aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorWladimir J. van der Laan <laanwj@gmail.com>2015-02-19 12:00:17 +0100
committerWladimir J. van der Laan <laanwj@gmail.com>2015-02-19 12:09:26 +0100
commit07f4386b387caddd82502d575cc9dba80b81d9f2 (patch)
tree65727039c39354977ca8b9007ed9e395cb089586
parentea98509fa5f76fac581a1d016c42c2407065e48d (diff)
parent1630219d906f592c9258bfe2a0e0c4923df35782 (diff)
Merge #5689: openssl: abstract out OPENSSL_cleanse
1630219 openssl: abstract out OPENSSL_cleanse (Cory Fields)
-rw-r--r--src/Makefile.am2
-rw-r--r--src/allocators.h10
-rw-r--r--src/base58.cpp2
-rw-r--r--src/crypter.cpp4
-rw-r--r--src/crypter.h4
-rw-r--r--src/db.cpp2
-rw-r--r--src/qt/paymentrequestplus.cpp1
-rw-r--r--src/qt/paymentrequestplus.h2
-rw-r--r--src/qt/paymentserver.cpp1
-rw-r--r--src/random.cpp6
-rw-r--r--src/streams.h1
-rw-r--r--src/support/cleanse.cpp13
-rw-r--r--src/support/cleanse.h13
13 files changed, 44 insertions, 17 deletions
diff --git a/src/Makefile.am b/src/Makefile.am
index 009c3c5196..7644f6b325 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -123,6 +123,7 @@ BITCOIN_CORE_H = \
script/standard.h \
serialize.h \
streams.h \
+ support/cleanse.h \
sync.h \
threadsafety.h \
timedata.h \
@@ -268,6 +269,7 @@ libbitcoin_util_a_SOURCES = \
compat/strnlen.cpp \
random.cpp \
rpcprotocol.cpp \
+ support/cleanse.cpp \
sync.cpp \
uint256.cpp \
util.cpp \
diff --git a/src/allocators.h b/src/allocators.h
index 6a131c3517..8ffe015b9e 100644
--- a/src/allocators.h
+++ b/src/allocators.h
@@ -6,6 +6,8 @@
#ifndef BITCOIN_ALLOCATORS_H
#define BITCOIN_ALLOCATORS_H
+#include "support/cleanse.h"
+
#include <map>
#include <string>
#include <string.h>
@@ -14,8 +16,6 @@
#include <boost/thread/mutex.hpp>
#include <boost/thread/once.hpp>
-#include <openssl/crypto.h> // for OPENSSL_cleanse()
-
/**
* Thread-safe class to keep track of locked (ie, non-swappable) memory pages.
*
@@ -174,7 +174,7 @@ void LockObject(const T& t)
template <typename T>
void UnlockObject(const T& t)
{
- OPENSSL_cleanse((void*)(&t), sizeof(T));
+ memory_cleanse((void*)(&t), sizeof(T));
LockedPageManager::Instance().UnlockRange((void*)(&t), sizeof(T));
}
@@ -217,7 +217,7 @@ struct secure_allocator : public std::allocator<T> {
void deallocate(T* p, std::size_t n)
{
if (p != NULL) {
- OPENSSL_cleanse(p, sizeof(T) * n);
+ memory_cleanse(p, sizeof(T) * n);
LockedPageManager::Instance().UnlockRange(p, sizeof(T) * n);
}
std::allocator<T>::deallocate(p, n);
@@ -254,7 +254,7 @@ struct zero_after_free_allocator : public std::allocator<T> {
void deallocate(T* p, std::size_t n)
{
if (p != NULL)
- OPENSSL_cleanse(p, sizeof(T) * n);
+ memory_cleanse(p, sizeof(T) * n);
std::allocator<T>::deallocate(p, n);
}
};
diff --git a/src/base58.cpp b/src/base58.cpp
index 980d3cbf42..c809185056 100644
--- a/src/base58.cpp
+++ b/src/base58.cpp
@@ -172,7 +172,7 @@ bool CBase58Data::SetString(const char* psz, unsigned int nVersionBytes)
vchData.resize(vchTemp.size() - nVersionBytes);
if (!vchData.empty())
memcpy(&vchData[0], &vchTemp[nVersionBytes], vchData.size());
- OPENSSL_cleanse(&vchTemp[0], vchData.size());
+ memory_cleanse(&vchTemp[0], vchData.size());
return true;
}
diff --git a/src/crypter.cpp b/src/crypter.cpp
index 75d84dbf13..c7f7e21679 100644
--- a/src/crypter.cpp
+++ b/src/crypter.cpp
@@ -26,8 +26,8 @@ bool CCrypter::SetKeyFromPassphrase(const SecureString& strKeyData, const std::v
if (i != (int)WALLET_CRYPTO_KEY_SIZE)
{
- OPENSSL_cleanse(chKey, sizeof(chKey));
- OPENSSL_cleanse(chIV, sizeof(chIV));
+ memory_cleanse(chKey, sizeof(chKey));
+ memory_cleanse(chIV, sizeof(chIV));
return false;
}
diff --git a/src/crypter.h b/src/crypter.h
