Do memwipe for critical secret keys copied to rct::key

2025-08-07 13:42:28 -04:00 · 2018-08-16 22:08:58 +09:00 · 2018-08-16 22:08:58 +09:00 · 1f2409e9e2
commit 1f2409e9e2
parent b780cf4db1
4 changed files with 15 additions and 3 deletions
--- a/src/multisig/multisig.cpp
+++ b/src/multisig/multisig.cpp
@ -47,9 +47,12 @@ namespace cryptonote
  crypto::secret_key get_multisig_blinded_secret_key(const crypto::secret_key &key)
  {
    rct::keyV data;
+    data.reserve(2);
    data.push_back(rct::sk2rct(key));
    data.push_back(multisig_salt);
-    return rct::rct2sk(rct::hash_to_scalar(data));
+    crypto::secret_key result = rct::rct2sk(rct::hash_to_scalar(data));
+    memwipe(&data[0], sizeof(rct::key));
+    return result;
  }
  //-----------------------------------------------------------------
  void generate_multisig_N_N(const account_keys &keys, const std::vector<crypto::public_key> &spend_keys, std::vector<crypto::secret_key> &multisig_keys, rct::key &spend_skey, rct::key &spend_pkey)