Skip to content

fix: zeroize DSA private key buffers#270

Open
MarkAtwood wants to merge 1 commit into
wolfSSL:mainfrom
MarkAtwood:fix/dsa-genkey-zeroize
Open

fix: zeroize DSA private key buffers#270
MarkAtwood wants to merge 1 commit into
wolfSSL:mainfrom
MarkAtwood:fix/dsa-genkey-zeroize

Conversation

@MarkAtwood

Copy link
Copy Markdown

Bug

In wolfCLU_DsaParamSetup (src/dsa/clu_dsa.c), the genKey path serializes a freshly generated DSA key including the secret exponent x. The DER buffer (outBuf, populated by wc_DsaKeyToDer) and the PEM buffer (pem, DSA_PRIVATEKEY_TYPE) are freed at the end of the block via XFREE without being zeroized first. The private key material persists in freed heap.

Fix

Call wolfCLU_ForceZero(buf, sz) on both buffers before XFREE, matching wolfCLU's existing pattern for private-key buffers elsewhere (clu_parse.c, clu_pkcs8.c, clu_genkey.c). Only the genKey block is touched; the sibling param block (lines 210-279) serializes only public params (p,q,g via DSA_PARAM_TYPE) and needs no change.

Build verification

Compiled the patched translation unit clean under the project build flags against a full-featured wolfSSL install (DSA enabled). objdump -dr src/dsa/clu_dsa.o shows two relocations to wolfCLU_ForceZero, confirming the zeroize calls are live.

Reported by static analysis (Fenrir finding 665).

Copilot AI review requested due to automatic review settings July 9, 2026 23:49

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Note

Copilot couldn't run its full agentic review because no GitHub Actions runner was available. Make sure your repository has a runner available to run Copilot's review, or add a copilot-setup-steps.yml file specifying one with the runs-on attribute. See the docs for more details.

Fixes a security issue where DSA private key material could remain in freed heap memory by explicitly zeroizing temporary DER/PEM buffers before freeing them in the DSA key generation path.

Changes:

  • Zeroize the PEM-encoded DSA private key buffer (pem) before XFREE
  • Zeroize the DER-encoded DSA private key buffer (outBuf) before XFREE

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants