cleanse fixes

crypto/dilithium/pqcrystals_dilithium_ref_common/README.md

@@ -15,7 +15,7 @@ that initialize a given structure with values corresponding to a parameter set.
 - `reduce.c`: a small fix to documentation has been made on the bounds of `reduce32`.
 - `poly.c`: a small fix to documentation has been made on the bounds of `poly_reduce`.
 - `polyvec.c`: a small fix to documentation has been made on the bounds of `polyveck_reduce`.
-- Documentation has been added to `ntt.c`, `packing.c`, `poly.c`, `polyvec.c`, and `reduce.c` that outlines the algorithm specification (including algorithm number) in FIPS 204.
+- Documentation has been added to `ntt.c`, `packing.c`, `poly.c`, `polyvec.c`, and `rounding.c` that outlines the algorithm specification (including algorithm number) in FIPS 204.
 - `poly.c` and `sign.c` have been modified to cleanse intermediate data as soon as it is no longer needed as defined in FIPS 204 Section 3.6.3.
 
 **Testing** 

crypto/dilithium/pqcrystals_dilithium_ref_common/poly.c

@@ -316,6 +316,7 @@ void poly_uniform(poly *a,
   }
   /* FIPS 204. Section 3.6.3 Destruction of intermediate values. */
   OPENSSL_cleanse(buf, sizeof(buf));
+  OPENSSL_cleanse(&state, sizeof(state));
 }
 
 /*************************************************
@@ -406,6 +407,7 @@ void poly_uniform_eta(ml_dsa_params *params,
   }
   /* FIPS 204. Section 3.6.3 Destruction of intermediate values. */
   OPENSSL_cleanse(buf, sizeof(buf));
+  OPENSSL_cleanse(&state, sizeof(state));
 }
 
 /*************************************************
@@ -434,6 +436,7 @@ void poly_uniform_gamma1(ml_dsa_params *params,
   polyz_unpack(params, a, buf);
   /* FIPS 204. Section 3.6.3 Destruction of intermediate values. */
   OPENSSL_cleanse(buf, sizeof(buf));
+  OPENSSL_cleanse(&state, sizeof(state));
 }
 
 /*************************************************
@@ -483,6 +486,7 @@ void poly_challenge(ml_dsa_params *params, poly *c, const uint8_t *seed) {
   }
   /* FIPS 204. Section 3.6.3 Destruction of intermediate values. */
   OPENSSL_cleanse(buf, sizeof(buf));
+  OPENSSL_cleanse(&state, sizeof(state));
 }
 
 /*************************************************

crypto/dilithium/pqcrystals_dilithium_ref_common/sign.c

@@ -73,9 +73,9 @@ int crypto_sign_keypair_internal(ml_dsa_params *params,
   /* FIPS 204. Section 3.6.3 Destruction of intermediate values. */
   OPENSSL_cleanse(seedbuf, sizeof(seedbuf));
   OPENSSL_cleanse(tr, sizeof(tr));
-  OPENSSL_cleanse(&rho, sizeof(rho));
-  OPENSSL_cleanse(&rhoprime, sizeof(rhoprime));
-  OPENSSL_cleanse(&key, sizeof(key));
+  OPENSSL_cleanse(&rho, SEEDBYTES);
+  OPENSSL_cleanse(&rhoprime, CRHBYTES);
+  OPENSSL_cleanse(&key, SEEDBYTES);
   OPENSSL_cleanse(mat, sizeof(mat));
   OPENSSL_cleanse(&s1, sizeof(s1));
   OPENSSL_cleanse(&s1hat, sizeof(s1hat));
@@ -240,12 +240,13 @@ int crypto_sign_signature_internal(ml_dsa_params *params,
   *siglen = params->bytes;
 
   /* FIPS 204. Section 3.6.3 Destruction of intermediate values. */
+  OPENSSL_cleanse(&n, sizeof(n));
   OPENSSL_cleanse(seedbuf, sizeof(seedbuf));
-  OPENSSL_cleanse(rho, sizeof(rho));
-  OPENSSL_cleanse(tr, sizeof(tr));
-  OPENSSL_cleanse(key, sizeof(key));
-  OPENSSL_cleanse(mu, sizeof(mu));
-  OPENSSL_cleanse(rhoprime, sizeof(rhoprime));
+  OPENSSL_cleanse(rho, SEEDBYTES);
+  OPENSSL_cleanse(tr, TRBYTES);
+  OPENSSL_cleanse(key, SEEDBYTES);
+  OPENSSL_cleanse(mu, CRHBYTES);
+  OPENSSL_cleanse(rhoprime, CRHBYTES);
   OPENSSL_cleanse(&nonce, sizeof(nonce));
   OPENSSL_cleanse(mat, sizeof(mat));
   OPENSSL_cleanse(&s1, sizeof(s1));
@@ -443,6 +444,7 @@ int crypto_sign_verify_internal(ml_dsa_params *params,
     }
   }
   /* FIPS 204. Section 3.6.3 Destruction of intermediate values. */
+  OPENSSL_cleanse(&i, sizeof(i));
   OPENSSL_cleanse(buf, sizeof(buf));
   OPENSSL_cleanse(rho, sizeof(rho));
   OPENSSL_cleanse(mu, sizeof(mu));