Update API

如果类型内部没有动态内存申请或外部Handle引用，不提供cleanup接口，仅用通用secure clear
2026-06-27 15:43:42 +08:00 · 2026-06-22 15:31:30 +08:00
parent 84f92c0747
commit 14221eaeea
36 changed files with 87 additions and 168 deletions
--- a/include/gmssl/kyber.h
+++ b/include/gmssl/kyber.h
@@ -138,7 +138,6 @@ int kyber_cpa_public_key_print(FILE *fp, int fmt, int ind, const char *label, co
 int kyber_cpa_private_key_to_bytes(const KYBER_CPA_KEY *key, uint8_t **out, size_t *outlen);
 int kyber_cpa_private_key_from_bytes(KYBER_CPA_KEY *key, const uint8_t **in, size_t *inlen);
 int kyber_cpa_private_key_print(FILE *fp, int fmt, int ind, const char *label, const KYBER_CPA_KEY *sk);
-void kyber_cpa_key_cleanup(KYBER_CPA_KEY *key);

 typedef struct {
 	uint8_t c1[KYBER_K][KYBER_C1_SIZE];
@@ -172,7 +171,6 @@ int kyber_public_key_print(FILE *fp, int fmt, int ind, const char *label, const
 int kyber_private_key_to_bytes(const KYBER_KEY *key, uint8_t **out, size_t *outlen);
 int kyber_private_key_from_bytes(KYBER_KEY *key, const uint8_t **in, size_t *inlen);
 int kyber_private_key_print(FILE *fp, int fmt, int ind, const char *label, const KYBER_KEY *sk);
-void kyber_key_cleanup(KYBER_KEY *key);

 typedef KYBER_CPA_CIPHERTEXT KYBER_CIPHERTEXT;

--- a/include/gmssl/lms.h
+++ b/include/gmssl/lms.h
@@ -216,7 +216,6 @@ int lms_verify_init_ex(LMS_SIGN_CTX *ctx, const LMS_KEY *key, const LMS_SIGNATUR
 int lms_verify_init(LMS_SIGN_CTX *ctx, const LMS_KEY *key, const uint8_t *sig, size_t siglen);
 int lms_verify_update(LMS_SIGN_CTX *ctx, const uint8_t *data, size_t datalen);
 int lms_verify_finish(LMS_SIGN_CTX *ctx);
-void lms_sign_ctx_cleanup(LMS_SIGN_CTX *ctx);



@@ -293,7 +292,6 @@ int hss_verify_init_ex(HSS_SIGN_CTX *ctx, const HSS_KEY *key, const HSS_SIGNATUR
 int hss_verify_init(HSS_SIGN_CTX *ctx, const HSS_KEY *key, const uint8_t *sigbuf, size_t siglen);
 int hss_verify_update(HSS_SIGN_CTX *ctx, const uint8_t *data, size_t datalen);
 int hss_verify_finish(HSS_SIGN_CTX *ctx);
-void hss_sign_ctx_cleanup(HSS_SIGN_CTX *ctx);


 #ifdef __cplusplus
--- a/include/gmssl/secp256r1_key.h
+++ b/include/gmssl/secp256r1_key.h
@@ -29,7 +29,6 @@ typedef struct {
 int secp256r1_key_generate(SECP256R1_KEY *key);
 int secp256r1_key_set_private_key(SECP256R1_KEY *key, const secp256r1_t private_key);
 int secp256r1_public_key_equ(const SECP256R1_KEY *key, const SECP256R1_KEY *pub);
-void secp256r1_key_cleanup(SECP256R1_KEY *key);

