[PATCH 1/2] mceliece6688128f: fix stack overflow crash on win64/wine
Jacob Bachmeyer
jcb62281 at gmail.com
Sun Sep 28 03:37:58 CEST 2025
On 9/27/25 01:16, Jussi Kivilinna wrote:
> Hello,
>
> [...]
>
> [...] About memory zeroing in general... I see that PQ algorithms use
> quite a lot of stack arrays in their implementations (some quite large
> allocations too) but there is no stack memory wiping in place. Maybe
> there should be? I guess simplest way to wipe used stack would be to
> add appropriately sized _gcry_burn_stack() calls after each PQ
> function call, for example in 'kem.c'.
This kind of oversight being common in PQC code is *not* reassuring when
the appropriate paranoia has long been standard in RSA implementations.
-- Jacob
More information about the Gcrypt-devel
mailing list