]> git.ipfire.org Git - thirdparty/openssl.git/commitdiff
projects / thirdparty / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 3d09057)
fips: zeroization of ECX public keys
authorJoachim Vandersmissen <git@jvdsn.com>
Sun, 27 Oct 2024 04:48:55 +0000 (23:48 -0500)
committerTomas Mraz <tomas@openssl.org>
Tue, 3 Dec 2024 09:37:14 +0000 (10:37 +0100)
Commit fa338aa7cd added zeroization of public security parameters as
required by ISO 19790:2012/Cor.1:2015 7.9. However, that commit
overlooked ECX keys, which are used for EdDSA and X25519/X448.

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25807)

crypto/ec/ecx_key.c patch | blob | blame | history

diff --git a/crypto/ec/ecx_key.c b/crypto/ec/ecx_key.c
index ba725eb573c28cabf0199f889586e419000087c1..98f68cd013438d234e2471733bb91bfc698f3c1c 100644 (file)
--- a/crypto/ec/ecx_key.c
+++ b/crypto/ec/ecx_key.c
@@ -75,6 +75,9 @@ void ossl_ecx_key_free(ECX_KEY *key)
     REF_ASSERT_ISNT(i < 0);
 
     OPENSSL_free(key->propq);
+#ifdef OPENSSL_PEDANTIC_ZEROIZATION
+    OPENSSL_cleanse(&key->pubkey, sizeof(key->pubkey));
+#endif
     OPENSSL_secure_clear_free(key->privkey, key->keylen);
     CRYPTO_FREE_REF(&key->references);
     OPENSSL_free(key);
Mirror of https://github.com/openssl/openssl.git