Skip to content

Hardening in wc_MakeDsaKey and wc_FreeDsaKey#9892

Merged
douzzer merged 4 commits intowolfSSL:masterfrom
embhorn:f380-381-382
Mar 7, 2026
Merged

Hardening in wc_MakeDsaKey and wc_FreeDsaKey#9892
douzzer merged 4 commits intowolfSSL:masterfrom
embhorn:f380-381-382

Conversation

@embhorn
Copy link
Member

@embhorn embhorn commented Mar 5, 2026

Description

Use force zero to harden DSA operations

Fixes

  • f380
  • f381
  • f382

Checklist

  • added tests
  • updated/added doxygen
  • updated appropriate READMEs
  • Updated manual and documentation

@embhorn embhorn self-assigned this Mar 5, 2026
Copilot AI review requested due to automatic review settings March 5, 2026 21:20
Copilot AI reviewed Mar 5, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR hardens DSA key operations by using mp_forcezero (which zeroes memory before clearing) instead of mp_clear for sensitive private key material, and adds a ForceZero call on the temporary buffer used during key generation.

Changes:

  • wc_FreeDsaKey: Always calls mp_forcezero on the private key component x, removing the conditional check for DSA_PRIVATE
  • wc_MakeDsaKey: Replaces mp_clear with mp_forcezero on x in the error path, and adds ForceZero(cBuf, cSz) to clear the temporary buffer before freeing it

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@philljj philljj added the For This Release Release version 5.9.0 label Mar 6, 2026
@embhorn
Copy link
Member Author

embhorn commented Mar 6, 2026

Retest this please

@embhorn embhorn assigned wolfSSL-Bot and unassigned embhorn Mar 6, 2026
@douzzer douzzer added the Staged Staged for merge pending final test results and review label Mar 6, 2026
@douzzer douzzer merged commit 031c874 into wolfSSL:master Mar 7, 2026
455 of 457 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@douzzer douzzer douzzer approved these changes

Assignees

@wolfSSL-Bot wolfSSL-Bot

Labels

For This Release Release version 5.9.0 Staged Staged for merge pending final test results and review

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@embhorn @douzzer @wolfSSL-Bot @philljj