ml-kem: wipe full seed buffer in ml_kem_gen_cleanup

The gen ctx stores seed material in uint8_t seedbuf[ML_KEM_SEED_BYTES],
where ML_KEM_SEED_BYTES = ML_KEM_RANDOM_BYTES * 2.
When cleanup runs and gctx->seed != NULL, it wiped ML_KEM_RANDOM_BYTES
so clearing only half of the seed buffer.

This change wipes the entire buffer instead.

CLA: trivial

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
MergeDate: Fri Mar 13 08:42:00 2026
(Merged from https://github.com/openssl/openssl/pull/30355)

diff --git a/providers/implementations/keymgmt/ml_kem_kmgmt.c b/providers/implementations/keymgmt/ml_kem_kmgmt.c
index 9404d99c07b7b2f9cc09b4817f9c6dbef39b7f6a..829597593b4310e59d7a1df3306f2c2a3e8e7cbf 100644 (file)
--- a/providers/implementations/keymgmt/ml_kem_kmgmt.c
+++ b/providers/implementations/keymgmt/ml_kem_kmgmt.c
@@ -797,7 +797,7 @@ static void ml_kem_gen_cleanup(void *vgctx)
         return;
 
     if (gctx->seed != NULL)
-        OPENSSL_cleanse(gctx->seed, ML_KEM_RANDOM_BYTES);
+        OPENSSL_cleanse(gctx->seed, ML_KEM_SEED_BYTES);
     OPENSSL_free(gctx->propq);
     OPENSSL_free(gctx);
 }