Zeroize memory in SHA3 implementation (#2171)

author Aiden Fox Ivey <aiden@aidenfoxivey.com>

Fri, 20 Jun 2025 18:12:12 +0000 (14:12 -0400)

committer GitHub <noreply@github.com>

Fri, 20 Jun 2025 18:12:12 +0000 (14:12 -0400)
author Aiden Fox Ivey <aiden@aidenfoxivey.com>
Fri, 20 Jun 2025 18:12:12 +0000 (14:12 -0400)
committer GitHub <noreply@github.com>
Fri, 20 Jun 2025 18:12:12 +0000 (14:12 -0400)
diff --git a/src/common/common.c b/src/common/common.c

index 7f45e37b1b576511af3f5ff3b658c2a20f5a4539..0554a94d243fe3b6bae2f5303e83a7bca166ebe3 100644 (file)
--- a/src/common/common.c
+++ b/src/common/common.c
@@ -411,6 +411,11 @@ void OQS_MEM_aligned_free(void *ptr) {
  #endif
  }
  
+void OQS_MEM_aligned_secure_free(void *ptr, size_t len) {
+       OQS_MEM_cleanse(ptr, len);
+       OQS_MEM_aligned_free(ptr);
+}
+
  OQS_API void *OQS_MEM_malloc(size_t size) {
  #if defined(OQS_USE_OPENSSL)
         return OSSL_FUNC(CRYPTO_malloc)(size, OPENSSL_FILE, OPENSSL_LINE);
diff --git a/src/common/common.h b/src/common/common.h

index 0dcf4489708e51e4b831c9f1eda8c41e7112ef17..ee01ff8064590c8c20ccc54667a2fbaaf5da07d3 100644 (file)
--- a/src/common/common.h
+++ b/src/common/common.h
@@ -274,6 +274,11 @@ void *OQS_MEM_aligned_alloc(size_t alignment, size_t size);
   */
  void OQS_MEM_aligned_free(void *ptr);
  
+/**
+ * Free and zeroize memory allocated with OQS_MEM_aligned_alloc.
+ */
+void OQS_MEM_aligned_secure_free(void *ptr, size_t len);
+
  #if defined(__cplusplus)
  } // extern "C"
  #endif
diff --git a/src/common/sha3/xkcp_sha3.c b/src/common/sha3/xkcp_sha3.c

index 8087c7f02d957a03c57a633f65dcfdb173276ab5..a9186c9ada75df156791d5b33f6f8e3b17eec619 100644 (file)
--- a/src/common/sha3/xkcp_sha3.c
+++ b/src/common/sha3/xkcp_sha3.c
@@ -224,7 +224,7 @@ static void SHA3_sha3_256_inc_finalize(uint8_t *output, OQS_SHA3_sha3_256_inc_ct
  }
  
  static void SHA3_sha3_256_inc_ctx_release(OQS_SHA3_sha3_256_inc_ctx *state) {
-       OQS_MEM_aligned_free(state->ctx);
+       OQS_MEM_aligned_secure_free(state->ctx, KECCAK_CTX_BYTES);
  }
  
  static void SHA3_sha3_256_inc_ctx_clone(OQS_SHA3_sha3_256_inc_ctx *dest, const OQS_SHA3_sha3_256_inc_ctx *src) {
@@ -260,7 +260,7 @@ static void SHA3_sha3_384_inc_finalize(uint8_t *output, OQS_SHA3_sha3_384_inc_ct
  }
  
  static void SHA3_sha3_384_inc_ctx_release(OQS_SHA3_sha3_384_inc_ctx *state) {
-       OQS_MEM_aligned_free(state->ctx);
+       OQS_MEM_aligned_secure_free(state->ctx, KECCAK_CTX_BYTES);
  }
  
  static void SHA3_sha3_384_inc_ctx_clone(OQS_SHA3_sha3_384_inc_ctx *dest, const OQS_SHA3_sha3_384_inc_ctx *src) {
@@ -297,7 +297,7 @@ static void SHA3_sha3_512_inc_finalize(uint8_t *output, OQS_SHA3_sha3_512_inc_ct
  }
  
  static void SHA3_sha3_512_inc_ctx_release(OQS_SHA3_sha3_512_inc_ctx *state) {
-       OQS_MEM_aligned_free(state->ctx);
+       OQS_MEM_aligned_secure_free(state->ctx, KECCAK_CTX_BYTES);
  }
  
  static void SHA3_sha3_512_inc_ctx_clone(OQS_SHA3_sha3_512_inc_ctx *dest, const OQS_SHA3_sha3_512_inc_ctx *src) {
@@ -344,7 +344,7 @@ static void SHA3_shake128_inc_ctx_clone(OQS_SHA3_shake128_inc_ctx *dest, const O
  }
  
  static void SHA3_shake128_inc_ctx_release(OQS_SHA3_shake128_inc_ctx *state) {
-       OQS_MEM_aligned_free(state->ctx);
+       OQS_MEM_aligned_secure_free(state->ctx, KECCAK_CTX_BYTES);
  }
  
  static void SHA3_shake128_inc_ctx_reset(OQS_SHA3_shake128_inc_ctx *state) {
@@ -383,7 +383,7 @@ static void SHA3_shake256_inc_squeeze(uint8_t *output, size_t outlen, OQS_SHA3_s
  }
  
  static void SHA3_shake256_inc_ctx_release(OQS_SHA3_shake256_inc_ctx *state) {
-       OQS_MEM_aligned_free(state->ctx);
+       OQS_MEM_aligned_secure_free(state->ctx, KECCAK_CTX_BYTES);
  }
  
  static void SHA3_shake256_inc_ctx_clone(OQS_SHA3_shake256_inc_ctx *dest, const OQS_SHA3_shake256_inc_ctx *src) {
diff --git a/src/common/sha3/xkcp_sha3x4.c b/src/common/sha3/xkcp_sha3x4.c

index bbf3f34a3b63b208aa1e08bd82785b864fad2c4b..7598b9de9fead13145a8d64c8ff3e1658faac766 100644 (file)
--- a/src/common/sha3/xkcp_sha3x4.c
+++ b/src/common/sha3/xkcp_sha3x4.c
@@ -197,7 +197,7 @@ static void SHA3_shake128_x4_inc_ctx_clone(OQS_SHA3_shake128_x4_inc_ctx *dest, c
  }
  
  static void SHA3_shake128_x4_inc_ctx_release(OQS_SHA3_shake128_x4_inc_ctx *state) {
-       OQS_MEM_aligned_free(state->ctx);
+       OQS_MEM_aligned_secure_free(state->ctx, KECCAK_X4_CTX_BYTES);
  }
  
  static void SHA3_shake128_x4_inc_ctx_reset(OQS_SHA3_shake128_x4_inc_ctx *state) {
@@ -240,7 +240,7 @@ static void SHA3_shake256_x4_inc_ctx_clone(OQS_SHA3_shake256_x4_inc_ctx *dest, c
  }
  
  static void SHA3_shake256_x4_inc_ctx_release(OQS_SHA3_shake256_x4_inc_ctx *state) {
-       OQS_MEM_aligned_free(state->ctx);
+       OQS_MEM_aligned_secure_free(state->ctx, KECCAK_X4_CTX_BYTES);
  }
  
  static void SHA3_shake256_x4_inc_ctx_reset(OQS_SHA3_shake256_x4_inc_ctx *state) {
author	Aiden Fox Ivey <aiden@aidenfoxivey.com>
	Fri, 20 Jun 2025 18:12:12 +0000 (14:12 -0400)
committer	GitHub <noreply@github.com>
	Fri, 20 Jun 2025 18:12:12 +0000 (14:12 -0400)
src/common/common.c		patch \| blob \| history
src/common/common.h		patch \| blob \| history
src/common/sha3/xkcp_sha3.c		patch \| blob \| history
src/common/sha3/xkcp_sha3x4.c		patch \| blob \| history