 int secp256r1_public_key_print(FILE *fp, int fmt, int ind, const char *label, const SECP256R1_KEY *key);
 int secp256r1_private_key_print(FILE *fp, int fmt, int ind, const char *label, const SECP256R1_KEY *key);
--- a/include/gmssl/sphincs.h
+++ b/include/gmssl/sphincs.h
@@ -336,7 +336,6 @@ int sphincs_public_key_print(FILE *fp, int fmt, int ind, const char *label, cons
 int sphincs_private_key_to_bytes(const SPHINCS_KEY *key, uint8_t **out, size_t *outlen);
 int sphincs_private_key_from_bytes(SPHINCS_KEY *key, const uint8_t **in, size_t *inlen);
 int sphincs_private_key_print(FILE *fp, int fmt, int ind, const char *label, const SPHINCS_KEY *key);
-void sphincs_key_cleanup(SPHINCS_KEY *key);

 typedef struct {
 	sphincs_hash128_t random;
@@ -372,11 +371,9 @@ int sphincs_verify_init_ex(SPHINCS_SIGN_CTX *ctx, const SPHINCS_KEY *key, const
 int sphincs_verify_init(SPHINCS_SIGN_CTX *ctx, const SPHINCS_KEY *key, const uint8_t *sig, size_t siglen);
 int sphincs_verify_update(SPHINCS_SIGN_CTX *ctx, const uint8_t *data, size_t datalen);
 int sphincs_verify_finish(SPHINCS_SIGN_CTX *ctx);
-void sphincs_sign_ctx_cleanup(SPHINCS_SIGN_CTX *ctx);


 #ifdef __cplusplus
 }
 #endif
 #endif
-
--- a/include/gmssl/version.h
+++ b/include/gmssl/version.h
@@ -18,7 +18,7 @@ extern "C" {


 #define GMSSL_VERSION_NUM	30300
-#define GMSSL_VERSION_STR	"GmSSL 3.3.0-dev.1151"
+#define GMSSL_VERSION_STR	"GmSSL 3.3.0-dev.1152"

 int gmssl_version_num(void);
 const char *gmssl_version_str(void);
--- a/include/gmssl/x509_key.h
+++ b/include/gmssl/x509_key.h
@@ -282,7 +282,6 @@ int x509_verify_init(X509_SIGN_CTX *ctx, const X509_KEY *key, int sign_algor, co
 int x509_verify_update(X509_SIGN_CTX *ctx, const uint8_t *data, size_t datalen);
 int x509_verify_finish(X509_SIGN_CTX *ctx);
 int x509_verify(X509_SIGN_CTX *ctx, const uint8_t *data, size_t datalen);
-void x509_sign_ctx_cleanup(X509_SIGN_CTX *ctx);

 // ECDH for key->algor == OID_ec_public_key
 int x509_key_do_exchange(const X509_KEY *key, const X509_KEY *peer_pub, uint8_t *out, size_t *outlen);
--- a/include/gmssl/xmss.h
+++ b/include/gmssl/xmss.h
@@ -276,7 +276,6 @@ int xmss_verify_init_ex(XMSS_SIGN_CTX *ctx, const XMSS_KEY *key, const XMSS_SIGN
 int xmss_verify_init(XMSS_SIGN_CTX *ctx, const XMSS_KEY *key, const uint8_t *sigbuf, size_t siglen);
 int xmss_verify_update(XMSS_SIGN_CTX *ctx, const uint8_t *data, size_t datalen);
 int xmss_verify_finish(XMSS_SIGN_CTX *ctx);
-void xmss_sign_ctx_cleanup(XMSS_SIGN_CTX *ctx);


 enum {
@@ -432,7 +431,6 @@ int xmssmt_verify_init_ex(XMSSMT_SIGN_CTX *ctx, const XMSSMT_KEY *key, const XMS
 int xmssmt_verify_init(XMSSMT_SIGN_CTX *ctx, const XMSSMT_KEY *key, const uint8_t *sig, size_t siglen);
 int xmssmt_verify_update(XMSSMT_SIGN_CTX *ctx, const uint8_t *data, size_t datalen);
 int xmssmt_verify_finish(XMSSMT_SIGN_CTX *ctx);
-void xmssmt_sign_ctx_cleanup(XMSSMT_SIGN_CTX *ctx);

 #ifdef __cplusplus
 }