Add dynamic key allocation support for Dilithium#10180
Add dynamic key allocation support for Dilithium#10180dgarske merged 2 commits intowolfSSL:masterfrom
Conversation
Frauschi
force-pushed
the
dilithium-alloc-key
branch
from
293ca19 to
ca52a56
Compare
|
Jenkins retest this please |
Frauschi
requested review from
SparkiDev and
dgarske
and removed request for
dgarske
dgarske
left a comment
dgarske
left a comment
There was a problem hiding this comment.
🐺 Skoll Code Review
Overall recommendation: REQUEST_CHANGES
Findings: 4 total — 3 posted, 1 skipped
Posted findings
- [High] Heap buffer overflow in wc_dilithium_set_level ForceZero when FIPS204_DRAFT is enabled —
wolfcrypt/src/dilithium.c:11017-11021 - [Medium] oqs_dilithium_make_key missing USE_INTEL_SPEEDUP +8 alignment padding —
wolfcrypt/src/dilithium.c:10077-10093 - [Low] Return value of wc_dilithium_size/wc_dilithium_pub_size not validated before use as allocation size —
wolfcrypt/src/dilithium.c:7673
Skipped findings
- [Medium] Duplicated dynamic key allocation pattern across 5 call sites
Review generated by Skoll via openclaw
Frauschi
force-pushed
the
dilithium-alloc-key
branch
2 times, most recently
from
207c324 to
74c9ca3
Compare
|
@dgarske fixed all review comments and did some more code cleanup. |
wolfSSL-Fenrir-bot
left a comment
wolfSSL-Fenrir-bot
left a comment
There was a problem hiding this comment.
Fenrir Automated Review — PR #10180
Scan targets checked: wolfcrypt-api_misuse, wolfcrypt-bugs, wolfcrypt-compliance, wolfcrypt-concurrency, wolfcrypt-consttime, wolfcrypt-defaults, wolfcrypt-mutation, wolfcrypt-portability, wolfcrypt-proptest, wolfcrypt-src, wolfcrypt-zeroize
Findings: 3
3 finding(s) posted as inline comments (see file-level comments below)
This review was generated automatically by Fenrir. Findings are non-blocking.
Frauschi
force-pushed
the
dilithium-alloc-key
branch
from
74c9ca3 to
2b6181c
Compare
|
Fixed the identified issues by actually storing the sizes of the allocated buffers in the key object now. This gets rid of all the potentially erroneous calls to the Furthermore, I added a second commit to fix zd21610 by making the |
This update introduces the WOLFSSL_DILITHIUM_DYNAMIC_KEYS option, allowing for dynamic memory allocation of public and private key buffers. This change reduces memory usage by allocating buffers only when needed.
Frauschi
force-pushed
the
dilithium-alloc-key
branch
from
2b6181c to
064cfe2
Compare
|
Jenkins retest this please |
|
retest this please Windows: tcp bind failed |
5 participants
This update introduces the
WOLFSSL_DILITHIUM_DYNAMIC_KEYSoption, allowing for dynamic memory allocation of public and private key buffers indilithium_keyobjects. This change reduces memory usage by allocating buffers only when needed.This greatly reduces dynamic memory usage during peer verification when using ML-DSA certificates, which is especially important for resource-constrained systems.