diff options
author | Philip Kaufmann <phil.kaufmann@t-online.de> | 2012-11-08 19:38:49 +0100 |
---|---|---|
committer | Luke Dashjr <luke-jr+git@utopios.org> | 2012-11-12 23:53:55 +0000 |
commit | 65cee0bbbdea49c08bc84be7824ab004cc19f57e (patch) | |
tree | 8fe2481dabbacbba47d5ffbc89e32785af5306b5 | |
parent | caeafd1bd1b217276005c6bb422136f379d881cf (diff) | |
download | bitcoin-65cee0bbbdea49c08bc84be7824ab004cc19f57e.tar.xz |
don't use memset() in privacy/security relevant code parts
As memset() can be optimized out by a compiler it should not be used in
privacy/security relevant code parts. OpenSSL provides the safe
OPENSSL_cleanse() function in crypto.h, which perfectly does the job of
clean and overwrite data.
For details see: http://www.viva64.com/en/b/0178/
- change memset() to OPENSSL_cleanse() where appropriate
- change a hard-coded number from netbase.cpp into a sizeof()
-rw-r--r-- | src/base58.h | 6 | ||||
-rw-r--r-- | src/crypter.cpp | 4 | ||||
-rw-r--r-- | src/crypter.h | 4 | ||||
-rw-r--r-- | src/serialize.h | 6 | ||||
-rw-r--r-- | src/util.cpp | 2 |
5 files changed, 13 insertions, 9 deletions
diff --git a/src/base58.h b/src/base58.h index 9fe80781bd..a5770c9af5 100644 --- a/src/base58.h +++ b/src/base58.h @@ -17,6 +17,8 @@ #include <string> #include <vector> +#include <openssl/crypto.h> // for OPENSSL_cleanse() + #include "bignum.h" static const char* pszBase58 = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz"; @@ -175,7 +177,7 @@ protected: ~CBase58Data() { if (!vchData.empty()) - memset(&vchData[0], 0, vchData.size()); + OPENSSL_cleanse(&vchData[0], vchData.size()); } void SetData(int nVersionIn, const void* pdata, size_t nSize) @@ -206,7 +208,7 @@ public: vchData.resize(vchTemp.size() - 1); if (!vchData.empty()) memcpy(&vchData[0], &vchTemp[1], vchData.size()); - memset(&vchTemp[0], 0, vchTemp.size()); + OPENSSL_cleanse(&vchTemp[0], vchData.size()); return true; } diff --git a/src/crypter.cpp b/src/crypter.cpp index 8b0f8eb337..c395b8e234 100644 --- a/src/crypter.cpp +++ b/src/crypter.cpp @@ -33,8 +33,8 @@ bool CCrypter::SetKeyFromPassphrase(const std::string& strKeyData, const std::ve if (i != (int)WALLET_CRYPTO_KEY_SIZE) { - memset(&chKey, 0, sizeof chKey); - memset(&chIV, 0, sizeof chIV); + OPENSSL_cleanse(chKey, sizeof(chKey)); + OPENSSL_cleanse(chIV, sizeof(chIV)); return false; } diff --git a/src/crypter.h b/src/crypter.h index 5b95ea415e..b23fb6edec 100644 --- a/src/crypter.h +++ b/src/crypter.h @@ -72,8 +72,8 @@ public: void CleanKey() { - memset(&chKey, 0, sizeof chKey); - memset(&chIV, 0, sizeof chIV); + OPENSSL_cleanse(chKey, sizeof(chKey)); + OPENSSL_cleanse(chIV, sizeof(chIV)); munlock(&chKey, sizeof chKey); munlock(&chIV, sizeof chIV); fKeySet = false; diff --git a/src/serialize.h b/src/serialize.h index 18aa2a56a3..426c11a18f 100644 --- a/src/serialize.h +++ b/src/serialize.h @@ -14,6 +14,8 @@ #include <cstring> #include <cstdio> +#include <openssl/crypto.h> // for OPENSSL_cleanse() + #include <boost/type_traits/is_fundamental.hpp> #include <boost/tuple/tuple.hpp> #include <boost/tuple/tuple_comparison.hpp> @@ -823,7 +825,7 @@ struct secure_allocator : public std::allocator<T> { if (p != NULL) { - memset(p, 0, sizeof(T) * n); + OPENSSL_cleanse(p, sizeof(T) * n); munlock(p, sizeof(T) * n); } std::allocator<T>::deallocate(p, n); @@ -857,7 +859,7 @@ struct zero_after_free_allocator : public std::allocator<T> void deallocate(T* p, std::size_t n) { if (p != NULL) - memset(p, 0, sizeof(T) * n); + OPENSSL_cleanse(p, sizeof(T) * n); std::allocator<T>::deallocate(p, n); } }; diff --git a/src/util.cpp b/src/util.cpp index 62fa4c0575..681eebaf08 100644 --- a/src/util.cpp +++ b/src/util.cpp @@ -131,7 +131,7 @@ void RandAddSeedPerfmon() if (ret == ERROR_SUCCESS) { RAND_add(pdata, nSize, nSize/100.0); - memset(pdata, 0, nSize); + OPENSSL_cleanse(pdata, nSize); printf("%s RandAddSeed() %d bytes\n", DateTimeStrFormat("%x %H:%M", GetTime()).c_str(), nSize); } #endif |