Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enumerate all secret stack buffers #720

Open
hanno-becker opened this issue Jan 30, 2025 · 2 comments
Open

Enumerate all secret stack buffers #720

hanno-becker opened this issue Jan 30, 2025 · 2 comments

Comments

@hanno-becker
Copy link
Contributor

FIPS compliance requires reliably zeroing any secret intermediate values. There is no bullet-proof way to do this in C, but one can at least explicitly zeroize secret buffers allocated on the stack.

This issue is to list all the secret stack buffers that would need zeroing.
@hanno-becker
Copy link
Contributor Author

  • polyvec_basemul_acc_montgomery_cached (poly_k.c) uses a secret poly_t accumulator on the stack. This should be rewritten to directly accumulate in the target polynomial.
  • polyvec_basemul_acc_montgomery allocates a temporary mulcache on the stack. This is only used in indcpa_dec and the stack allocation should be inlined there, alongside the other stack buffers.
  • Buffers in all poly_getnoise functions (poly_k.c)

@hanno-becker
Copy link
Contributor Author

Stack buffer in polyvec_basemul_acc_montgomery_cached is removed in #727

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@hanno-becker