zzy/openssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

hkdf: change FIPS zeroization to use the OPENSSL_PEDANTIC_ZEROIZATION define

Browse Source 
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26068)
This commit is contained in:
Pauli 2024-11-27 11:19:19 +11:00 committed by Tomas Mraz
parent e73c1faa53
commit db1d8c90d5
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
providers/implementations/kdfs/hkdf.c
View File

@ -128,7 +128,7 @@ static void kdf_hkdf_reset(void *vctx)
void *provctx = ctx->provctx; void *provctx = ctx->provctx;
ossl_prov_digest_reset(&ctx->digest); ossl_prov_digest_reset(&ctx->digest);
#ifdef FIPS_MODULE #ifdef OPENSSL_PEDANTIC_ZEROIZATION
OPENSSL_clear_free(ctx->salt, ctx->salt_len); OPENSSL_clear_free(ctx->salt, ctx->salt_len);
#else #else
OPENSSL_free(ctx->salt); OPENSSL_free(ctx->salt);