hkdf: change FIPS zeroization to use the OPENSSL_PEDANTIC_ZEROIZATION define

author Pauli <ppzgs1@gmail.com>

Wed, 27 Nov 2024 00:19:19 +0000 (11:19 +1100)

committer Tomas Mraz <tomas@openssl.org>

Thu, 28 Nov 2024 14:13:35 +0000 (15:13 +0100)
author Pauli <ppzgs1@gmail.com>
Wed, 27 Nov 2024 00:19:19 +0000 (11:19 +1100)
committer Tomas Mraz <tomas@openssl.org>
Thu, 28 Nov 2024 14:13:35 +0000 (15:13 +0100)
diff --git a/providers/implementations/kdfs/hkdf.c b/providers/implementations/kdfs/hkdf.c

index 78fc3498b208c9f89afcb397a7bf09622f97a6c0..264bc5d4c16210ff24516c9d97b7b68e7697cea0 100644 (file)
--- a/providers/implementations/kdfs/hkdf.c
+++ b/providers/implementations/kdfs/hkdf.c
@@ -128,7 +128,7 @@ static void kdf_hkdf_reset(void *vctx)
      void *provctx = ctx->provctx;
  
      ossl_prov_digest_reset(&ctx->digest);
-#ifdef FIPS_MODULE
+#ifdef OPENSSL_PEDANTIC_ZEROIZATION
      OPENSSL_clear_free(ctx->salt, ctx->salt_len);
  #else
      OPENSSL_free(ctx->salt);
author	Pauli <ppzgs1@gmail.com>
	Wed, 27 Nov 2024 00:19:19 +0000 (11:19 +1100)
committer	Tomas Mraz <tomas@openssl.org>
	Thu, 28 Nov 2024 14:13:35 +0000 (15:13 +0100)