Zeroize sensitive stack buffers in DRBG, X25519, Ed25519, ECDSA, ECDH…

[justsmth]

Issues

Addresses: AWS-LC-1073

Related

• Add OPENSSL_cleanse override to AES-GCM SAW proofs awslabs/aws-lc-verification#186

Description of changes:

Several functions were leaving sensitive intermediate values on the stack after returning. This change adds OPENSSL_cleanse calls to zeroize those buffers before they go out of scope:

• CTR-DRBG (ctrdrbg.c): Zeroize seed_material, temp, entropy_copy, and partial keystream block.
• ECDH (ecdh.c): Zeroize the raw shared secret buf in ECDH_compute_key_fips.
• ECDSA (ecdsa.c): Zeroize tmp after it holds k⁻¹ in ecdsa_sign_impl.
• X25519 / Ed25519 nohw (curve25519_nohw.c): Zeroize clamped private scalars, Montgomery ladder intermediates, and nonce-derived values.
• X25519 / Ed25519 s2n-bignum (curve25519_s2n_bignum_asm.c): Same treatment for the s2n-bignum code paths.
• GCM (gcm.c): Zeroize the GHASH hash key H (derived from AES_K(0^128)) and ghash_key. The early return statements in CRYPTO_ghash_init are refactored to goto out so all paths go through a single cleanup site.

Call-outs:

The GCM change is the only one with a structural refactor — the return → goto out conversion in CRYPTO_ghash_init. All other changes are purely additive OPENSSL_cleanse calls at function exit points.

Testing:

Existing tests cover the functional behavior of all affected code paths. These changes should be transparent since they only zero memory that is no longer used.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.

[codecov-commenter]

Codecov Report

❌ Patch coverage is 90.47619% with 4 lines in your changes missing coverage. Please review.
✅ Project coverage is 78.22%. Comparing base (0a7699e) to head (343d2e7).

Files with missing lines	Patch %	Lines
crypto/fipsmodule/modes/gcm.c	57.14%	3 Missing ⚠️
crypto/fipsmodule/rand/ctrdrbg.c	80.00%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #3121      +/-   ##
==========================================
- Coverage   78.22%   78.22%   -0.01%     
==========================================
  Files         689      689              
  Lines      122294   122332      +38     
  Branches    17062    17074      +12     
==========================================
+ Hits        95668    95697      +29     
- Misses      25722    25730       +8     
- Partials      904      905       +1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[sgmenda]

lgtm