ML-KEM memory safety #2263
ML-KEM memory safety #2263
Conversation
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #2263 +/- ##
==========================================
+ Coverage 78.89% 78.91% +0.02%
==========================================
Files 621 622 +1
Lines 108685 108918 +233
Branches 15420 15431 +11
==========================================
+ Hits 85745 85958 +213
- Misses 22267 22290 +23
+ Partials 673 670 -3 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
… memory-safety-ml-kem
… memory-safety-ml-kem
… memory-safety-ml-kem
|
Updated to resolve merge conflicts from #2176 (change in how parameters are being used, new functions that were added have length checks too). |
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
| ASSERT_EQ(params.secret_len, decaps_len); | ||
| } | ||
|
|
||
| static const uint8_t encaps512Key[MLKEM512_PUBLIC_KEY_BYTES] = { |
There was a problem hiding this comment.
Just wondering does this test depend on this particular key or could it pull an existing KAT or generate one? It's a small announce because it makes reading the file harder (self_check.c is out of control but requires the KAT be baked into the library).
There was a problem hiding this comment.
It doesn't depend on this particular keys, just that the key be valid. When testing, I've always used a hard coded known good key in cases like this to avoid false failures (this is testing the length checks only, we don't want a test failing because of an invalid key, that should cause a different test to fail).
Co-authored-by: Andrew Hopkins <[email protected]>
## What's Changed * Add build with hardened flag by @m271828 in #2396 * Openssl tool output ordered by options provided by @justsmth in #2452 * [SCRUTINICE] Remove redundant condition check by @nhatnghiho in #2450 * Support relro in delocator by @torben-hansen in #2455 * Explicitly don't allow buffers aliasing in ctr-drbg implementation by @torben-hansen in #2458 * Remove unused Windows afunix.h by @justsmth in #2461 * Revert "Rework memory BIOs and implement BIO_seek (2nd try) (#2433)" by @justsmth in #2466 * Use max_cert_list for TLSv1.3 NewSessionTicket by @skmcgrail in #2453 * ML-KEM memory safety by @m271828 in #2263 * Simplify Compiler CI jobs by @justsmth in #2430 * Improve support for multilib-style distros in our test scripts by @justsmth in #2467 * Fix Ruby mainline and nginx CI by @samuel40791765 in #2460 * Add hardened build back in by @m271828 in #2474 * Fix OCSP integration test failures by @samuel40791765 in #2480 * Fix some theoretical missing earlyclobber markers in inline assembly by @torben-hansen in #2477 * Simplify sshkdf and kbkdf by @torben-hansen in #2478 * Run 3p module tests on python 3.13, add patch for 3.14 by @WillChilds-Klein in #2476 * [UPSTREAM] Fix BIO_eof for BIO pairs by @justsmth in #2440 * Fix service indicator in HKDF, more paranoid zeroization, and simplify logic by @torben-hansen in #2482 By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.
Description of changes:
Adds length parameters to ML KEM module to ensure allocated memory for various outputs is sufficient for generated results. Checks that already exist in higher levels for some functions were not removed.
Issues:
Resolves #CryptoAlg-2945
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.