fips: zeroization of ECX public keys

Commit fa338aa7cd added zeroization of public security parameters as required by ISO 19790:2012/Cor.1:2015 7.9. However, that commit overlooked ECX keys, which are used for EdDSA and X25519/X448. Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25807)
2025-03-13 19:47:47 +08:00 · 2024-10-26 23:48:55 -05:00 · 2024-10-26 23:48:55 -05:00 · 04812ed1de
commit 04812ed1de
parent 3d090579e3
1 changed files with 3 additions and 0 deletions
--- a/crypto/ec/ecx_key.c
+++ b/crypto/ec/ecx_key.c
@ -75,6 +75,9 @@ void ossl_ecx_key_free(ECX_KEY *key)
    REF_ASSERT_ISNT(i < 0);

    OPENSSL_free(key->propq);
+#ifdef OPENSSL_PEDANTIC_ZEROIZATION
+    OPENSSL_cleanse(&key->pubkey, sizeof(key->pubkey));
+#endif
    OPENSSL_secure_clear_free(key->privkey, key->keylen);
    CRYPTO_FREE_REF(&key->references);
    OPENSSL_free(key);