You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I opened this discussion against liboqs-rust #269, but since it seems to be unmaintained, I'll open it here.
From my analysis of the code in safe-oqs, safe-oqs-sys, and liboqs, it seems that sensitive buffers like PrivateKey and SharedSecret aren't being properly zeroed out after use.
I'm basing this assessment on the fact that the buffers are initialized in Rust code (see newtype_buffer!() in macro.rs, but without an implementation of Drop.
If my assessment is correct, should we derive Zeroize and implement Drop for sensitive buffers? Or, implement Drop and call the liboqs OQS_MEM_secure_free()? My gut says that since the buffers are created in Rust, we should use the Rust zeroize crate.
Edit: please '@' me, as GitHub isn't in my daily workflow
The text was updated successfully, but these errors were encountered:
I opened this discussion against
liboqs-rust#269, but since it seems to be unmaintained, I'll open it here.From my analysis of the code in safe-oqs, safe-oqs-sys, and liboqs, it seems that sensitive buffers like
PrivateKeyandSharedSecretaren't being properly zeroed out after use.I'm basing this assessment on the fact that the buffers are initialized in Rust code (see
newtype_buffer!()in macro.rs, but without an implementation ofDrop.If my assessment is correct, should we derive
Zeroizeand implementDropfor sensitive buffers? Or, implementDropand call the liboqsOQS_MEM_secure_free()? My gut says that since the buffers are created in Rust, we should use the Rustzeroizecrate.Edit: please '@' me, as GitHub isn't in my daily workflow
The text was updated successfully, but these errors were encountered: