I think crypto_digest_get_digest and init_curve25519_keypair_from_file aren't memwiping all their key memory.
I'll list the details of a branch when the changes file is done.