Spencer Wilson

> > We have the `OQS_MEM_cleanse` function for this purpose, which will select one of `memset_s` and `explicit_bzero` if available. > > So it would just be a matter of...

Maybe @jmayclin would be interested in adding some of the Rusty features from this PR.

> This is present in the 0.11.0 release, I guess? Is it critical to fix? > > Do we have a CI job that tests this configuration? For what it's...

OK, I've managed to reproduce the leak, but only when building against OpenSSL >= 3.3.2. In particular, the leak does _not_ occur when building against OpenSSL 3.3.1 with the same...

> I will try to isolate the exact commit which introduces the leak. It seems that this leak was introduced in https://github.com/openssl/openssl/commit/83efcfdfa1de760bd30df7f4cf94e7a0d2b0db9f. When building against the parent of that commit...

^ fyi @beldmit

Sure, here's the valgrind output: ``` ==462229== ==462229== HEAP SUMMARY: ==462229== in use at exit: 240 bytes in 1 blocks ==462229== total heap usage: 6,841 allocs, 6,840 frees, 845,217 bytes...

> Thank you. Thats interesting, I just tried to recreate with the head of the master branch, and didn't encounter the leak. Given that you reported the issue was introduced...

I'm on valgrind-3.22.0, and I haven't made any manual changes to openssl.cnf (including to load any provider). I'm running everything in a Docker container on x86_64 / Linux; I'll attach...

```dockerfile FROM openquantumsafe/ci-ubuntu-latest:latest WORKDIR /root RUN git clone --depth=1 --branch=0.11.0 https://github.com/open-quantum-safe/liboqs.git liboqs RUN git clone --branch=master https://github.com/openssl/openssl.git openssl WORKDIR /root/openssl RUN ./config --debug --prefix=/root/.localopenssl && make -j && make install_sw...