Fix StatefulSignature.export_secret_key TypeErrors on Windows#141
Merged
Conversation
Two failures reported in #136, both in export_secret_key: 1. On Python 3.14 32-bit: ct.util.find_library("c") returns None on Windows, so CDLL(None) raises TypeError. Even on Unix where it worked, liboqs's malloc and libc's free can come from different CRT heaps on Windows. Use liboqs's own OQS_MEM_secure_free instead — ABI-compatible by construction, and also zeroizes the secret-key bytes before freeing. 2. On Python 3.14 64-bit: OQS_SIG_STFL_SECRET_KEY_serialize fails with "OverflowError: int too long to convert" on argument 3 (the secret-key handle). Cause: restype c_void_p auto-unwraps the returned pointer to a Python int, and on Windows Python 3.14 the int -> c_void_p arg conversion path chokes on high-bit-set addresses. Use a c_void_p subclass as the restype so ctypes keeps the pointer as an object; subsequent calls take the same-type fast path and skip int conversion entirely. Closes #136. Signed-off-by: Douglas Stebila <dstebila@uwaterloo.ca> Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Two failures reported in #136, both in export_secret_key:
On Python 3.14 32-bit: ct.util.find_library("c") returns None on Windows, so CDLL(None) raises TypeError. Even on Unix where it worked, liboqs's malloc and libc's free can come from different CRT heaps on Windows. Use liboqs's own OQS_MEM_secure_free instead — ABI-compatible by construction, and also zeroizes the secret-key bytes before freeing.
On Python 3.14 64-bit: OQS_SIG_STFL_SECRET_KEY_serialize fails with "OverflowError: int too long to convert" on argument 3 (the secret-key handle). Cause: restype c_void_p auto-unwraps the returned pointer to a Python int, and on Windows Python 3.14 the int -> c_void_p arg conversion path chokes on high-bit-set addresses. Use a c_void_p subclass as the restype so ctypes keeps the pointer as an object; subsequent calls take the same-type fast path and skip int conversion entirely.
Closes #136.