commit 2e1f5c1fc0f6239a8bb9f409f1f170fb21ce1a37 Author: teor teor2345@gmail.com Date: Mon Oct 20 03:06:28 2014 +1100

Memwipe more keys after tor has finished with them

Ensure we securely wipe keys from memory after crypto_digest_get_digest and init_curve25519_keypair_from_file have finished using them.

Fixes bug 13477. --- changes/bug13477-memwipe-more-keys | 5 +++++ src/common/crypto.c | 2 +- src/or/router.c | 2 +- 3 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/changes/bug13477-memwipe-more-keys b/changes/bug13477-memwipe-more-keys new file mode 100644 index 0000000..cf8e0a9 --- /dev/null +++ b/changes/bug13477-memwipe-more-keys @@ -0,0 +1,5 @@ + o Minor bugfixes: + - Ensure we securely wipe keys from memory after + crypto_digest_get_digest and init_curve25519_keypair_from_file + have finished using them. + Fixes bug 13477. diff --git a/src/common/crypto.c b/src/common/crypto.c index f128336..58f20ae 100644 --- a/src/common/crypto.c +++ b/src/common/crypto.c @@ -1684,7 +1684,7 @@ crypto_digest_get_digest(crypto_digest_t *digest, log_warn(LD_BUG, "Called with unknown algorithm %d", digest->algorithm); /* If fragile_assert is not enabled, then we should at least not * leak anything. */ - memset(r, 0xff, sizeof(r)); + memwipe(r, 0xff, sizeof(r)); tor_fragile_assert(); break; } diff --git a/src/or/router.c b/src/or/router.c index 5d1d2ff..bbbf9c4 100644 --- a/src/or/router.c +++ b/src/or/router.c @@ -488,7 +488,7 @@ init_curve25519_keypair_from_file(curve25519_keypair_t *keys_out, if (curve25519_keypair_write_to_file(keys_out, fname, tag)<0) { tor_log(severity, LD_FS, "Couldn't write generated key to "%s".", fname); - memset(keys_out, 0, sizeof(*keys_out)); + memwipe(keys_out, 0, sizeof(*keys_out)); goto error; } } else {