fips: zeroize temporary self-check out MD variable

At least this is done on module startup only. To satisfy ISO/IEC 19790:2012/Cor.1:2015(E) Section 7.5 [05.10] requirement. Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25945)
2025-02-23 14:42:15 +08:00 · 2024-11-14 04:38:27 +00:00 · 2024-11-14 04:38:27 +00:00 · 5946465a87
commit 5946465a87
parent 69d0d93954
1 changed files with 1 additions and 0 deletions
--- a/providers/fips/self_test.c
+++ b/providers/fips/self_test.c
@ -289,6 +289,7 @@ err:
    OSSL_SELF_TEST_onend(ev, ret);
    EVP_MAC_CTX_free(ctx);
    EVP_MAC_free(mac);
+    OPENSSL_cleanse(out, sizeof(out));
    return ret;
 }
 #endif /* OPENSSL_NO_FIPS_POST */