

In wolfCLU_DhParamSetup (src/dh/clu_dh.c), the genKey block declares a stack buffer byte priv[WOLFSSL_MAX_DH_BITS/8] and fills it with the DH private key via wc_DhGenerateKeyPair. When the block ends the function returns with priv left un-wiped on the stack, leaking private key material.

This is the outlier in wolfCLU's own convention: private-key buffers are scrubbed with wolfCLU_ForceZero throughout the codebase (clu_genkey.c, clu_sign.c, clu_pkcs8/pkcs12, etc.). The DH keygen path omitted the wipe.

Fix

Add wolfCLU_ForceZero(priv, sizeof(priv)) immediately before the block closes, after the outBuf free. wolfCLU_ForceZero is already declared in wolfclu/clu_header_main.h — no new include.

How verified

Compiled the patched translation unit against a wolfSSL --enable-all install (gcc -c, EXIT=0). Preprocessor + nm confirm the wolfCLU_ForceZero(priv, ...) call is live (undefined reference in the object, one call in the preprocessed output), not compiled out behind an ifdef.

Reported by static analysis (Fenrir finding 664).

Copilot AI review requested due to automatic review settings July 9, 2026 23:48

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Note

Copilot couldn't run its full agentic review because no GitHub Actions runner was available. Make sure your repository has a runner available to run Copilot's review, or add a copilot-setup-steps.yml file specifying one with the runs-on attribute. See the docs for more details.

Fixes a security bug in the DH parameter/key generation path where DH private key material was left resident on the stack after wolfCLU_DhParamSetup returns.

Changes:

  • Scrub the stack-resident DH private key buffer (priv) via wolfCLU_ForceZero(priv, sizeof(priv)) before exiting the genKey block.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants