Merge branch 'tor-github/pr/994'

Signed-off-by: David Goulet <dgoulet@torproject.org>
2024-09-21 05:26:20 +02:00 · 2019-05-07 08:02:39 -04:00 · 2019-05-07 08:02:39 -04:00 · b72f5da03d
commit b72f5da03d
parent c8c64caf37 295feeb093
44 changed files with 101 additions and 95 deletions
--- a/changes/bug30309
+++ b/changes/bug30309
@ -0,0 +1,3 @@
  o Code simplification and refactoring:
    - Rename tor_mem_is_zero() to fast_mem_is_zero(), to emphasize that
      it is not a constant-time function. Closes ticket 30309.
--- a/src/core/mainloop/connection.c
+++ b/src/core/mainloop/connection.c
@ -1654,7 +1654,7 @@ check_sockaddr(const struct sockaddr *sa, int len, int level)
             len,(int)sizeof(struct sockaddr_in6));
      ok = 0;
    }
-    if (tor_mem_is_zero((void*)sin6->sin6_addr.s6_addr, 16) ||
+    if (fast_mem_is_zero((void*)sin6->sin6_addr.s6_addr, 16) ||
        sin6->sin6_port == 0) {
      log_fn(level, LD_NET,
             "Address for new connection has address/port equal to zero.");
--- a/src/core/or/channeltls.c
+++ b/src/core/or/channeltls.c
@ -1722,7 +1722,7 @@ channel_tls_process_netinfo_cell(cell_t *cell, channel_tls_t *chan)
        tor_assert(tor_digest_is_zero(
                  (const char*)(chan->conn->handshake_state->
                      authenticated_rsa_peer_id)));
-        tor_assert(tor_mem_is_zero(
+        tor_assert(fast_mem_is_zero(
                  (const char*)(chan->conn->handshake_state->
                                authenticated_ed25519_peer_id.pubkey), 32));
        /* If the client never authenticated, it's a tor client or bridge
--- a/src/core/or/circuitbuild.c
+++ b/src/core/or/circuitbuild.c
@ -2989,7 +2989,7 @@ extend_info_supports_ntor(const extend_info_t* ei)
 {
  tor_assert(ei);
  /* Valid ntor keys have at least one non-zero byte */
-  return !tor_mem_is_zero(
+  return !fast_mem_is_zero(
                          (const char*)ei->curve25519_onion_key.public_key,
                          CURVE25519_PUBKEY_LEN);
 }
--- a/src/feature/client/bridges.c
+++ b/src/feature/client/bridges.c
@ -348,7 +348,7 @@ int
 node_is_a_configured_bridge(const node_t *node)
 {
  /* First, let's try searching for a bridge with matching identity. */
-  if (BUG(tor_mem_is_zero(node->identity, DIGEST_LEN)))
+  if (BUG(fast_mem_is_zero(node->identity, DIGEST_LEN)))
    return 0;
  if (find_bridge_by_digest(node->identity) != NULL)
--- a/src/feature/dirauth/dirvote.c
+++ b/src/feature/dirauth/dirvote.c
@ -2599,7 +2599,7 @@ networkstatus_add_detached_signatures(networkstatus_t *target,
      return -1;
    }
    for (alg = DIGEST_SHA1; alg < N_COMMON_DIGEST_ALGORITHMS; ++alg) {
-      if (!tor_mem_is_zero(digests->d[alg], DIGEST256_LEN)) {
+      if (!fast_mem_is_zero(digests->d[alg], DIGEST256_LEN)) {
        if (fast_memeq(target->digests.d[alg], digests->d[alg],
                       DIGEST256_LEN)) {
          ++n_matches;
@ -2795,7 +2795,7 @@ networkstatus_get_detached_signatures(smartlist_t *consensuses)
      char d[HEX_DIGEST256_LEN+1];
      const char *alg_name =
        crypto_digest_algorithm_get_name(alg);
-      if (tor_mem_is_zero(ns->digests.d[alg], DIGEST256_LEN))
+      if (fast_mem_is_zero(ns->digests.d[alg], DIGEST256_LEN))
        continue;
      base16_encode(d, sizeof(d), ns->digests.d[alg], DIGEST256_LEN);
      smartlist_add_asprintf(elements, "additional-digest %s %s %s\n",
--- a/src/feature/dirauth/dsigs_parse.c
+++ b/src/feature/dirauth/dsigs_parse.c
@ -127,7 +127,7 @@ networkstatus_parse_detached_signatures(const char *s, const char *eos)
    }
    digests = detached_get_digests(sigs, flavor);
    tor_assert(digests);
-    if (!tor_mem_is_zero(digests->d[alg], digest_length)) {
+    if (!fast_mem_is_zero(digests->d[alg], digest_length)) {
      log_warn(LD_DIR, "Multiple digests for %s with %s on detached "
               "signatures document", flavor, algname);
      continue;
--- a/src/feature/dirauth/shared_random.c
+++ b/src/feature/dirauth/shared_random.c
@ -224,7 +224,7 @@ verify_commit_and_reveal(const sr_commit_t *commit)
 STATIC int
 commit_has_reveal_value(const sr_commit_t *commit)
 {
-  return !tor_mem_is_zero(commit->encoded_reveal,
+  return !fast_mem_is_zero(commit->encoded_reveal,
                          sizeof(commit->encoded_reveal));
 }
@ -486,7 +486,7 @@ get_vote_line_from_commit(const sr_commit_t *commit, sr_phase_t phase)
  {
    /* Send a reveal value for this commit if we have one. */
    const char *reveal_str = commit->encoded_reveal;
-    if (tor_mem_is_zero(commit->encoded_reveal,
+    if (fast_mem_is_zero(commit->encoded_reveal,
                        sizeof(commit->encoded_reveal))) {
      reveal_str = "";
    }
--- a/src/feature/dirauth/shared_random_state.c
+++ b/src/feature/dirauth/shared_random_state.c
@ -538,7 +538,7 @@ disk_state_put_commit_line(const sr_commit_t *commit, config_line_t *line)
  tor_assert(commit);
  tor_assert(line);
-  if (!tor_mem_is_zero(commit->encoded_reveal,
+  if (!fast_mem_is_zero(commit->encoded_reveal,
                       sizeof(commit->encoded_reveal))) {
    /* Add extra whitespace so we can format the line correctly. */
    tor_asprintf(&reveal_str, " %s", commit->encoded_reveal);
--- a/src/feature/dirclient/dirclient.c
+++ b/src/feature/dirclient/dirclient.c
@ -2531,7 +2531,7 @@ handle_response_fetch_microdesc(dir_connection_t *conn,
           conn->base_.port);
  tor_assert(conn->requested_resource &&
             !strcmpstart(conn->requested_resource, "d/"));
-  tor_assert_nonfatal(!tor_mem_is_zero(conn->identity_digest, DIGEST_LEN));
+  tor_assert_nonfatal(!fast_mem_is_zero(conn->identity_digest, DIGEST_LEN));
  which = smartlist_new();
  dir_split_resource_into_fingerprints(conn->requested_resource+2,
                                       which, NULL,
--- a/src/feature/dircommon/voting_schedule.c
+++ b/src/feature/dircommon/voting_schedule.c
@ -150,7 +150,7 @@ voting_schedule_get_next_valid_after_time(void)
  /* This is a safe guard in order to make sure that the voting schedule
   * static object is at least initialized. Using this function with a zeroed
   * voting schedule can lead to bugs. */
-  if (tor_mem_is_zero((const char *) &voting_schedule,
+  if (fast_mem_is_zero((const char *) &voting_schedule,
                      sizeof(voting_schedule))) {
    need_to_recalculate_voting_schedule = true;
    goto done; /* no need for next check if we have to recalculate anyway */
--- a/src/feature/dirparse/ns_parse.c
+++ b/src/feature/dirparse/ns_parse.c
@ -1478,7 +1478,7 @@ networkstatus_parse_vote_from_string(const char *s,
    SMARTLIST_FOREACH_BEGIN(ns->routerstatus_list, vote_routerstatus_t *,
                            vrs) {
      if (! vrs->has_ed25519_listing ||
-          tor_mem_is_zero((const char *)vrs->ed25519_id, DIGEST256_LEN))
+          fast_mem_is_zero((const char *)vrs->ed25519_id, DIGEST256_LEN))
        continue;
      if (digest256map_get(ed_id_map, vrs->ed25519_id) != NULL) {
        log_warn(LD_DIR, "Vote networkstatus ed25519 identities were not "
--- a/src/feature/hs/hs_common.c
+++ b/src/feature/hs/hs_common.c
@ -1025,7 +1025,7 @@ hs_build_blinded_pubkey(const ed25519_public_key_t *pk,
  tor_assert(pk);
  tor_assert(blinded_pk_out);
-  tor_assert(!tor_mem_is_zero((char *) pk, ED25519_PUBKEY_LEN));
+  tor_assert(!fast_mem_is_zero((char *) pk, ED25519_PUBKEY_LEN));
  build_blinded_key_param(pk, secret, secret_len,
                          time_period_num, get_time_period_length(), param);
@ -1050,8 +1050,8 @@ hs_build_blinded_keypair(const ed25519_keypair_t *kp,
  tor_assert(kp);
  tor_assert(blinded_kp_out);
  /* Extra safety. A zeroed key is bad. */
-  tor_assert(!tor_mem_is_zero((char *) &kp->pubkey, ED25519_PUBKEY_LEN));
+  tor_assert(!fast_mem_is_zero((char *) &kp->pubkey, ED25519_PUBKEY_LEN));
-  tor_assert(!tor_mem_is_zero((char *) &kp->seckey, ED25519_SECKEY_LEN));
+  tor_assert(!fast_mem_is_zero((char *) &kp->seckey, ED25519_SECKEY_LEN));
  build_blinded_key_param(&kp->pubkey, secret, secret_len,
                          time_period_num, get_time_period_length(), param);
@ -1283,15 +1283,15 @@ node_has_hsdir_index(const node_t *node)
  /* At this point, since the node has a desc, this node must also have an
   * hsdir index. If not, something went wrong, so BUG out. */
-  if (BUG(tor_mem_is_zero((const char*)node->hsdir_index.fetch,
+  if (BUG(fast_mem_is_zero((const char*)node->hsdir_index.fetch,
                          DIGEST256_LEN))) {
    return 0;
  }
-  if (BUG(tor_mem_is_zero((const char*)node->hsdir_index.store_first,
+  if (BUG(fast_mem_is_zero((const char*)node->hsdir_index.store_first,
                          DIGEST256_LEN))) {
    return 0;
  }
-  if (BUG(tor_mem_is_zero((const char*)node->hsdir_index.store_second,
+  if (BUG(fast_mem_is_zero((const char*)node->hsdir_index.store_second,
                          DIGEST256_LEN))) {
    return 0;
  }
--- a/src/feature/hs/hs_descriptor.c
+++ b/src/feature/hs/hs_descriptor.c
@ -678,7 +678,7 @@ get_auth_client_str(const hs_desc_authorized_client_t *client)
  char encrypted_cookie_b64[HS_DESC_ENCRYPED_COOKIE_LEN * 2];
 #define ASSERT_AND_BASE64(field) STMT_BEGIN                        \
-  tor_assert(!tor_mem_is_zero((char *) client->field,              \
+  tor_assert(!fast_mem_is_zero((char *) client->field,              \
                              sizeof(client->field)));             \
  ret = base64_encode_nopad(field##_b64, sizeof(field##_b64),      \
                            client->field, sizeof(client->field)); \
@ -809,7 +809,7 @@ get_outer_encrypted_layer_plaintext(const hs_descriptor_t *desc,
    const curve25519_public_key_t *ephemeral_pubkey;
    ephemeral_pubkey = &desc->superencrypted_data.auth_ephemeral_pubkey;
-    tor_assert(!tor_mem_is_zero((char *) ephemeral_pubkey->public_key,
+    tor_assert(!fast_mem_is_zero((char *) ephemeral_pubkey->public_key,
                                CURVE25519_PUBKEY_LEN));
    curve25519_public_to_base64(ephemeral_key_base64, ephemeral_pubkey);
@ -1421,12 +1421,12 @@ decrypt_descriptor_cookie(const hs_descriptor_t *desc,
  tor_assert(desc);
  tor_assert(client);
  tor_assert(client_auth_sk);
-  tor_assert(!tor_mem_is_zero(
+  tor_assert(!fast_mem_is_zero(
        (char *) &desc->superencrypted_data.auth_ephemeral_pubkey,
        sizeof(desc->superencrypted_data.auth_ephemeral_pubkey)));
-  tor_assert(!tor_mem_is_zero((char *) client_auth_sk,
+  tor_assert(!fast_mem_is_zero((char *) client_auth_sk,
                              sizeof(*client_auth_sk)));
-  tor_assert(!tor_mem_is_zero((char *) desc->subcredential, DIGEST256_LEN));
+  tor_assert(!fast_mem_is_zero((char *) desc->subcredential, DIGEST256_LEN));
  /* Get the KEYS component to derive the CLIENT-ID and COOKIE-KEY. */
  keystream_length =
@ -2571,7 +2571,7 @@ hs_desc_decode_descriptor(const char *encoded,
  /* Subcredentials are not optional. */
  if (BUG(!subcredential ||
-          tor_mem_is_zero((char*)subcredential, DIGEST256_LEN))) {
+          fast_mem_is_zero((char*)subcredential, DIGEST256_LEN))) {
    log_warn(LD_GENERAL, "Tried to decrypt without subcred. Impossible!");
    goto err;
  }
@ -2884,13 +2884,13 @@ hs_desc_build_authorized_client(const uint8_t *subcredential,
  tor_assert(descriptor_cookie);
  tor_assert(client_out);
  tor_assert(subcredential);
-  tor_assert(!tor_mem_is_zero((char *) auth_ephemeral_sk,
+  tor_assert(!fast_mem_is_zero((char *) auth_ephemeral_sk,
                              sizeof(*auth_ephemeral_sk)));
-  tor_assert(!tor_mem_is_zero((char *) client_auth_pk,
+  tor_assert(!fast_mem_is_zero((char *) client_auth_pk,
                              sizeof(*client_auth_pk)));
-  tor_assert(!tor_mem_is_zero((char *) descriptor_cookie,
+  tor_assert(!fast_mem_is_zero((char *) descriptor_cookie,
                              HS_DESC_DESCRIPTOR_COOKIE_LEN));
-  tor_assert(!tor_mem_is_zero((char *) subcredential,
+  tor_assert(!fast_mem_is_zero((char *) subcredential,
                              DIGEST256_LEN));
  /* Get the KEYS part so we can derive the CLIENT-ID and COOKIE-KEY. */
--- a/src/feature/hs/hs_intropoint.c
+++ b/src/feature/hs/hs_intropoint.c
@ -392,7 +392,7 @@ validate_introduce1_parsed_cell(const trn_cell_introduce1_t *cell)
   * safety net here. The legacy ID must be zeroes in this case. */
  legacy_key_id_len = trn_cell_introduce1_getlen_legacy_key_id(cell);
  legacy_key_id = trn_cell_introduce1_getconstarray_legacy_key_id(cell);
-  if (BUG(!tor_mem_is_zero((char *) legacy_key_id, legacy_key_id_len))) {
+  if (BUG(!fast_mem_is_zero((char *) legacy_key_id, legacy_key_id_len))) {
    goto invalid;
  }
@ -517,7 +517,7 @@ introduce1_cell_is_legacy(const uint8_t *request)
  /* If the first 20 bytes of the cell (DIGEST_LEN) are NOT zeroes, it
   * indicates a legacy cell (v2). */
-  if (!tor_mem_is_zero((const char *) request, DIGEST_LEN)) {
+  if (!fast_mem_is_zero((const char *) request, DIGEST_LEN)) {
    /* Legacy cell. */
    return 1;
  }
--- a/src/feature/hs/hs_service.c
+++ b/src/feature/hs/hs_service.c
@ -1746,7 +1746,7 @@ build_service_desc_superencrypted(const hs_service_t *service,
         sizeof(curve25519_public_key_t));
  /* Test that subcred is not zero because we might use it below */
-  if (BUG(tor_mem_is_zero((char*)desc->desc->subcredential, DIGEST256_LEN))) {
+  if (BUG(fast_mem_is_zero((char*)desc->desc->subcredential, DIGEST256_LEN))) {
    return -1;
  }
@ -1812,9 +1812,9 @@ build_service_desc_plaintext(const hs_service_t *service,
  tor_assert(service);
  tor_assert(desc);
-  tor_assert(!tor_mem_is_zero((char *) &desc->blinded_kp,
+  tor_assert(!fast_mem_is_zero((char *) &desc->blinded_kp,
                              sizeof(desc->blinded_kp)));
-  tor_assert(!tor_mem_is_zero((char *) &desc->signing_kp,
+  tor_assert(!fast_mem_is_zero((char *) &desc->signing_kp,
                              sizeof(desc->signing_kp)));
  /* Set the subcredential. */
@ -1864,7 +1864,7 @@ build_service_desc_keys(const hs_service_t *service,
  ed25519_keypair_t kp;
  tor_assert(desc);
-  tor_assert(!tor_mem_is_zero((char *) &service->keys.identity_pk,
+  tor_assert(!fast_mem_is_zero((char *) &service->keys.identity_pk,
             ED25519_PUBKEY_LEN));
  /* XXX: Support offline key feature (#18098). */
--- a/src/feature/nodelist/fmt_routerstatus.c
+++ b/src/feature/nodelist/fmt_routerstatus.c
@ -192,7 +192,7 @@ routerstatus_format_entry(const routerstatus_t *rs, const char *version,
    }
    if (format == NS_V3_VOTE && vrs) {
-      if (tor_mem_is_zero((char*)vrs->ed25519_id, ED25519_PUBKEY_LEN)) {
+      if (fast_mem_is_zero((char*)vrs->ed25519_id, ED25519_PUBKEY_LEN)) {
        smartlist_add_strdup(chunks, "id ed25519 none\n");
      } else {
        char ed_b64[BASE64_DIGEST256_LEN+1];
--- a/src/feature/nodelist/microdesc.c
+++ b/src/feature/nodelist/microdesc.c
@ -970,7 +970,7 @@ microdesc_list_missing_digest256(networkstatus_t *ns, microdesc_cache_t *cache,
      continue;
    if (skip && digest256map_get(skip, (const uint8_t*)rs->descriptor_digest))
      continue;
-    if (tor_mem_is_zero(rs->descriptor_digest, DIGEST256_LEN))
+    if (fast_mem_is_zero(rs->descriptor_digest, DIGEST256_LEN))
      continue;
    /* XXXX Also skip if we're a noncache and wouldn't use this router.
