From dfd37f42993bb845b6ee52ed80dfcfd54c1af077 Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Fri, 17 Apr 2026 16:45:29 +0200 Subject: [PATCH] Zeroize EC DER buffer in PEM write error path F-2141 The error path in wolfSSL_PEM_write_mem_ECPrivateKey freed the EC private key DER staging buffer without ForceZero. Zeroize before free. --- src/pk_ec.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/pk_ec.c b/src/pk_ec.c index 66647c9eb7..f7ec038d69 100644 --- a/src/pk_ec.c +++ b/src/pk_ec.c @@ -4095,6 +4095,7 @@ int wolfSSL_PEM_write_mem_ECPrivateKey(WOLFSSL_EC_KEY* ec, derSz = wc_EccKeyToDer((ecc_key*)ec->internal, derBuf, der_max_len); if (derSz < 0) { WOLFSSL_MSG("wc_EccKeyToDer failed"); + ForceZero(derBuf, der_max_len); XFREE(derBuf, NULL, DYNAMIC_TYPE_DER); ret = 0; }