3 files changed, 10 insertions, 8 deletions
diff --git a/src/crypto/chacha.h b/src/crypto/chacha.h
index 1dc270faf..6e85ad0e9 100644
--- a/src/crypto/chacha.h
+++ b/src/crypto/chacha.h
@@ -40,6 +40,7 @@
 #include <memory.h>
 
 #include "memwipe.h"
+#include "mlocker.h"
 #include "hash.h"
 
 namespace crypto {
@@ -50,7 +51,7 @@ namespace crypto {
 #if defined(__cplusplus)
   }
 
-  using chacha_key = tools::scrubbed_arr<uint8_t, CHACHA_KEY_SIZE>;
+  using chacha_key = epee::mlocked<tools::scrubbed_arr<uint8_t, CHACHA_KEY_SIZE>>;
 
 #pragma pack(push, 1)
   // MS VC 2012 doesn't interpret `class chacha_iv` as POD in spite of [9.0.10], so it is a struct
@@ -71,20 +72,20 @@ namespace crypto {
 
   inline void generate_chacha_key(const void *data, size_t size, chacha_key& key, uint64_t kdf_rounds) {
     static_assert(sizeof(chacha_key) <= sizeof(hash), "Size of hash must be at least that of chacha_key");
-    tools::scrubbed_arr<char, HASH_SIZE> pwd_hash;
+    epee::mlocked<tools::scrubbed_arr<char, HASH_SIZE>> pwd_hash;
     crypto::cn_slow_hash(data, size, pwd_hash.data(), 0/*variant*/, 0/*prehashed*/);
     for (uint64_t n = 1; n < kdf_rounds; ++n)
       crypto::cn_slow_hash(pwd_hash.data(), pwd_hash.size(), pwd_hash.data(), 0/*variant*/, 0/*prehashed*/);
-    memcpy(&unwrap(key), pwd_hash.data(), sizeof(key));
+    memcpy(&unwrap(unwrap(key)), pwd_hash.data(), sizeof(key));
   }
 
   inline void generate_chacha_key_prehashed(const void *data, size_t size, chacha_key& key, uint64_t kdf_rounds) {
     static_assert(sizeof(chacha_key) <= sizeof(hash), "Size of hash must be at least that of chacha_key");
-    tools::scrubbed_arr<char, HASH_SIZE> pwd_hash;
+    epee::mlocked<tools::scrubbed_arr<char, HASH_SIZE>> pwd_hash;
     crypto::cn_slow_hash(data, size, pwd_hash.data(), 0/*variant*/, 1/*prehashed*/);
     for (uint64_t n = 1; n < kdf_rounds; ++n)
       crypto::cn_slow_hash(pwd_hash.data(), pwd_hash.size(), pwd_hash.data(), 0/*variant*/, 0/*prehashed*/);
-    memcpy(&unwrap(key), pwd_hash.data(), sizeof(key));
+    memcpy(&unwrap(unwrap(key)), pwd_hash.data(), sizeof(key));
   }
 
   inline void generate_chacha_key(std::string password, chacha_key& key, uint64_t kdf_rounds) {
diff --git a/src/crypto/crypto.h b/src/crypto/crypto.h
index a2d61b04e..c1576a218 100644
--- a/src/crypto/crypto.h
+++ b/src/crypto/crypto.h
@@ -41,6 +41,7 @@
 #include "common/pod-class.h"
 #include "common/util.h"
 #include "memwipe.h"
+#include "mlocker.h"
 #include "generic-ops.h"
 #include "hex.h"
 #include "span.h"
@@ -65,7 +66,7 @@ namespace crypto {
     friend class crypto_ops;
   };
 
-  using secret_key = tools::scrubbed<ec_scalar>;
+  using secret_key = epee::mlocked<tools::scrubbed<ec_scalar>>;
 
   POD_CLASS public_keyV {
     std::vector<public_key> keys;
diff --git a/src/cryptonote_basic/account.cpp b/src/cryptonote_basic/account.cpp
index 0aebf9223..4cbfa8142 100644
--- a/src/cryptonote_basic/account.cpp
+++ b/src/cryptonote_basic/account.cpp
@@ -67,7 +67,7 @@ DISABLE_VS_WARNINGS(4244 4345)
   static void derive_key(const crypto::chacha_key &base_key, crypto::chacha_key &key)
   {
     static_assert(sizeof(base_key) == sizeof(crypto::hash), "chacha key and hash should be the same size");
-    tools::scrubbed_arr<char, sizeof(base_key)+1> data;
+    epee::mlocked<tools::scrubbed_arr<char, sizeof(base_key)+1>> data;
     memcpy(data.data(), &base_key, sizeof(base_key));
     data[sizeof(base_key)] = KEYS_ENCRYPTION_SALT;
     crypto::generate_chacha_key(data.data(), sizeof(data), key, 1);
@@ -223,7 +223,7 @@ DISABLE_VS_WARNINGS(4244 4345)
   void account_base::create_from_viewkey(const cryptonote::account_public_address& address, const crypto::secret_key& viewkey)
   {
     crypto::secret_key fake;
-    memset(&unwrap(fake), 0, sizeof(fake));
+    memset(&unwrap(unwrap(fake)), 0, sizeof(fake));
     create_from_keys(address, fake, viewkey);
   }
   //-----------------------------------------------------------------