     * XXXX NM Microdesc
--- a/src/feature/nodelist/nodelist.c
+++ b/src/feature/nodelist/nodelist.c
@ -1859,7 +1859,7 @@ microdesc_has_curve25519_onion_key(const microdesc_t *md)
    return 0;
  }
-  if (tor_mem_is_zero((const char*)md->onion_curve25519_pkey->public_key,
+  if (fast_mem_is_zero((const char*)md->onion_curve25519_pkey->public_key,
                      CURVE25519_PUBKEY_LEN)) {
    return 0;
  }
--- a/src/feature/nodelist/routerlist.c
+++ b/src/feature/nodelist/routerlist.c
@ -2973,7 +2973,7 @@ routerinfo_incompatible_with_extrainfo(const crypto_pk_t *identity_pkey,
  digest256_matches = tor_memeq(ei->digest256,
                                sd->extra_info_digest256, DIGEST256_LEN);
  digest256_matches |=
-    tor_mem_is_zero(sd->extra_info_digest256, DIGEST256_LEN);
+    fast_mem_is_zero(sd->extra_info_digest256, DIGEST256_LEN);
  /* The identity must match exactly to have been generated at the same time
   * by the same router. */
@ -3057,7 +3057,7 @@ routerinfo_has_curve25519_onion_key(const routerinfo_t *ri)
    return 0;
  }
-  if (tor_mem_is_zero((const char*)ri->onion_curve25519_pkey->public_key,
+  if (fast_mem_is_zero((const char*)ri->onion_curve25519_pkey->public_key,
                      CURVE25519_PUBKEY_LEN)) {
    return 0;
  }
--- a/src/feature/nodelist/torcert.c
+++ b/src/feature/nodelist/torcert.c
@ -74,7 +74,7 @@ tor_cert_sign_impl(const ed25519_keypair_t *signing_key,
  tor_assert(real_len == alloc_len);
  tor_assert(real_len > ED25519_SIG_LEN);
  uint8_t *sig = encoded + (real_len - ED25519_SIG_LEN);
-  tor_assert(tor_mem_is_zero((char*)sig, ED25519_SIG_LEN));
+  tor_assert(fast_mem_is_zero((char*)sig, ED25519_SIG_LEN));
  ed25519_signature_t signature;
  if (ed25519_sign(&signature, encoded,
--- a/src/feature/relay/router.c
+++ b/src/feature/relay/router.c
@ -244,7 +244,7 @@ expire_old_onion_keys(void)
    lastonionkey = NULL;
  }
-  /* We zero out the keypair. See the tor_mem_is_zero() check made in
+  /* We zero out the keypair. See the fast_mem_is_zero() check made in
   * construct_ntor_key_map() below. */
  memset(&last_curve25519_onion_key, 0, sizeof(last_curve25519_onion_key));
@ -284,7 +284,7 @@ construct_ntor_key_map(void)
 {
  di_digest256_map_t *m = NULL;
-  if (!tor_mem_is_zero((const char*)
+  if (!fast_mem_is_zero((const char*)
                       curve25519_onion_key.pubkey.public_key,
                       CURVE25519_PUBKEY_LEN)) {
    dimap_add_entry(&m,
@ -292,7 +292,7 @@ construct_ntor_key_map(void)
                    tor_memdup(&curve25519_onion_key,
                               sizeof(curve25519_keypair_t)));
  }
-  if (!tor_mem_is_zero((const char*)
+  if (!fast_mem_is_zero((const char*)
                          last_curve25519_onion_key.pubkey.public_key,
                       CURVE25519_PUBKEY_LEN)) {
    dimap_add_entry(&m,
@ -1049,7 +1049,7 @@ init_keys(void)
      return -1;
    keydir = get_keydir_fname("secret_onion_key_ntor.old");
-    if (tor_mem_is_zero((const char *)
+    if (fast_mem_is_zero((const char *)
                           last_curve25519_onion_key.pubkey.public_key,
                        CURVE25519_PUBKEY_LEN) &&
        file_status(keydir) == FN_FILE) {
--- a/src/feature/relay/routerkeys.c
+++ b/src/feature/relay/routerkeys.c
@ -226,7 +226,7 @@ load_ed_keys(const or_options_t *options, time_t now)
        tor_free(fname);
      }
    }
-    if (tor_mem_is_zero((char*)id->seckey.seckey, sizeof(id->seckey)))
+    if (safe_mem_is_zero((char*)id->seckey.seckey, sizeof(id->seckey)))
      sign_signing_key_with_id = NULL;
    else
      sign_signing_key_with_id = id;
--- a/src/feature/rend/rendcache.c
+++ b/src/feature/rend/rendcache.c
@ -19,6 +19,8 @@
 #include "feature/rend/rend_intro_point_st.h"
 #include "feature/rend/rend_service_descriptor_st.h"
 #include "lib/ctime/di_ops.h"
 /** Map from service id (as generated by rend_get_service_id) to
 * rend_cache_entry_t. */
 STATIC strmap_t *rend_cache = NULL;
@ -889,7 +891,7 @@ rend_cache_store_v2_desc_as_client(const char *desc,
  if (intro_content && intro_size > 0) {
    int n_intro_points;
    if (rend_data->auth_type != REND_NO_AUTH &&
-        !tor_mem_is_zero(rend_data->descriptor_cookie,
+        !safe_mem_is_zero(rend_data->descriptor_cookie,
                          sizeof(rend_data->descriptor_cookie))) {
      char *ipos_decrypted = NULL;
      size_t ipos_decrypted_size;
--- a/src/lib/crypt_ops/crypto_ed25519.c
+++ b/src/lib/crypt_ops/crypto_ed25519.c
