]> git.ipfire.org Git - thirdparty/openssl.git/commit
projects / thirdparty / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 411b57b) | patch
ml-kem: wipe full seed buffer in ml_kem_gen_cleanup
authornkraetzschmar <9020053+nkraetzschmar@users.noreply.github.com>
Tue, 10 Mar 2026 21:33:59 +0000 (22:33 +0100)
committerNorbert Pocs <norbertp@openssl.org>
Fri, 13 Mar 2026 08:43:08 +0000 (09:43 +0100)
commitefa9d3d9f2ae657ecb6ca5b6e5ea5f00e2b82504
treeeb5c2d9e31758128550600e6583d4b0e1e469ae0tree | snapshot
parent411b57bb906b75f64a93482b5d7c6732c57ca716commit | diff
ml-kem: wipe full seed buffer in ml_kem_gen_cleanup

The gen ctx stores seed material in uint8_t seedbuf[ML_KEM_SEED_BYTES],
where ML_KEM_SEED_BYTES = ML_KEM_RANDOM_BYTES * 2.
When cleanup runs and gctx->seed != NULL, it wiped ML_KEM_RANDOM_BYTES
so clearing only half of the seed buffer.

This change wipes the entire buffer instead.

CLA: trivial

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
MergeDate: Fri Mar 13 08:43:12 2026
(Merged from https://github.com/openssl/openssl/pull/30355)
providers/implementations/keymgmt/ml_kem_kmgmt.c diff | blob | blame | history
Mirror of https://github.com/openssl/openssl.git