Merge pull request #1992 from Diapolo/no_memset
don't use memset() in privacy/security relevant code parts
This commit is contained in:
Gregory Maxwell
commit
91cee34638
|
|
@ -9,6 +9,7 @@
|
|||
#include <string>
|
||||
#include <boost/thread/mutex.hpp>
|
||||
#include <map>
|
||||
#include <openssl/crypto.h> // for OPENSSL_cleanse()
|
||||
|
||||
#ifdef WIN32
|
||||
#ifdef _WIN32_WINNT
|
||||
|
|
@ -212,7 +213,7 @@ struct secure_allocator : public std::allocator<T>
|
|||
{
|
||||
if (p != NULL)
|
||||
{
|
||||
memset(p, 0, sizeof(T) * n);
|
||||
OPENSSL_cleanse(p, sizeof(T) * n);
|
||||
LockedPageManager::instance.UnlockRange(p, sizeof(T) * n);
|
||||
}
|
||||
std::allocator<T>::deallocate(p, n);
|
||||
|
|
@ -246,7 +247,7 @@ struct zero_after_free_allocator : public std::allocator<T>
|
|||
void deallocate(T* p, std::size_t n)
|
||||
{
|
||||
if (p != NULL)
|
||||
memset(p, 0, sizeof(T) * n);
|
||||
OPENSSL_cleanse(p, sizeof(T) * n);
|
||||
std::allocator<T>::deallocate(p, n);
|
||||
}
|
||||
};
|
||||
|
|
|
|||
16
src/base58.h
16
src/base58.h
|
|
@ -17,9 +17,11 @@
|
|||
|
||||
#include <string>
|
||||
#include <vector>
|
||||
|
||||
#include "bignum.h"
|
||||
#include "key.h"
|
||||
#include "script.h"
|
||||
#include "allocators.h"
|
||||
|
||||
static const char* pszBase58 = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz";
|
||||
|
||||
|
|
@ -178,7 +180,8 @@ protected:
|
|||
unsigned char nVersion;
|
||||
|
||||
// the actually encoded data
|
||||
std::vector<unsigned char> vchData;
|
||||
typedef std::vector<unsigned char, zero_after_free_allocator<unsigned char> > vector_uchar;
|
||||
vector_uchar vchData;
|
||||
|
||||
CBase58Data()
|
||||
{
|
||||
|
|
@ -186,13 +189,6 @@ protected:
|
|||
vchData.clear();
|
||||
}
|
||||
|
||||
~CBase58Data()
|
||||
{
|
||||
// zero the memory, as it may contain sensitive data
|
||||
if (!vchData.empty())
|
||||
memset(&vchData[0], 0, vchData.size());
|
||||
}
|
||||
|
||||
void SetData(int nVersionIn, const void* pdata, size_t nSize)
|
||||
{
|
||||
nVersion = nVersionIn;
|
||||
|
|
@ -221,7 +217,7 @@ public:
|
|||
vchData.resize(vchTemp.size() - 1);
|
||||
if (!vchData.empty())
|
||||
memcpy(&vchData[0], &vchTemp[1], vchData.size());
|
||||
memset(&vchTemp[0], 0, vchTemp.size());
|
||||
OPENSSL_cleanse(&vchTemp[0], vchData.size());
|
||||
return true;
|
||||
}
|
||||
|
||||
|
|
@ -457,4 +453,4 @@ public:
|
|||
}
|
||||
};
|
||||
|
||||
#endif
|
||||
#endif // BITCOIN_BASE58_H
|
||||
|
|
|
|||
|
|
@ -24,8 +24,8 @@ bool CCrypter::SetKeyFromPassphrase(const SecureString& strKeyData, const std::v
|
|||
|
||||
if (i != (int)WALLET_CRYPTO_KEY_SIZE)
|
||||
{
|
||||
memset(&chKey, 0, sizeof chKey);
|
||||
memset(&chIV, 0, sizeof chIV);
|
||||
OPENSSL_cleanse(chKey, sizeof(chKey));
|
||||
OPENSSL_cleanse(chIV, sizeof(chIV));
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -76,8 +76,8 @@ public:
|
|||
|
||||
void CleanKey()
|
||||
{
|
||||
memset(&chKey, 0, sizeof chKey);
|
||||
memset(&chIV, 0, sizeof chIV);
|
||||
OPENSSL_cleanse(chKey, sizeof(chKey));
|
||||
OPENSSL_cleanse(chIV, sizeof(chIV));
|
||||
fKeySet = false;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -545,7 +545,7 @@ bool ConnectSocketByName(CService &addr, SOCKET& hSocketRet, const char *pszDest
|
|||
|
||||
void CNetAddr::Init()
|
||||
{
|
||||
memset(ip, 0, 16);
|
||||
memset(ip, 0, sizeof(ip));
|
||||
}
|
||||
|
||||
void CNetAddr::SetIP(const CNetAddr& ipIn)
|
||||
|
|
|
|||
|
|
@ -156,7 +156,7 @@ void RandAddSeedPerfmon()
|
|||
if (ret == ERROR_SUCCESS)
|
||||
{
|
||||
RAND_add(pdata, nSize, nSize/100.0);
|
||||
memset(pdata, 0, nSize);
|
||||
OPENSSL_cleanse(pdata, nSize);
|
||||
printf("RandAddSeed() %lu bytes\n", nSize);
|
||||
}
|
||||
#endif
|
||||
|
|
|
|||
Loading…
Reference in New Issue