@ -226,7 +226,7 @@ ed25519_keypair_generate(ed25519_keypair_t *keypair_out, int extra_strong)
 int
 ed25519_public_key_is_zero(const ed25519_public_key_t *pubkey)
 {
-  return tor_mem_is_zero((char*)pubkey->pubkey, ED25519_PUBKEY_LEN);
+  return safe_mem_is_zero((char*)pubkey->pubkey, ED25519_PUBKEY_LEN);
 }
 /* Return a heap-allocated array that contains <b>msg</b> prefixed by the
--- a/src/lib/crypt_ops/crypto_format.c
+++ b/src/lib/crypt_ops/crypto_format.c
@ -104,7 +104,7 @@ crypto_read_tagged_contents_from_file(const char *fname,
  prefix[32] = 0;
  /* Check type, extract tag. */
  if (strcmpstart(prefix, "== ") || strcmpend(prefix, " ==") ||
-      ! tor_mem_is_zero(prefix+strlen(prefix), 32-strlen(prefix))) {
+      ! fast_mem_is_zero(prefix+strlen(prefix), 32-strlen(prefix))) {
    saved_errno = EINVAL;
    goto end;
  }
--- a/src/lib/crypt_ops/crypto_rand.c
+++ b/src/lib/crypt_ops/crypto_rand.c
@ -36,6 +36,7 @@
 #include "lib/defs/digest_sizes.h"
 #include "lib/crypt_ops/crypto_digest.h"
 #include "lib/ctime/di_ops.h"
 #ifdef ENABLE_NSS
 #include "lib/crypt_ops/crypto_nss_mgt.h"
@ -314,7 +315,7 @@ crypto_strongest_rand_raw(uint8_t *out, size_t out_len)
      }
    }
-    if ((out_len < sanity_min_size) || !tor_mem_is_zero((char*)out, out_len))
+    if ((out_len < sanity_min_size) || !safe_mem_is_zero((char*)out, out_len))
      return 0;
  }
--- a/src/lib/string/util_string.c
+++ b/src/lib/string/util_string.c
@ -71,7 +71,7 @@ tor_memstr(const void *haystack, size_t hlen, const char *needle)
 /** Return true iff the 'len' bytes at 'mem' are all zero. */
 int
-tor_mem_is_zero(const char *mem, size_t len)
+fast_mem_is_zero(const char *mem, size_t len)
 {
  static const char ZERO[] = {
    0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0,
@ -95,17 +95,14 @@ tor_mem_is_zero(const char *mem, size_t len)
 int
 tor_digest_is_zero(const char *digest)
 {
-  static const uint8_t ZERO_DIGEST[] = {
+  return safe_mem_is_zero(digest, DIGEST_LEN);
    0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0
  };
  return tor_memeq(digest, ZERO_DIGEST, DIGEST_LEN);
 }
 /** Return true iff the DIGEST256_LEN bytes in digest are all zero. */
 int
 tor_digest256_is_zero(const char *digest)
 {
-  return tor_mem_is_zero(digest, DIGEST256_LEN);
+  return safe_mem_is_zero(digest, DIGEST256_LEN);
 }
 /** Remove from the string <b>s</b> every character which appears in
--- a/src/lib/string/util_string.h
+++ b/src/lib/string/util_string.h
@ -20,7 +20,10 @@ const void *tor_memmem(const void *haystack, size_t hlen, const void *needle,
                       size_t nlen);
 const void *tor_memstr(const void *haystack, size_t hlen,
                       const char *needle);
-int tor_mem_is_zero(const char *mem, size_t len);
+int fast_mem_is_zero(const char *mem, size_t len);
 #define fast_digest_is_zero(d) fast_mem_is_zero((d), DIGEST_LEN)
 #define fast_digetst256_is_zero(d) fast_mem_is_zero((d), DIGEST256_LEN)
 int tor_digest_is_zero(const char *digest);
 int tor_digest256_is_zero(const char *digest);
--- a/src/test/test.c
+++ b/src/test/test.c
@ -284,7 +284,7 @@ test_fast_handshake(void *arg)
  /* First, test an entire handshake. */
  memset(client_handshake, 0, sizeof(client_handshake));
  tt_int_op(0, OP_EQ, fast_onionskin_create(&state, client_handshake));
-  tt_assert(! tor_mem_is_zero((char*)client_handshake,
+  tt_assert(! fast_mem_is_zero((char*)client_handshake,
                              sizeof(client_handshake)));
  tt_int_op(0, OP_EQ,
--- a/src/test/test_addr.c
+++ b/src/test/test_addr.c
@ -240,7 +240,7 @@ test_addr_ip6_helpers(void *arg)
  tt_int_op(0,OP_EQ, tor_addr_lookup("9000::5", AF_UNSPEC, &t1));
  tt_int_op(AF_INET6,OP_EQ, tor_addr_family(&t1));
  tt_int_op(0x90,OP_EQ, tor_addr_to_in6_addr8(&t1)[0]);
-  tt_assert(tor_mem_is_zero((char*)tor_addr_to_in6_addr8(&t1)+1, 14));
+  tt_assert(fast_mem_is_zero((char*)tor_addr_to_in6_addr8(&t1)+1, 14));
  tt_int_op(0x05,OP_EQ, tor_addr_to_in6_addr8(&t1)[15]);
  /* === Test pton: valid af_inet6 */
@ -697,7 +697,7 @@ test_addr_ip6_helpers(void *arg)
                              &t1,&mask,&port1,&port2);
  tt_int_op(r,OP_EQ,AF_INET6);
  tt_int_op(tor_addr_family(&t1),OP_EQ,AF_INET6);
-  tt_assert(tor_mem_is_zero((const char*)tor_addr_to_in6_addr32(&t1), 16));
+  tt_assert(fast_mem_is_zero((const char*)tor_addr_to_in6_addr32(&t1), 16));
  tt_int_op(mask,OP_EQ,0);
  tt_int_op(port1,OP_EQ,1);
  tt_int_op(port2,OP_EQ,65535);
--- a/src/test/test_crypto.c
+++ b/src/test/test_crypto.c
@ -389,7 +389,7 @@ test_crypto_aes128(void *arg)
