From: Pauli <ppzgs1@gmail.com>
Date: Wed, 27 Nov 2024 00:21:08 +0000 (+1100)
Subject: fips: change integrity check zeroization to use the OPENSSL_PEDANTIC_ZEROIZATION... 
X-Git-Tag: openssl-3.5.0-alpha1~872
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=01cfee2cdfee8d572abc538836c2cab61069399c;p=thirdparty%2Fopenssl.git

fips: change integrity check zeroization to use the OPENSSL_PEDANTIC_ZEROIZATION define

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26068)
---

diff --git a/providers/fips/self_test.c b/providers/fips/self_test.c
index f4fd3f51ae3..c966f24b362 100644
--- a/providers/fips/self_test.c
+++ b/providers/fips/self_test.c
@@ -289,7 +289,9 @@ err:
     OSSL_SELF_TEST_onend(ev, ret);
     EVP_MAC_CTX_free(ctx);
     EVP_MAC_free(mac);
+# ifdef OPENSSL_PEDANTIC_ZEROIZATION
     OPENSSL_cleanse(out, sizeof(out));
+# endif
     return ret;
 }
 #endif /* OPENSSL_NO_FIPS_POST */