Fix PEM input validation and zeroize sensitive key buffers

[JeremiahM37]

Fixes F-2682, F-2209, F-2210, F-2211

• Reject negative pemSz in wc_CertPemToDer / wc_PubKeyPemToDer (prevents word32 wrap →
  out-of-bounds XSTRNSTR).
• Zero HMAC-DRBG K and V in wc_ecc_gen_deterministic_k before free (RFC 6979 state could leak nonce/private key).
• Zero PKCS#12 key-bag tmp and keyBuf buffers at all free sites in wc_PKCS12_create_key_bag / wc_PKCS12_create (held raw private-key material).

Added negative/zero pemSz assertions to test_wc_CertPemToDer and test_wc_PubKeyPemToDer

[JeremiahM37]

Jenkins retest this please

[github-actions]

MemBrowse Memory Report

No memory changes detected for:

• gcc-arm-cortex-m4- gcc-arm-cortex-m4-baremetal- gcc-arm-cortex-m4-min-ecc- gcc-arm-cortex-m4-tls12

[wolfSSL-Fenrir-bot]

Fenrir Automated Review — PR #10231

Scan targets checked: wolfcrypt-api_misuse, wolfcrypt-bugs, wolfcrypt-compliance, wolfcrypt-concurrency, wolfcrypt-consttime, wolfcrypt-defaults, wolfcrypt-mutation, wolfcrypt-portability, wolfcrypt-proptest, wolfcrypt-src, wolfcrypt-zeroize

Findings: 1
1 finding(s) posted as inline comments (see file-level comments below)

This review was generated automatically by Fenrir. Findings are non-blocking.

[wolfSSL-Fenrir-bot]

🟠 [Medium] Size mismatch between wc_MemZero_Add and wc_MemZero_Check for K and V buffers
Category: API contract violations

The new wc_MemZero_Add calls at lines 7669-7670 register K and V with sizes KSz and VSz respectively, but the corresponding wc_MemZero_Check calls at lines 7826-7827 use WC_MAX_DIGEST_SIZE. If KSz or VSz differ from WC_MAX_DIGEST_SIZE (which they will when the hash digest size is smaller than the maximum), the wc_MemZero_Check call passes a different size than what was registered with wc_MemZero_Add. Depending on how the wc_MemZero_Check framework matches entries (by pointer and size), this mismatch could cause the check to fail to find the registered entry or to check the wrong byte range, leading to either false-positive assertions in debug builds or silently skipping the zero-verification.

/* Lines 7669-7670 (Add) */
    wc_MemZero_Add("wc_ecc_gen_deterministic_k K", K, KSz);
    wc_MemZero_Add("wc_ecc_gen_deterministic_k V", V, VSz);

/* Lines 7815-7816 (ForceZero) */
    ForceZero(K, WC_MAX_DIGEST_SIZE);
    ForceZero(V, WC_MAX_DIGEST_SIZE);

/* Lines 7826-7827 (Check) */
    wc_MemZero_Check(K, WC_MAX_DIGEST_SIZE);
    wc_MemZero_Check(V, WC_MAX_DIGEST_SIZE);

Recommendation: Use consistent sizes across wc_MemZero_Add, ForceZero, and wc_MemZero_Check. Either change the Add calls to use WC_MAX_DIGEST_SIZE (since ForceZero zeroes that many bytes and the arrays are that large), or change the ForceZero and Check calls to use KSz/VSz. Using WC_MAX_DIGEST_SIZE everywhere is likely the safest approach since it zeroes and verifies the entire stack buffer:

wc_MemZero_Add("wc_ecc_gen_deterministic_k K", K, WC_MAX_DIGEST_SIZE);
wc_MemZero_Add("wc_ecc_gen_deterministic_k V", V, WC_MAX_DIGEST_SIZE);