From 01cfee2cdfee8d572abc538836c2cab61069399c Mon Sep 17 00:00:00 2001
From: Pauli <ppzgs1@gmail.com>
Date: Wed, 27 Nov 2024 11:21:08 +1100
Subject: [PATCH] fips: change integrity check zeroization to use the
 OPENSSL_PEDANTIC_ZEROIZATION define

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26068)
---
 providers/fips/self_test.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/providers/fips/self_test.c b/providers/fips/self_test.c
index f4fd3f51ae..c966f24b36 100644
--- a/providers/fips/self_test.c
+++ b/providers/fips/self_test.c
@@ -289,7 +289,9 @@ err:
     OSSL_SELF_TEST_onend(ev, ret);
     EVP_MAC_CTX_free(ctx);
     EVP_MAC_free(mac);
+# ifdef OPENSSL_PEDANTIC_ZEROIZATION
     OPENSSL_cleanse(out, sizeof(out));
+# endif
     return ret;
 }
 #endif /* OPENSSL_NO_FIPS_POST */