Skip to content

Zeroize memory in SHA3 implementation #2171

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
SWilson4 merged 2 commits into from
Jun 20, 2025
Merged

Zeroize memory in SHA3 implementation #2171

SWilson4 merged 2 commits into from
Jun 20, 2025

Conversation

@aidenfoxivey
Copy link
Contributor

@aidenfoxivey aidenfoxivey commented Jun 20, 2025

Added a method to do aligned but also zeroed out freeing of context. Used this method within the liboqs's SHA3 implementation.

Doesn't quite fix all of 2163, but is a start.

  • Does this PR change the input/output behaviour of a cryptographic algorithm (i.e., does it change known answer test values)? (If so, a version bump will be required from x.y.z to x.(y+1).0.)

No.

  • Does this PR change the list of algorithms available -- either adding, removing, or renaming? Does this PR otherwise change an API? (If so, PRs in fully supported downstream projects dependent on these, i.e., oqs-provider will also need to be ready for review and merge by the time this is merged.)

No.

@aidenfoxivey aidenfoxivey requested a review from dstebila as a code owner June 20, 2025 00:44
@coveralls
Copy link

coveralls commented Jun 20, 2025

Coverage Status

coverage: 82.782% (+0.02%) from 82.763%
when pulling ac6593d on aidenfoxivey:main
into 47b8fdd on open-quantum-safe:main.

SWilson4
SWilson4 approved these changes Jun 20, 2025
View reviewed changes
Copy link
Member

@SWilson4 SWilson4 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @aidenfoxivey!

@SWilson4
Copy link
Member

SWilson4 commented Jun 20, 2025

Let's hold off on merging until #2167 lands and then rebase. I expect there will be merge conflicts, and they will be easier to resolve in this PR. If #2167 takes longer than expected to wrap up, then I will go ahead and merge this one.

@aidenfoxivey
Copy link
Contributor Author

aidenfoxivey commented Jun 20, 2025
edited
Loading

Sounds good to me @SWilson4 - anything I can do further wrt this issue? (or the broader one)

@SWilson4
Copy link
Member

SWilson4 commented Jun 20, 2025

Sounds good to me @SWilson4 - anything I can do further wrt this issue? (or the broader one)

Based on Douglas's assessment in #2163, I'd say the next work would be either sntrup or McEliece—you could take a look at patching that code to clear secret values. However, I'd expect this to take quite a bit longer and to require some analysis to figure out exactly what needs to be cleared.

@aidenfoxivey
Copy link
Contributor Author

aidenfoxivey commented Jun 20, 2025

Sounds good to me @SWilson4 - anything I can do further wrt this issue? (or the broader one)

Based on Douglas's assessment in #2163, I'd say the next work would be either sntrup or McEliece—you could take a look at patching that code to clear secret values. However, I'd expect this to take quite a bit longer and to require some analysis to figure out exactly what needs to be cleared.

Sounds good - I’ll take a look at McEliece to start.

@SWilson4 SWilson4 merged commit 50185c6 into open-quantum-safe:main Jun 20, 2025
86 checks passed
@aidenfoxivey
Copy link
Contributor Author

aidenfoxivey commented Jun 20, 2025

Woohoo!

@BrewTestBot BrewTestBot mentioned this pull request Jul 10, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dstebila dstebila dstebila approved these changes

+1 more reviewer

@SWilson4 SWilson4 SWilson4 approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@aidenfoxivey @coveralls @SWilson4 @dstebila