From 04812ed1de6db39f2a5cc758151ddb167afe4965 Mon Sep 17 00:00:00 2001
From: Joachim Vandersmissen <git@jvdsn.com>
Date: Sat, 26 Oct 2024 23:48:55 -0500
Subject: [PATCH] fips: zeroization of ECX public keys

Commit fa338aa7cd added zeroization of public security parameters as
required by ISO 19790:2012/Cor.1:2015 7.9. However, that commit
overlooked ECX keys, which are used for EdDSA and X25519/X448.

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25807)
---
 crypto/ec/ecx_key.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/crypto/ec/ecx_key.c b/crypto/ec/ecx_key.c
index ba725eb573..98f68cd013 100644
--- a/crypto/ec/ecx_key.c
+++ b/crypto/ec/ecx_key.c
@@ -75,6 +75,9 @@ void ossl_ecx_key_free(ECX_KEY *key)
     REF_ASSERT_ISNT(i < 0);
 
     OPENSSL_free(key->propq);
+#ifdef OPENSSL_PEDANTIC_ZEROIZATION
+    OPENSSL_cleanse(&key->pubkey, sizeof(key->pubkey));
+#endif
     OPENSSL_secure_clear_free(key->privkey, key->keylen);
     CRYPTO_FREE_REF(&key->references);
     OPENSSL_free(key);