From: Pauli <ppzgs1@gmail.com>
Date: Wed, 27 Nov 2024 00:19:19 +0000 (+1100)
Subject: hkdf: change FIPS zeroization to use the OPENSSL_PEDANTIC_ZEROIZATION define
X-Git-Tag: openssl-3.5.0-alpha1~874
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=db1d8c90d52a4f2be1afd9448368c012b8990f1e;p=thirdparty%2Fopenssl.git

hkdf: change FIPS zeroization to use the OPENSSL_PEDANTIC_ZEROIZATION define

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26068)
---

diff --git a/providers/implementations/kdfs/hkdf.c b/providers/implementations/kdfs/hkdf.c
index 78fc3498b20..264bc5d4c16 100644
--- a/providers/implementations/kdfs/hkdf.c
+++ b/providers/implementations/kdfs/hkdf.c
@@ -128,7 +128,7 @@ static void kdf_hkdf_reset(void *vctx)
     void *provctx = ctx->provctx;
 
     ossl_prov_digest_reset(&ctx->digest);
-#ifdef FIPS_MODULE
+#ifdef OPENSSL_PEDANTIC_ZEROIZATION
     OPENSSL_clear_free(ctx->salt, ctx->salt_len);
 #else
     OPENSSL_free(ctx->salt);