memwipe interesting unused memory

74981d1f · George Kadianakis · Nick Mathewson · 29b3dd1c · 74981d1f · 74981d1f
Commit 74981d1f authored Aug 03, 2017 by George Kadianakis Committed by Nick Mathewson Aug 08, 2017
--- a/src/or/hs_cell.c
+++ b/src/or/hs_cell.c
@@ -193,18 +193,16 @@ build_legacy_establish_intro(const char *circ_nonce, crypto_pk_t *enc_key,
                             uint8_t *cell_out)
 {
  ssize_t cell_len;
-  char buf[RELAY_PAYLOAD_SIZE] = {0};

  tor_assert(circ_nonce);
  tor_assert(enc_key);
  tor_assert(cell_out);

-  cell_len = rend_service_encode_establish_intro_cell(buf, sizeof(buf),
+  memwipe(cell_out, 0, RELAY_PAYLOAD_SIZE);
+
+  cell_len = rend_service_encode_establish_intro_cell((char*)cell_out,
+                                                      RELAY_PAYLOAD_SIZE,
                                                      enc_key, circ_nonce);
-  tor_assert(cell_len <= RELAY_PAYLOAD_SIZE);
-  if (cell_len >= 0) {
-    memcpy(cell_out, buf, cell_len);
-  }
  return cell_len;
 }

@@ -326,6 +324,9 @@ hs_cell_build_establish_intro(const char *circ_nonce,
                        tmp_cell_enc, tmp_cell_enc_len - tmp_cell_mac_offset);
    handshake_ptr = trn_cell_establish_intro_getarray_handshake_mac(cell);
    memcpy(handshake_ptr, mac, sizeof(mac));
+
+    memwipe(mac, 0, sizeof(mac));
+    memwipe(tmp_cell_enc, 0, sizeof(tmp_cell_enc));
  }

  /* Calculate the cell signature SIG. */
@@ -353,6 +354,8 @@ hs_cell_build_establish_intro(const char *circ_nonce,
    /* Copy the signature into the cell. */
    sig_ptr = trn_cell_establish_intro_getarray_sig(cell);
    memcpy(sig_ptr, sig.sig, sig_len);
+
+    memwipe(tmp_cell_enc, 0, sizeof(tmp_cell_enc));
  }

  /* Encode the cell. Can't be bigger than a standard cell. */

--- a/src/or/hs_common.c
+++ b/src/or/hs_common.c
@@ -582,6 +582,8 @@ build_blinded_key_param(const ed25519_public_key_t *pubkey,
  /* Extract digest and put it in the param. */
  crypto_digest_get_digest(digest, (char *) param_out, DIGEST256_LEN);
  crypto_digest_free(digest);
+
+  memwipe(nonce, 0, sizeof(nonce));
 }

 /* Using an ed25519 public key and version to build the checksum of an
@@ -701,6 +703,8 @@ hs_get_subcredential(const ed25519_public_key_t *identity_pk,
                          ED25519_PUBKEY_LEN);
  crypto_digest_get_digest(digest, (char *) subcred_out, DIGEST256_LEN);
  crypto_digest_free(digest);
+
+  memwipe(credential, 0, sizeof(credential));
 }

 /* From the given list of hidden service ports, find the matching one from the
@@ -892,6 +896,8 @@ hs_build_blinded_pubkey(const ed25519_public_key_t *pk,
  build_blinded_key_param(pk, secret, secret_len,
                          time_period_num, get_time_period_length(), param);
  ed25519_public_blind(blinded_pk_out, pk, param);
+
+  memwipe(param, 0, sizeof(param));
 }

 /* From a given ed25519 keypair kp and an optional secret, compute a blinded
@@ -916,6 +922,8 @@ hs_build_blinded_keypair(const ed25519_keypair_t *kp,
  build_blinded_key_param(&kp->pubkey, secret, secret_len,
                          time_period_num, get_time_period_length(), param);
  ed25519_keypair_blind(blinded_kp_out, kp, param);
+
+  memwipe(param, 0, sizeof(param));
 }

 /* Return true if overlap mode is active given the date in consensus. If