In relay_digest_matches(), use stack instead of heap.

We'd been using crypto_digest_dup() and crypto_digest_assign() here,
but they aren't necessary.  Instead we can just use the stack to
store the previous state of the SHA_CTX and avoid a malloc/free pair.

Closes ticket 24914.

1 files changed, 9 insertions, 7 deletions

diff --git a/src/or/relay.c b/src/or/relay.c
index b1b99526df..aa53cda779 100644
--- a/src/or/relay.c
+++ b/src/or/relay.c
@@ -151,9 +151,9 @@ relay_digest_matches(crypto_digest_t *digest, cell_t *cell)
 {
   uint32_t received_integrity, calculated_integrity;
   relay_header_t rh;
-  crypto_digest_t *backup_digest=NULL;
+  crypto_digest_checkpoint_t backup_digest;
 
-  backup_digest = crypto_digest_dup(digest);
+  crypto_digest_checkpoint(&backup_digest, digest);
 
   relay_header_unpack(&rh, cell->payload);
   memcpy(&received_integrity, rh.integrity, 4);
@@ -167,19 +167,21 @@ relay_digest_matches(crypto_digest_t *digest, cell_t *cell)
   crypto_digest_add_bytes(digest, (char*) cell->payload, CELL_PAYLOAD_SIZE);
   crypto_digest_get_digest(digest, (char*) &calculated_integrity, 4);
 
+  int rv = 1;
+
   if (calculated_integrity != received_integrity) {
 //    log_fn(LOG_INFO,"Recognized=0 but bad digest. Not recognizing.");
 // (%d vs %d).", received_integrity, calculated_integrity);
     /* restore digest to its old form */
-    crypto_digest_assign(digest, backup_digest);
+    crypto_digest_restore(digest, &backup_digest);
     /* restore the relay header */
     memcpy(rh.integrity, &received_integrity, 4);
     relay_header_pack(cell->payload, &rh);
-    crypto_digest_free(backup_digest);
-    return 0;
+    rv = 0;
   }
-  crypto_digest_free(backup_digest);
-  return 1;
+
+  memwipe(&backup_digest, 0, sizeof(backup_digest));
+  return rv;
 }
 
 /** Apply <b>cipher</b> to CELL_PAYLOAD_SIZE bytes of <b>in</b>