fips: zeroization of public security parameters (PSPs)

ISO 19790:2012/Cor.1:2015 7.9 requires cryptographic module to provide methods to zeroise all unproctected security sensitive parameters (which inclues both Critical/Private **and** Public security parameters). And those that are temprorarly stored are required to be zeroised after they are no longer needed at security levels 2 and higher. Comply with the above requirements is to always zeroise public security parameters whenever they are freed. This is currently done under the FIPS feature, however the requirement comes from the ISO 19790:2012 which may also be needed in other jurisdictions. If not always. Note FIPS 140-3 includes ISO 19790:2012 by reference.
openssl · May 9, 2024 · 3c32acb · 3c32acb
1 parent d318411
commit 3c32acb
Show file tree

Hide file tree

Showing 6 changed files with 29 additions and 0 deletions.
diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c
@@ -746,9 +746,13 @@ void EC_POINT_free(EC_POINT *point)
     if (point == NULL)
         return;
 
+#ifndef FIPS_MODULE
     if (point->meth->point_finish != 0)
         point->meth->point_finish(point);
     OPENSSL_free(point);
+#else
+    EC_POINT_clear_free(point);
+#endif
 }
 
 void EC_POINT_clear_free(EC_POINT *point)

diff --git a/crypto/ffc/ffc_params.c b/crypto/ffc/ffc_params.c
@@ -27,11 +27,19 @@ void ossl_ffc_params_init(FFC_PARAMS *params)
 
 void ossl_ffc_params_cleanup(FFC_PARAMS *params)
 {
+#ifndef FIPS_MODULE
     BN_free(params->p);
     BN_free(params->q);
     BN_free(params->g);
     BN_free(params->j);
     OPENSSL_free(params->seed);
+#else
+    BN_clear_free(params->p);
+    BN_clear_free(params->q);
+    BN_clear_free(params->g);
+    BN_clear_free(params->j);
+    OPENSSL_clear_free(params->seed, params->seedlen);
+#endif
     ossl_ffc_params_init(params);
 }
 

diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c
@@ -159,8 +159,13 @@ void RSA_free(RSA *r)
     CRYPTO_THREAD_lock_free(r->lock);
     CRYPTO_FREE_REF(&r->references);
 
+#ifndef FIPS_MODULE
     BN_free(r->n);
     BN_free(r->e);
+#else
+    BN_clear_free(r->n);
+    BN_clear_free(r->e);
+#endif
     BN_clear_free(r->d);
     BN_clear_free(r->p);
     BN_clear_free(r->q);

diff --git a/providers/implementations/kdfs/hkdf.c b/providers/implementations/kdfs/hkdf.c
@@ -117,7 +117,11 @@ static void kdf_hkdf_reset(void *vctx)
     void *provctx = ctx->provctx;
 
     ossl_prov_digest_reset(&ctx->digest);
+#ifndef FIPS_MODULE
     OPENSSL_free(ctx->salt);
+#else
+    OPENSSL_clear_free(ctx->salt, ctx->salt_len);
+#endif
     OPENSSL_free(ctx->prefix);
     OPENSSL_free(ctx->label);
     OPENSSL_clear_free(ctx->data, ctx->data_len);

diff --git a/providers/implementations/kdfs/pbkdf2.c b/providers/implementations/kdfs/pbkdf2.c
@@ -90,7 +90,11 @@ static void *kdf_pbkdf2_new(void *provctx)
 static void kdf_pbkdf2_cleanup(KDF_PBKDF2 *ctx)
 {
     ossl_prov_digest_reset(&ctx->digest);
+#ifndef FIPS_MODULE
     OPENSSL_free(ctx->salt);
+#else
+    OPENSSL_clear_free(ctx->salt, ctx->salt_len);
+#endif
     OPENSSL_clear_free(ctx->pass, ctx->pass_len);
     memset(ctx, 0, sizeof(*ctx));
 }

diff --git a/providers/implementations/kdfs/pkcs12kdf.c b/providers/implementations/kdfs/pkcs12kdf.c
@@ -151,7 +151,11 @@ static void *kdf_pkcs12_new(void *provctx)
 static void kdf_pkcs12_cleanup(KDF_PKCS12 *ctx)
 {
     ossl_prov_digest_reset(&ctx->digest);
+#ifndef FIPS_MODULE
     OPENSSL_free(ctx->salt);
+#else
+    OPENSSL_clear_free(ctx->salt, ctx->salt_len);
+#endif
     OPENSSL_clear_free(ctx->pass, ctx->pass_len);
     memset(ctx, 0, sizeof(*ctx));
 }