From 613071f4fa6a823834198ae8d180a5af72e71ded Mon Sep 17 00:00:00 2001 From: moneromooo-monero Date: Wed, 8 Apr 2020 16:35:28 +0000 Subject: use memwipe on secret k/alpha values Reported by UkoeHB_ and sarang --- src/crypto/crypto.cpp | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'src/crypto/crypto.cpp') diff --git a/src/crypto/crypto.cpp b/src/crypto/crypto.cpp index 0ec992de9..8a03f28bb 100644 --- a/src/crypto/crypto.cpp +++ b/src/crypto/crypto.cpp @@ -294,6 +294,7 @@ namespace crypto { sc_mulsub(&sig.r, &sig.c, &unwrap(sec), &k); if (!sc_isnonzero((const unsigned char*)sig.r.data)) goto try_again; + memwipe(&k, sizeof(k)); } bool crypto_ops::check_signature(const hash &prefix_hash, const public_key &pub, const signature &sig) { @@ -390,6 +391,8 @@ namespace crypto { // sig.r = k - sig.c*r sc_mulsub(&sig.r, &sig.c, &unwrap(r), &k); + + memwipe(&k, sizeof(k)); } bool crypto_ops::check_tx_proof(const hash &prefix_hash, const public_key &R, const public_key &A, const boost::optional &B, const public_key &D, const signature &sig) { @@ -560,6 +563,7 @@ POP_WARNINGS random_scalar(sig[i].c); random_scalar(sig[i].r); if (ge_frombytes_vartime(&tmp3, &*pubs[i]) != 0) { + memwipe(&k, sizeof(k)); local_abort("invalid pubkey"); } ge_double_scalarmult_base_vartime(&tmp2, &sig[i].c, &tmp3, &sig[i].r); @@ -573,6 +577,8 @@ POP_WARNINGS hash_to_scalar(buf.get(), rs_comm_size(pubs_count), h); sc_sub(&sig[sec_index].c, &h, &sum); sc_mulsub(&sig[sec_index].r, &sig[sec_index].c, &unwrap(sec), &k); + + memwipe(&k, sizeof(k)); } bool crypto_ops::check_ring_signature(const hash &prefix_hash, const key_image &image, -- cgit v1.2.3