Skip to content

Use wolfCrypt's wc_ForceZero()#1108

Open
ejohnstown wants to merge 1 commit into
wolfSSL:masterfrom
ejohnstown:wc_forcezero
Open

Use wolfCrypt's wc_ForceZero()#1108
ejohnstown wants to merge 1 commit into
wolfSSL:masterfrom
ejohnstown:wc_forcezero

Conversation

@ejohnstown

@ejohnstown ejohnstown commented Jul 16, 2026

Copy link
Copy Markdown
Contributor
  • Keep a gated fallback, wolfSSH_ForceZero().
  • Add macro WS_FORCEZERO gated between wc_ForceZero() or wolfSSH_ForceZero().
  • Use WS_FORCEZERO() in place of the local ForceZero().
  • Change the fallback's length parameter from word32 to size_t to match wc_ForceZero()'s signature.

Copilot AI review requested due to automatic review settings July 16, 2026 17:11

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR removes wolfSSH’s local ForceZero() helper and standardizes sensitive-memory wiping by using wolfCrypt’s wc_ForceZero() across the codebase, reducing duplicated implementations and aligning with wolfCrypt’s established zeroization API.

Changes:

  • Removed the local ForceZero() implementation from src/misc.c and its declaration from wolfssh/misc.h.
  • Replaced ForceZero() call sites with wc_ForceZero() in core SSH, SFTP, and wolfsshd auth code.
  • Updated unit test comments/documentation to reflect the new zeroization function name.

Reviewed changes

Copilot reviewed 7 out of 7 changed files in this pull request and generated 1 comment.

Show a summary per file
File Description
wolfssh/misc.h Removes local ForceZero() declaration from the misc inline API surface.
src/misc.c Deletes the local inline ForceZero() implementation.
src/internal.c Switches numerous secret-wiping call sites to wc_ForceZero().
src/ssh.c Uses wc_ForceZero() when wiping key buffers before freeing.
src/wolfsftp.c Uses wc_ForceZero() to wipe SFTP buffer contents before shrink/free.
apps/wolfsshd/auth.c Uses wc_ForceZero() to wipe password/hash copies before freeing.
tests/unit.c Updates commentary to refer to wc_ForceZero() to match implementation.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread src/internal.c

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 7 out of 7 changed files in this pull request and generated 1 comment.

Comment thread wolfssh/misc.h

@wolfSSL-Fenrir-bot wolfSSL-Fenrir-bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fenrir Automated Review — PR #1108

Scan targets checked: wolfssh-bugs, wolfssh-src

No new issues found in the changed files. ✅

@JacobBarthelmeh

Copy link
Copy Markdown
Contributor

@ejohnstown this picked up a merge conflict

@JacobBarthelmeh

Copy link
Copy Markdown
Contributor

@ejohnstown some CI is failing after the rebase, please look into the failing test cases.

- Keep a gated fallback, wolfSSH_ForceZero().
- Add macro WS_FORCEZERO gated between wc_ForceZero() or
  wolfSSH_ForceZero().
- Use WS_FORCEZERO() in place of the local ForceZero().
- Change the fallback's length parameter from word32 to size_t to
  match wc_ForceZero()'s signature.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

5 participants