index cbaf1562f0..8a91498e2e 100644
--- a/src/crypter.h
+++ b/src/crypter.h
@@ -82,8 +82,8 @@ public:
void CleanKey()
{
- OPENSSL_cleanse(chKey, sizeof(chKey));
- OPENSSL_cleanse(chIV, sizeof(chIV));
+ memory_cleanse(chKey, sizeof(chKey));
+ memory_cleanse(chIV, sizeof(chIV));
fKeySet = false;
}
diff --git a/src/db.cpp b/src/db.cpp
index a7f885135b..3246e4b67a 100644
--- a/src/db.cpp
+++ b/src/db.cpp
@@ -21,8 +21,6 @@
#include <boost/thread.hpp>
#include <boost/version.hpp>
-#include <openssl/rand.h>
-
using namespace std;
diff --git a/src/qt/paymentrequestplus.cpp b/src/qt/paymentrequestplus.cpp
index 4c1e898020..b69461ad9e 100644
--- a/src/qt/paymentrequestplus.cpp
+++ b/src/qt/paymentrequestplus.cpp
@@ -13,7 +13,6 @@
#include <stdexcept>
-#include <openssl/x509.h>
#include <openssl/x509_vfy.h>
#include <QDateTime>
diff --git a/src/qt/paymentrequestplus.h b/src/qt/paymentrequestplus.h
index fbc3a09265..61f8a3415d 100644
--- a/src/qt/paymentrequestplus.h
+++ b/src/qt/paymentrequestplus.h
@@ -9,6 +9,8 @@
#include "base58.h"
+#include <openssl/x509.h>
+
#include <QByteArray>
#include <QList>
#include <QString>
diff --git a/src/qt/paymentserver.cpp b/src/qt/paymentserver.cpp
index 9aab944f6b..96ceeb18a4 100644
--- a/src/qt/paymentserver.cpp
+++ b/src/qt/paymentserver.cpp
@@ -16,7 +16,6 @@
#include <cstdlib>
-#include <openssl/x509.h>
#include <openssl/x509_vfy.h>
#include <QApplication>
diff --git a/src/random.cpp b/src/random.cpp
index 663456e962..ae25bee1b7 100644
--- a/src/random.cpp
+++ b/src/random.cpp
@@ -5,6 +5,7 @@
#include "random.h"
+#include "support/cleanse.h"
#ifdef WIN32
#include "compat.h" // for Windows API
#endif
@@ -18,7 +19,6 @@
#include <sys/time.h>
#endif
-#include <openssl/crypto.h>
#include <openssl/err.h>
#include <openssl/rand.h>
@@ -40,7 +40,7 @@ void RandAddSeed()
// Seed with CPU performance counter
int64_t nCounter = GetPerformanceCounter();
RAND_add(&nCounter, sizeof(nCounter), 1.5);
- OPENSSL_cleanse((void*)&nCounter, sizeof(nCounter));
+ memory_cleanse((void*)&nCounter, sizeof(nCounter));
}
void RandAddSeedPerfmon()
@@ -70,7 +70,7 @@ void RandAddSeedPerfmon()
RegCloseKey(HKEY_PERFORMANCE_DATA);
if (ret == ERROR_SUCCESS) {
RAND_add(begin_ptr(vData), nSize, nSize / 100.0);
- OPENSSL_cleanse(begin_ptr(vData), nSize);
+ memory_cleanse(begin_ptr(vData), nSize);
LogPrint("rand", "%s: %lu bytes\n", __func__, nSize);
} else {
static bool warned = false; // Warn only once
diff --git a/src/streams.h b/src/streams.h
index bd8568b1af..9999c2341f 100644
--- a/src/streams.h
+++ b/src/streams.h
@@ -16,6 +16,7 @@
#include <map>
#include <set>
#include <stdint.h>
+#include <stdio.h>
#include <string>
#include <string.h>
#include <utility>
diff --git a/src/support/cleanse.cpp b/src/support/cleanse.cpp
new file mode 100644
index 0000000000..a2141b2449
--- /dev/null
+++ b/src/support/cleanse.cpp
@@ -0,0 +1,13 @@
+// Copyright (c) 2009-2010 Satoshi Nakamoto
+// Copyright (c) 2009-2015 The Bitcoin Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#include "cleanse.h"
+
+#include <openssl/crypto.h>
+
+void memory_cleanse(void *ptr, size_t len)
+{
+ OPENSSL_cleanse(ptr, len);
+}
diff --git a/src/support/cleanse.h b/src/support/cleanse.h
new file mode 100644
index 0000000000..3e02aa8fd1
--- /dev/null
+++ b/src/support/cleanse.h
@@ -0,0 +1,13 @@
+// Copyright (c) 2009-2010 Satoshi Nakamoto
+// Copyright (c) 2009-2015 The Bitcoin Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#ifndef BITCOIN_SUPPORT_CLEANSE_H
+#define BITCOIN_SUPPORT_CLEANSE_H
+
+#include <stdlib.h>
+
+void memory_cleanse(void *ptr, size_t len);
+
+#endif // BITCOIN_SUPPORT_CLEANSE_H