                                   "\xff\xff\xff\xff\xff\xff\xff\xff"
                                   "\xff\xff\xff\xff\xff\xff\xff\xff");
  crypto_cipher_crypt_inplace(env1, data2, 64);
-  tt_assert(tor_mem_is_zero(data2, 64));
+  tt_assert(fast_mem_is_zero(data2, 64));
 done:
  tor_free(mem_op_hex_tmp);
@ -2134,7 +2134,7 @@ test_crypto_curve25519_persist(void *arg)
  tt_u64_op((uint64_t)st.st_size, OP_EQ,
            32+CURVE25519_PUBKEY_LEN+CURVE25519_SECKEY_LEN);
  tt_assert(fast_memeq(content, "== c25519v1: testing ==", taglen));
-  tt_assert(tor_mem_is_zero(content+taglen, 32-taglen));
+  tt_assert(fast_mem_is_zero(content+taglen, 32-taglen));
  cp = content + 32;
  tt_mem_op(keypair.seckey.secret_key,OP_EQ,
             cp,
--- a/src/test/test_crypto_slow.c
+++ b/src/test/test_crypto_slow.c
@ -109,7 +109,7 @@ run_s2k_tests(const unsigned flags, const unsigned type,
            secret_to_key_derivekey(buf3, sizeof(buf3), buf, speclen,
                                    pw1, strlen(pw1)));
  tt_mem_op(buf2, OP_EQ, buf3, sizeof(buf3));
-  tt_assert(!tor_mem_is_zero((char*)buf2+keylen, sizeof(buf2)-keylen));
+  tt_assert(!fast_mem_is_zero((char*)buf2+keylen, sizeof(buf2)-keylen));
 done:
  ;
--- a/src/test/test_extorport.c
+++ b/src/test/test_extorport.c
@ -177,7 +177,7 @@ test_ext_or_init_auth(void *arg)
  /* Shouldn't be initialized already, or our tests will be a bit
   * meaningless */
  ext_or_auth_cookie = tor_malloc_zero(32);
-  tt_assert(tor_mem_is_zero((char*)ext_or_auth_cookie, 32));
+  tt_assert(fast_mem_is_zero((char*)ext_or_auth_cookie, 32));
  /* Now make sure we use a temporary file */
  fn = get_fname("ext_cookie_file");
@ -202,7 +202,7 @@ test_ext_or_init_auth(void *arg)
  tt_mem_op(cp,OP_EQ, "! Extended ORPort Auth Cookie !\x0a", 32);
  tt_mem_op(cp+32,OP_EQ, ext_or_auth_cookie, 32);
  memcpy(cookie0, ext_or_auth_cookie, 32);
-  tt_assert(!tor_mem_is_zero((char*)ext_or_auth_cookie, 32));
+  tt_assert(!fast_mem_is_zero((char*)ext_or_auth_cookie, 32));
  /* Operation should be idempotent. */
  tt_int_op(0, OP_EQ, init_ext_or_cookie_authentication(1));
--- a/src/test/test_hs.c
+++ b/src/test/test_hs.c
@ -448,7 +448,7 @@ test_hs_rend_data(void *arg)
  tt_int_op(client_v2->auth_type, OP_EQ, REND_BASIC_AUTH);
  tt_int_op(strlen(client_v2->onion_address), OP_EQ, 0);
  tt_mem_op(client_v2->desc_id_fetch, OP_EQ, desc_id, sizeof(desc_id));
-  tt_int_op(tor_mem_is_zero(client_v2->descriptor_cookie,
+  tt_int_op(fast_mem_is_zero(client_v2->descriptor_cookie,
                            sizeof(client_v2->descriptor_cookie)), OP_EQ, 1);
  tt_assert(client->hsdirs_fp);
  tt_int_op(smartlist_len(client->hsdirs_fp), OP_EQ, 0);
--- a/src/test/test_hs_cache.c
+++ b/src/test/test_hs_cache.c
@ -486,7 +486,7 @@ test_client_cache(void *arg)
                                       NULL, &published_desc_str);
    tt_int_op(retval, OP_EQ, 0);
    memcpy(wanted_subcredential, published_desc->subcredential, DIGEST256_LEN);
-    tt_assert(!tor_mem_is_zero((char*)wanted_subcredential, DIGEST256_LEN));
+    tt_assert(!fast_mem_is_zero((char*)wanted_subcredential, DIGEST256_LEN));
  }
  /* Test handle_response_fetch_hsdesc_v3() */
--- a/src/test/test_hs_client.c
+++ b/src/test/test_hs_client.c
@ -395,7 +395,7 @@ test_client_pick_intro(void *arg)
    tt_assert(fetched_desc);
    tt_mem_op(fetched_desc->subcredential, OP_EQ, desc->subcredential,
              DIGEST256_LEN);
-    tt_assert(!tor_mem_is_zero((char*)fetched_desc->subcredential,
+    tt_assert(!fast_mem_is_zero((char*)fetched_desc->subcredential,
                               DIGEST256_LEN));
    tor_free(encoded);
  }
@ -433,7 +433,7 @@ test_client_pick_intro(void *arg)
    for (int i = 0; i < 64; ++i) {
      extend_info_t *ip = client_get_random_intro(&service_kp.pubkey);
      tor_assert(ip);
-      tt_assert(!tor_mem_is_zero((char*)ip->identity_digest, DIGEST_LEN));
+      tt_assert(!fast_mem_is_zero((char*)ip->identity_digest, DIGEST_LEN));
      tt_mem_op(ip->identity_digest, OP_EQ, chosen_intro_ei->identity_digest,
                DIGEST_LEN);
      extend_info_free(ip);
--- a/src/test/test_hs_descriptor.c
+++ b/src/test/test_hs_descriptor.c
@ -126,7 +126,7 @@ test_descriptor_padding(void *arg)
    tt_assert(padded_plaintext);
    tor_free(plaintext);
    /* Make sure our padding has been zeroed. */
-    tt_int_op(tor_mem_is_zero((char *) padded_plaintext + plaintext_len,
+    tt_int_op(fast_mem_is_zero((char *) padded_plaintext + plaintext_len,
                              padded_len - plaintext_len), OP_EQ, 1);
