Commit 3d2b2f01f0 for openssl.org

commit 3d2b2f01f050e6ff3470e00a4344138c4cafe99e
Author: nkraetzschmar <9020053+nkraetzschmar@users.noreply.github.com>
Date:   Tue Mar 10 22:33:59 2026 +0100

    ml-kem: wipe full seed buffer in ml_kem_gen_cleanup

    The gen ctx stores seed material in uint8_t seedbuf[ML_KEM_SEED_BYTES],
    where ML_KEM_SEED_BYTES = ML_KEM_RANDOM_BYTES * 2.
    When cleanup runs and gctx->seed != NULL, it wiped ML_KEM_RANDOM_BYTES
    so clearing only half of the seed buffer.

    This change wipes the entire buffer instead.

    CLA: trivial

    Reviewed-by: Paul Dale <paul.dale@oracle.com>
    Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
    MergeDate: Fri Mar 13 08:42:00 2026
    (Merged from https://github.com/openssl/openssl/pull/30355)

diff --git a/providers/implementations/keymgmt/ml_kem_kmgmt.c b/providers/implementations/keymgmt/ml_kem_kmgmt.c
index 9404d99c07..829597593b 100644
--- a/providers/implementations/keymgmt/ml_kem_kmgmt.c
+++ b/providers/implementations/keymgmt/ml_kem_kmgmt.c
@@ -797,7 +797,7 @@ static void ml_kem_gen_cleanup(void *vgctx)
         return;

     if (gctx->seed != NULL)
-        OPENSSL_cleanse(gctx->seed, ML_KEM_RANDOM_BYTES);
+        OPENSSL_cleanse(gctx->seed, ML_KEM_SEED_BYTES);
     OPENSSL_free(gctx->propq);
     OPENSSL_free(gctx);
 }