From: nkraetzschmar <9020053+nkraetzschmar@users.noreply.github.com>
Date: Tue, 10 Mar 2026 21:33:59 +0000 (+0100)
Subject: ml-kem: wipe full seed buffer in ml_kem_gen_cleanup
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=3d2b2f01f050e6ff3470e00a4344138c4cafe99e;p=thirdparty%2Fopenssl.git

ml-kem: wipe full seed buffer in ml_kem_gen_cleanup

The gen ctx stores seed material in uint8_t seedbuf[ML_KEM_SEED_BYTES],
where ML_KEM_SEED_BYTES = ML_KEM_RANDOM_BYTES * 2.
When cleanup runs and gctx->seed != NULL, it wiped ML_KEM_RANDOM_BYTES
so clearing only half of the seed buffer.

This change wipes the entire buffer instead.

CLA: trivial

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
MergeDate: Fri Mar 13 08:42:00 2026
(Merged from https://github.com/openssl/openssl/pull/30355)
---

diff --git a/providers/implementations/keymgmt/ml_kem_kmgmt.c b/providers/implementations/keymgmt/ml_kem_kmgmt.c
index 9404d99c07b..829597593b4 100644
--- a/providers/implementations/keymgmt/ml_kem_kmgmt.c
+++ b/providers/implementations/keymgmt/ml_kem_kmgmt.c
@@ -797,7 +797,7 @@ static void ml_kem_gen_cleanup(void *vgctx)
         return;
 
     if (gctx->seed != NULL)
-        OPENSSL_cleanse(gctx->seed, ML_KEM_RANDOM_BYTES);
+        OPENSSL_cleanse(gctx->seed, ML_KEM_SEED_BYTES);
     OPENSSL_free(gctx->propq);
     OPENSSL_free(gctx);
 }