    tor_free(padded_plaintext);
    /* Never never have a padded length smaller than the plaintext. */
@ -143,7 +143,7 @@ test_descriptor_padding(void *arg)
    tt_assert(padded_plaintext);
    tor_free(plaintext);
    /* Make sure our padding has been zeroed. */
-    tt_int_op(tor_mem_is_zero((char *) padded_plaintext + plaintext_len,
+    tt_int_op(fast_mem_is_zero((char *) padded_plaintext + plaintext_len,
                              padded_len - plaintext_len), OP_EQ, 1);
    tor_free(padded_plaintext);
    /* Never never have a padded length smaller than the plaintext. */
@ -160,7 +160,7 @@ test_descriptor_padding(void *arg)
    tt_assert(padded_plaintext);
    tor_free(plaintext);
    /* Make sure our padding has been zeroed. */
-    tt_int_op(tor_mem_is_zero((char *) padded_plaintext + plaintext_len,
+    tt_int_op(fast_mem_is_zero((char *) padded_plaintext + plaintext_len,
                              padded_len - plaintext_len), OP_EQ, 1);
    tor_free(padded_plaintext);
    /* Never never have a padded length smaller than the plaintext. */
--- a/src/test/test_hs_service.c
+++ b/src/test/test_hs_service.c
@ -393,11 +393,11 @@ test_load_keys(void *arg)
  tt_assert(s);
  /* Ok we have the service object. Validate few things. */
-  tt_assert(!tor_mem_is_zero(s->onion_address, sizeof(s->onion_address)));
+  tt_assert(!fast_mem_is_zero(s->onion_address, sizeof(s->onion_address)));
  tt_int_op(hs_address_is_valid(s->onion_address), OP_EQ, 1);
-  tt_assert(!tor_mem_is_zero((char *) s->keys.identity_sk.seckey,
+  tt_assert(!fast_mem_is_zero((char *) s->keys.identity_sk.seckey,
                             ED25519_SECKEY_LEN));
-  tt_assert(!tor_mem_is_zero((char *) s->keys.identity_pk.pubkey,
+  tt_assert(!fast_mem_is_zero((char *) s->keys.identity_pk.pubkey,
                             ED25519_PUBKEY_LEN));
  /* Check onion address from identity key. */
  hs_build_address(&s->keys.identity_pk, s->config.version, addr);
@ -677,7 +677,7 @@ test_service_intro_point(void *arg)
    ip = helper_create_service_ip();
    tt_assert(ip);
    /* Make sure the authentication keypair is not zeroes. */
-    tt_int_op(tor_mem_is_zero((const char *) &ip->auth_key_kp,
+    tt_int_op(fast_mem_is_zero((const char *) &ip->auth_key_kp,
                              sizeof(ed25519_keypair_t)), OP_EQ, 0);
    /* The introduce2_max MUST be in that range. */
    tt_u64_op(ip->introduce2_max, OP_GE,
@ -1562,9 +1562,9 @@ test_build_update_descriptors(void *arg)
  tt_int_op(smartlist_len(ip_cur->base.link_specifiers), OP_EQ, 3);
  /* Make sure we have a valid encryption keypair generated when we pick an
   * intro point in the update process. */
-  tt_assert(!tor_mem_is_zero((char *) ip_cur->enc_key_kp.seckey.secret_key,
+  tt_assert(!fast_mem_is_zero((char *) ip_cur->enc_key_kp.seckey.secret_key,
                             CURVE25519_SECKEY_LEN));
-  tt_assert(!tor_mem_is_zero((char *) ip_cur->enc_key_kp.pubkey.public_key,
+  tt_assert(!fast_mem_is_zero((char *) ip_cur->enc_key_kp.pubkey.public_key,
                             CURVE25519_PUBKEY_LEN));
  tt_u64_op(ip_cur->time_to_expire, OP_GE, now +
            INTRO_POINT_LIFETIME_MIN_SECONDS);
@ -1884,9 +1884,9 @@ test_rendezvous1_parsing(void *arg)
  }
  /* Send out the RENDEZVOUS1 and make sure that our mock func worked */
-  tt_assert(tor_mem_is_zero(rend1_payload, 32));
+  tt_assert(fast_mem_is_zero(rend1_payload, 32));
  hs_circ_service_rp_has_opened(service, service_circ);
-  tt_assert(!tor_mem_is_zero(rend1_payload, 32));
+  tt_assert(!fast_mem_is_zero(rend1_payload, 32));
  tt_int_op(rend1_payload_len, OP_EQ, HS_LEGACY_RENDEZVOUS_CELL_SIZE);
  /******************************/
--- a/src/test/test_link_handshake.c
+++ b/src/test/test_link_handshake.c
@ -263,7 +263,7 @@ test_link_handshake_certs_ok(void *arg)
    tt_assert(c1->handshake_state->authenticated_rsa);
    tt_assert(! c1->handshake_state->authenticated_ed25519);
  }
-  tt_assert(! tor_mem_is_zero(
+  tt_assert(! fast_mem_is_zero(
                (char*)c1->handshake_state->authenticated_rsa_peer_id, 20));
  chan2 = tor_malloc_zero(sizeof(*chan2));
@ -290,7 +290,7 @@ test_link_handshake_certs_ok(void *arg)
    tt_ptr_op(c2->handshake_state->certs->ed_id_sign, OP_EQ, NULL);
  }
  tt_assert(c2->handshake_state->certs->id_cert);
-  tt_assert(tor_mem_is_zero(
+  tt_assert(fast_mem_is_zero(
              (char*)c2->handshake_state->authenticated_rsa_peer_id, 20));
  /* no authentication has happened yet, since we haen't gotten an AUTH cell.
