QPQ-AG/enacl
10
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Zero out temporary secret key memory.

Browse Source
This commit is contained in:
Alexander Færøy 2015-02-22 13:26:11 +01:00
parent ef36bb85c1
commit d61d363426
No known key found for this signature in database
GPG Key ID: E15081D5D3C3DB53
1 changed files with 17 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
c_src/enacl_nif.c
View File

@ -82,6 +82,7 @@ ERL_NIF_TERM enif_crypto_verify_32(ErlNifEnv *env, int argc, ERL_NIF_TERM const
/* Curve 25519 */ /* Curve 25519 */
static static
ERL_NIF_TERM enif_crypto_curve25519_scalarmult(ErlNifEnv *env, int argc, ERL_NIF_TERM const argv[]) { ERL_NIF_TERM enif_crypto_curve25519_scalarmult(ErlNifEnv *env, int argc, ERL_NIF_TERM const argv[]) {
ERL_NIF_TERM result;
ErlNifBinary secret, basepoint, output; ErlNifBinary secret, basepoint, output;
uint8_t bp[crypto_scalarmult_curve25519_BYTES]; uint8_t bp[crypto_scalarmult_curve25519_BYTES];
@ -97,15 +98,24 @@ ERL_NIF_TERM enif_crypto_curve25519_scalarmult(ErlNifEnv *env, int argc, ERL_NIF
/* Clear the high-bit. Better safe than sorry. */ /* Clear the high-bit. Better safe than sorry. */
bp[31] &= 0x7f; bp[31] &= 0x7f;
if (!enif_alloc_binary(crypto_scalarmult_curve25519_BYTES, &output)) { do
return nacl_error_tuple(env, "alloc_failed"); {
} if (!enif_alloc_binary(crypto_scalarmult_curve25519_BYTES, &output)) {
result = nacl_error_tuple(env, "alloc_failed");
continue;
}
if (crypto_scalarmult_curve25519(output.data, secret.data, bp) < 0) { if (crypto_scalarmult_curve25519(output.data, secret.data, bp) < 0) {
return nacl_error_tuple(env, "scalarmult_curve25519_failed"); result = nacl_error_tuple(env, "scalarmult_curve25519_failed");
} continue;
}
return enif_make_binary(env, &output); result = enif_make_binary(env, &output);
} while (0);
sodium_memzero(bp, crypto_scalarmult_curve25519_BYTES);
return result;
} }
/* Public-key cryptography */ /* Public-key cryptography */