summaryrefslogtreecommitdiff
path: root/src/lib
diff options
context:
space:
mode:
authorDimitri Staessens <dimitri@ouroboros.rocks>2026-06-21 14:50:25 +0200
committerSander Vrijders <sander@ouroboros.rocks>2026-06-29 08:33:00 +0200
commit451afac626648a4aa534f1dec0f318231dfd8874 (patch)
tree661f319a97dea525c3c9a5b1c335de3738527d73 /src/lib
parent4b16f7b9ba95f7e24ff443e5b215c2823c1387f7 (diff)
downloadouroboros-451afac626648a4aa534f1dec0f318231dfd8874.tar.gz
ouroboros-451afac626648a4aa534f1dec0f318231dfd8874.zip
lib: Wipe unpacked session key after copy
Zeroize the symmetric key in the unpacked IRM message once it has been copied into the crypt context, in both flow__irm_result_des and flow_rekey__irm_result_des, so key material does not linger in the protobuf buffer until it is freed. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
Diffstat (limited to 'src/lib')
-rw-r--r--src/lib/serdes-irm.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/src/lib/serdes-irm.c b/src/lib/serdes-irm.c
index 74ca694c..1d9b4dec 100644
--- a/src/lib/serdes-irm.c
+++ b/src/lib/serdes-irm.c
@@ -176,6 +176,9 @@ int flow__irm_result_des(buffer_t * buf,
sk->epoch = msg->has_generation ? (uint8_t) msg->generation : 0;
+ if (msg->sym_key.len == SYMMKEYSZ)
+ crypt_secure_clear(msg->sym_key.data, msg->sym_key.len);
+
irm_msg__free_unpacked(msg, NULL);
return 0;
@@ -216,6 +219,7 @@ int flow_rekey__irm_result_des(buffer_t * buf,
sk->epoch = msg->has_generation ?
(uint8_t) msg->generation : 0;
*initiator = msg->has_rk_initiator && msg->rk_initiator;
+ crypt_secure_clear(msg->sym_key.data, msg->sym_key.len);
}
irm_msg__free_unpacked(msg, NULL);