Memwipe more keys after tor has finished with them

Ensure we securely wipe keys from memory after
crypto_digest_get_digest and init_curve25519_keypair_from_file
have finished using them.

Fixes bug 13477.

diff --git a/changes/bug13477-memwipe-more-keys b/changes/bug13477-memwipe-more-keys
new file mode 100644 (file)
index 0000000..cf8e0a9
--- /dev/null
+++ b/changes/bug13477-memwipe-more-keys
@@ -0,0 +1,5 @@
+  o Minor bugfixes:
+    - Ensure we securely wipe keys from memory after
+      crypto_digest_get_digest and init_curve25519_keypair_from_file
+      have finished using them.
+      Fixes bug 13477.

diff --git a/src/common/crypto.c b/src/common/crypto.c
index f128336e50b57aa9986826293fc26f38a4ed1a52..58f20aeb85be70939e20946407fe76e291d59f95 100644 (file)
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -1684,7 +1684,7 @@ crypto_digest_get_digest(crypto_digest_t *digest,
       log_warn(LD_BUG, "Called with unknown algorithm %d", digest->algorithm);
       /* If fragile_assert is not enabled, then we should at least not
        * leak anything. */
-      memset(r, 0xff, sizeof(r));
+      memwipe(r, 0xff, sizeof(r));
       tor_fragile_assert();
       break;
   }

diff --git a/src/or/router.c b/src/or/router.c
index 5d1d2ff337c8b2fde901373475dc84fec8322da8..bbbf9c4b847990fe3d891527d3cb906e3cebd60a 100644 (file)
--- a/src/or/router.c
+++ b/src/or/router.c
@@ -488,7 +488,7 @@ init_curve25519_keypair_from_file(curve25519_keypair_t *keys_out,
         if (curve25519_keypair_write_to_file(keys_out, fname, tag)<0) {
           tor_log(severity, LD_FS,
               "Couldn't write generated key to \"%s\".", fname);
-          memset(keys_out, 0, sizeof(*keys_out));
+          memwipe(keys_out, 0, sizeof(*keys_out));
           goto error;
         }
       } else {