Skip to content

Commit

Permalink
cleanse everything
Browse files Browse the repository at this point in the history
  • Loading branch information
@jakemas
jakemas committed Dec 5, 2024
1 parent dafaa7e commit c33b520
Show file tree
Hide file tree
Showing 2 changed files with 21 additions and 0 deletions.
10 changes: 10 additions & 0 deletions crypto/dilithium/pqcrystals_dilithium_ref_common/poly.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -315,6 +315,10 @@ void poly_uniform(poly *a,
ctr += rej_uniform(a->coeffs + ctr, N - ctr, buf, buflen);
}
/* FIPS 204. Section 3.6.3 Destruction of intermediate values. */
OPENSSL_cleanse(&i, sizeof(i));
OPENSSL_cleanse(&ctr, sizeof(ctr));
OPENSSL_cleanse(&off, sizeof(off));
OPENSSL_cleanse(&buflen, sizeof(buflen));
OPENSSL_cleanse(buf, sizeof(buf));
OPENSSL_cleanse(&state, sizeof(state));
}
Expand Down Expand Up @@ -406,6 +410,8 @@ void poly_uniform_eta(ml_dsa_params *params,
ctr += rej_eta(params, a->coeffs + ctr, N - ctr, buf, STREAM256_BLOCKBYTES);
}
/* FIPS 204. Section 3.6.3 Destruction of intermediate values. */
OPENSSL_cleanse(&ctr, sizeof(ctr));
OPENSSL_cleanse(&buflen, sizeof(buflen));
OPENSSL_cleanse(buf, sizeof(buf));
OPENSSL_cleanse(&state, sizeof(state));
}
Expand Down Expand Up @@ -485,6 +491,10 @@ void poly_challenge(ml_dsa_params *params, poly *c, const uint8_t *seed) {
signs >>= 1;
}
/* FIPS 204. Section 3.6.3 Destruction of intermediate values. */
OPENSSL_cleanse(&i, sizeof(i));
OPENSSL_cleanse(&b, sizeof(pos));
OPENSSL_cleanse(&pos, sizeof(pos));
OPENSSL_cleanse(&signs, sizeof(signs));
OPENSSL_cleanse(buf, sizeof(buf));
OPENSSL_cleanse(&state, sizeof(state));
}
Expand Down
11 changes: 11 additions & 0 deletions crypto/dilithium/pqcrystals_dilithium_ref_common/sign.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,9 @@ int crypto_sign_keypair_internal(ml_dsa_params *params,
/* FIPS 204. Section 3.6.3 Destruction of intermediate values. */
OPENSSL_cleanse(seedbuf, sizeof(seedbuf));
OPENSSL_cleanse(tr, sizeof(tr));
OPENSSL_cleanse(&rho, sizeof(rho));
OPENSSL_cleanse(&rhoprime, sizeof(rhoprime));
OPENSSL_cleanse(&key, sizeof(key));
OPENSSL_cleanse(mat, sizeof(mat));
OPENSSL_cleanse(&s1, sizeof(s1));
OPENSSL_cleanse(&s1hat, sizeof(s1hat));
Expand Down Expand Up @@ -238,7 +241,13 @@ int crypto_sign_signature_internal(ml_dsa_params *params,
*siglen = params->bytes;

/* FIPS 204. Section 3.6.3 Destruction of intermediate values. */
OPENSSL_cleanse(&n, sizeof(n));
OPENSSL_cleanse(seedbuf, sizeof(seedbuf));
OPENSSL_cleanse(&rho, sizeof(rho));
OPENSSL_cleanse(&tr, sizeof(tr));
OPENSSL_cleanse(&key, sizeof(key));
OPENSSL_cleanse(&mu, sizeof(mu));
OPENSSL_cleanse(&rhoprime, sizeof(rhoprime));
OPENSSL_cleanse(&nonce, sizeof(nonce));
OPENSSL_cleanse(mat, sizeof(mat));
OPENSSL_cleanse(&s1, sizeof(s1));
Expand Down Expand Up @@ -337,6 +346,8 @@ int crypto_sign(ml_dsa_params *params,
}
ret = crypto_sign_signature(params, sm, smlen, sm + params->bytes, mlen, ctx, ctxlen, sk);
*smlen += mlen;
/* FIPS 204. Section 3.6.3 Destruction of intermediate values. */
OPENSSL_cleanse(&i, sizeof(i));
return ret;
}

Expand Down

0 comments on commit c33b520

Please sign in to comment.