tests: Use secure free for secret key objects (#2149)

Use OQS_MEM_secure_free() instead of OQS_MEM_insecure_free() for secret key objects. Signed-off-by: Hussain1811 <Sadiq.Hussain.M@ibm.com> Co-authored-by: Hussain1811 <Sadiq.Hussain.M@ibm.com>
2025-10-04 00:02:01 -04:00 · 2025-06-05 18:30:20 +05:30 · 2025-06-05 18:30:20 +05:30 · bf14f5fce2
commit bf14f5fce2
parent 4784356bd1
2 changed files with 12 additions and 4 deletions
--- a/tests/vectors_kem.c
+++ b/tests/vectors_kem.c
@ -582,7 +582,9 @@ int main(int argc, char **argv) {
 err:
 	OQS_MEM_insecure_free(prng_output_stream_bytes);
 	OQS_MEM_insecure_free(kg_pk_bytes);
-	OQS_MEM_insecure_free(kg_sk_bytes);
+	if (kem != NULL) {
+		OQS_MEM_secure_free(kg_sk_bytes, kem->length_secret_key);
+	}

 	OQS_MEM_insecure_free(encdec_aft_c_bytes);
 	OQS_MEM_insecure_free(encdec_aft_k_bytes);
@ -590,7 +592,9 @@ err:

 	OQS_MEM_insecure_free(encdec_val_c_bytes);
 	OQS_MEM_insecure_free(encdec_val_k_bytes);
-	OQS_MEM_insecure_free(encdec_val_sk_bytes);
+	if (kem != NULL) {
+		OQS_MEM_secure_free(encdec_val_sk_bytes, kem->length_secret_key);
+	}

 	OQS_KEM_free(kem);

--- a/tests/vectors_sig.c
+++ b/tests/vectors_sig.c
@ -785,12 +785,16 @@ err:
 cleanup:
 	OQS_MEM_insecure_free(prng_output_stream_bytes);
 	OQS_MEM_insecure_free(kg_pk_bytes);
-	OQS_MEM_insecure_free(kg_sk_bytes);
+	if (sig != NULL) {
+		OQS_MEM_secure_free(kg_sk_bytes, sig->length_secret_key);
+	}
 	OQS_MEM_insecure_free(sigVer_pk_bytes);
 	OQS_MEM_insecure_free(sigVer_msg_bytes);
 	OQS_MEM_insecure_free(sigVer_sig_bytes);
 	OQS_MEM_insecure_free(sigVer_ctx_bytes);
-	OQS_MEM_insecure_free(sigGen_sk_bytes);
+	if (sig != NULL) {
+		OQS_MEM_secure_free(sigGen_sk_bytes, sig->length_secret_key);
+	}
 	OQS_MEM_insecure_free(sigGen_msg_bytes);
 	OQS_MEM_insecure_free(sigGen_sig_bytes);
 	OQS_MEM_insecure_free(sigGen_ctx_bytes);