   */
--- a/src/test/test_routerkeys.c
+++ b/src/test/test_routerkeys.c
@ -399,7 +399,7 @@ test_routerkeys_ed_key_init_split(void *arg)
  tt_assert(kp2 != NULL);
  tt_assert(cert == NULL);
  tt_mem_op(&kp1->pubkey, OP_EQ, &kp2->pubkey, sizeof(kp2->pubkey));
-  tt_assert(tor_mem_is_zero((char*)kp2->seckey.seckey,
+  tt_assert(fast_mem_is_zero((char*)kp2->seckey.seckey,
                            sizeof(kp2->seckey.seckey)));
  ed25519_keypair_free(kp2); kp2 = NULL;
@ -409,7 +409,7 @@ test_routerkeys_ed_key_init_split(void *arg)
  tt_assert(kp2 != NULL);
  tt_assert(cert == NULL);
  tt_mem_op(&kp1->pubkey, OP_EQ, &kp2->pubkey, sizeof(kp2->pubkey));
-  tt_assert(tor_mem_is_zero((char*)kp2->seckey.seckey,
+  tt_assert(fast_mem_is_zero((char*)kp2->seckey.seckey,
                            sizeof(kp2->seckey.seckey)));
  ed25519_keypair_free(kp2); kp2 = NULL;
--- a/src/test/test_shared_random.c
+++ b/src/test/test_shared_random.c
@ -449,12 +449,12 @@ test_sr_commit(void *arg)
    /* We should have a reveal value. */
    tt_assert(commit_has_reveal_value(our_commit));
    /* We should have a random value. */
-    tt_assert(!tor_mem_is_zero((char *) our_commit->random_number,
+    tt_assert(!fast_mem_is_zero((char *) our_commit->random_number,
                               sizeof(our_commit->random_number)));
    /* Commit and reveal timestamp should be the same. */
    tt_u64_op(our_commit->commit_ts, OP_EQ, our_commit->reveal_ts);
    /* We should have a hashed reveal. */
-    tt_assert(!tor_mem_is_zero(our_commit->hashed_reveal,
+    tt_assert(!fast_mem_is_zero(our_commit->hashed_reveal,
                               sizeof(our_commit->hashed_reveal)));
    /* Do we have a valid encoded commit and reveal. Note the following only
     * tests if the generated values are correct. Their could be a bug in
--- a/src/test/test_util.c
+++ b/src/test/test_util.c
@ -2087,14 +2087,14 @@ test_util_strmisc(void *arg)
  /* Test mem_is_zero */
  memset(buf,0,128);
  buf[128] = 'x';
-  tt_assert(tor_mem_is_zero(buf, 10));
+  tt_assert(fast_mem_is_zero(buf, 10));
-  tt_assert(tor_mem_is_zero(buf, 20));
+  tt_assert(fast_mem_is_zero(buf, 20));
-  tt_assert(tor_mem_is_zero(buf, 128));
+  tt_assert(fast_mem_is_zero(buf, 128));
-  tt_assert(!tor_mem_is_zero(buf, 129));
+  tt_assert(!fast_mem_is_zero(buf, 129));
  buf[60] = (char)255;
-  tt_assert(!tor_mem_is_zero(buf, 128));
+  tt_assert(!fast_mem_is_zero(buf, 128));
  buf[0] = (char)1;
-  tt_assert(!tor_mem_is_zero(buf, 10));
+  tt_assert(!fast_mem_is_zero(buf, 10));
  /* Test 'escaped' */
  tt_ptr_op(escaped(NULL), OP_EQ, NULL);
@ -3789,7 +3789,7 @@ test_util_memarea(void *arg)
  tt_int_op(((uintptr_t)p3) % sizeof(void*),OP_EQ, 0);
  tt_assert(!memarea_owns_ptr(area, p3+8192));
  tt_assert(!memarea_owns_ptr(area, p3+30));
-  tt_assert(tor_mem_is_zero(p2, 52));
+  tt_assert(fast_mem_is_zero(p2, 52));
  /* Make sure we don't overalign. */
  p1 = memarea_alloc(area, 1);
  p2 = memarea_alloc(area, 1);
--- a/src/test/test_util_format.c
+++ b/src/test/test_util_format.c
@ -367,7 +367,7 @@ test_util_format_base32_decode(void *arg)
    ret = base32_decode(dst, real_dstlen, "#abcde", 6);
    tt_int_op(ret, OP_EQ, -1);
    /* Make sure the destination buffer has been zeroed even on error. */
-    tt_int_op(tor_mem_is_zero(dst, real_dstlen), OP_EQ, 1);
+    tt_int_op(fast_mem_is_zero(dst, real_dstlen), OP_EQ, 1);
  }
 done: