diff options
author | Wladimir J. van der Laan <laanwj@gmail.com> | 2015-02-19 12:00:17 +0100 |
---|---|---|
committer | Wladimir J. van der Laan <laanwj@gmail.com> | 2015-02-19 12:09:26 +0100 |
commit | 07f4386b387caddd82502d575cc9dba80b81d9f2 (patch) | |
tree | 65727039c39354977ca8b9007ed9e395cb089586 | |
parent | ea98509fa5f76fac581a1d016c42c2407065e48d (diff) | |
parent | 1630219d906f592c9258bfe2a0e0c4923df35782 (diff) |
Merge #5689: openssl: abstract out OPENSSL_cleanse
1630219 openssl: abstract out OPENSSL_cleanse (Cory Fields)
-rw-r--r-- | src/Makefile.am | 2 | ||||
-rw-r--r-- | src/allocators.h | 10 | ||||
-rw-r--r-- | src/base58.cpp | 2 | ||||
-rw-r--r-- | src/crypter.cpp | 4 | ||||
-rw-r--r-- | src/crypter.h | 4 | ||||
-rw-r--r-- | src/db.cpp | 2 | ||||
-rw-r--r-- | src/qt/paymentrequestplus.cpp | 1 | ||||
-rw-r--r-- | src/qt/paymentrequestplus.h | 2 | ||||
-rw-r--r-- | src/qt/paymentserver.cpp | 1 | ||||
-rw-r--r-- | src/random.cpp | 6 | ||||
-rw-r--r-- | src/streams.h | 1 | ||||
-rw-r--r-- | src/support/cleanse.cpp | 13 | ||||
-rw-r--r-- | src/support/cleanse.h | 13 |
13 files changed, 44 insertions, 17 deletions
diff --git a/src/Makefile.am b/src/Makefile.am index 009c3c5196..7644f6b325 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -123,6 +123,7 @@ BITCOIN_CORE_H = \ script/standard.h \ serialize.h \ streams.h \ + support/cleanse.h \ sync.h \ threadsafety.h \ timedata.h \ @@ -268,6 +269,7 @@ libbitcoin_util_a_SOURCES = \ compat/strnlen.cpp \ random.cpp \ rpcprotocol.cpp \ + support/cleanse.cpp \ sync.cpp \ uint256.cpp \ util.cpp \ diff --git a/src/allocators.h b/src/allocators.h index 6a131c3517..8ffe015b9e 100644 --- a/src/allocators.h +++ b/src/allocators.h @@ -6,6 +6,8 @@ #ifndef BITCOIN_ALLOCATORS_H #define BITCOIN_ALLOCATORS_H +#include "support/cleanse.h" + #include <map> #include <string> #include <string.h> @@ -14,8 +16,6 @@ #include <boost/thread/mutex.hpp> #include <boost/thread/once.hpp> -#include <openssl/crypto.h> // for OPENSSL_cleanse() - /** * Thread-safe class to keep track of locked (ie, non-swappable) memory pages. * @@ -174,7 +174,7 @@ void LockObject(const T& t) template <typename T> void UnlockObject(const T& t) { - OPENSSL_cleanse((void*)(&t), sizeof(T)); + memory_cleanse((void*)(&t), sizeof(T)); LockedPageManager::Instance().UnlockRange((void*)(&t), sizeof(T)); } @@ -217,7 +217,7 @@ struct secure_allocator : public std::allocator<T> { void deallocate(T* p, std::size_t n) { if (p != NULL) { - OPENSSL_cleanse(p, sizeof(T) * n); + memory_cleanse(p, sizeof(T) * n); LockedPageManager::Instance().UnlockRange(p, sizeof(T) * n); } std::allocator<T>::deallocate(p, n); @@ -254,7 +254,7 @@ struct zero_after_free_allocator : public std::allocator<T> { void deallocate(T* p, std::size_t n) { if (p != NULL) - OPENSSL_cleanse(p, sizeof(T) * n); + memory_cleanse(p, sizeof(T) * n); std::allocator<T>::deallocate(p, n); } }; diff --git a/src/base58.cpp b/src/base58.cpp index 980d3cbf42..c809185056 100644 --- a/src/base58.cpp +++ b/src/base58.cpp @@ -172,7 +172,7 @@ bool CBase58Data::SetString(const char* psz, unsigned int nVersionBytes) vchData.resize(vchTemp.size() - nVersionBytes); if (!vchData.empty()) memcpy(&vchData[0], &vchTemp[nVersionBytes], vchData.size()); - OPENSSL_cleanse(&vchTemp[0], vchData.size()); + memory_cleanse(&vchTemp[0], vchData.size()); return true; } diff --git a/src/crypter.cpp b/src/crypter.cpp index 75d84dbf13..c7f7e21679 100644 --- a/src/crypter.cpp +++ b/src/crypter.cpp @@ -26,8 +26,8 @@ bool CCrypter::SetKeyFromPassphrase(const SecureString& strKeyData, const std::v if (i != (int)WALLET_CRYPTO_KEY_SIZE) { - OPENSSL_cleanse(chKey, sizeof(chKey)); - OPENSSL_cleanse(chIV, sizeof(chIV)); + memory_cleanse(chKey, sizeof(chKey)); + memory_cleanse(chIV, sizeof(chIV)); return false; } diff --git a/src/crypter.h b/src/crypter.h index cbaf1562f0..8a91498e2e 100644 --- a/src/crypter.h +++ b/src/crypter.h @@ -82,8 +82,8 @@ public: void CleanKey() { - OPENSSL_cleanse(chKey, sizeof(chKey)); - OPENSSL_cleanse(chIV, sizeof(chIV)); + memory_cleanse(chKey, sizeof(chKey)); + memory_cleanse(chIV, sizeof(chIV)); fKeySet = false; } diff --git a/src/db.cpp b/src/db.cpp index a7f885135b..3246e4b67a 100644 --- a/src/db.cpp +++ b/src/db.cpp @@ -21,8 +21,6 @@ #include <boost/thread.hpp> #include <boost/version.hpp> -#include <openssl/rand.h> - using namespace std; diff --git a/src/qt/paymentrequestplus.cpp b/src/qt/paymentrequestplus.cpp index 4c1e898020..b69461ad9e 100644 --- a/src/qt/paymentrequestplus.cpp +++ b/src/qt/paymentrequestplus.cpp @@ -13,7 +13,6 @@ #include <stdexcept> -#include <openssl/x509.h> #include <openssl/x509_vfy.h> #include <QDateTime> diff --git a/src/qt/paymentrequestplus.h b/src/qt/paymentrequestplus.h index fbc3a09265..61f8a3415d 100644 --- a/src/qt/paymentrequestplus.h +++ b/src/qt/paymentrequestplus.h @@ -9,6 +9,8 @@ #include "base58.h" +#include <openssl/x509.h> + #include <QByteArray> #include <QList> #include <QString> diff --git a/src/qt/paymentserver.cpp b/src/qt/paymentserver.cpp index 9aab944f6b..96ceeb18a4 100644 --- a/src/qt/paymentserver.cpp +++ b/src/qt/paymentserver.cpp @@ -16,7 +16,6 @@ #include <cstdlib> -#include <openssl/x509.h> #include <openssl/x509_vfy.h> #include <QApplication> diff --git a/src/random.cpp b/src/random.cpp index 663456e962..ae25bee1b7 100644 --- a/src/random.cpp +++ b/src/random.cpp @@ -5,6 +5,7 @@ #include "random.h" +#include "support/cleanse.h" #ifdef WIN32 #include "compat.h" // for Windows API #endif @@ -18,7 +19,6 @@ #include <sys/time.h> #endif -#include <openssl/crypto.h> #include <openssl/err.h> #include <openssl/rand.h> @@ -40,7 +40,7 @@ void RandAddSeed() // Seed with CPU performance counter int64_t nCounter = GetPerformanceCounter(); RAND_add(&nCounter, sizeof(nCounter), 1.5); - OPENSSL_cleanse((void*)&nCounter, sizeof(nCounter)); + memory_cleanse((void*)&nCounter, sizeof(nCounter)); } void RandAddSeedPerfmon() @@ -70,7 +70,7 @@ void RandAddSeedPerfmon() RegCloseKey(HKEY_PERFORMANCE_DATA); if (ret == ERROR_SUCCESS) { RAND_add(begin_ptr(vData), nSize, nSize / 100.0); - OPENSSL_cleanse(begin_ptr(vData), nSize); + memory_cleanse(begin_ptr(vData), nSize); LogPrint("rand", "%s: %lu bytes\n", __func__, nSize); } else { static bool warned = false; // Warn only once diff --git a/src/streams.h b/src/streams.h index bd8568b1af..9999c2341f 100644 --- a/src/streams.h +++ b/src/streams.h @@ -16,6 +16,7 @@ #include <map> #include <set> #include <stdint.h> +#include <stdio.h> #include <string> #include <string.h> #include <utility> diff --git a/src/support/cleanse.cpp b/src/support/cleanse.cpp new file mode 100644 index 0000000000..a2141b2449 --- /dev/null +++ b/src/support/cleanse.cpp @@ -0,0 +1,13 @@ +// Copyright (c) 2009-2010 Satoshi Nakamoto +// Copyright (c) 2009-2015 The Bitcoin Core developers +// Distributed under the MIT software license, see the accompanying +// file COPYING or http://www.opensource.org/licenses/mit-license.php. + +#include "cleanse.h" + +#include <openssl/crypto.h> + +void memory_cleanse(void *ptr, size_t len) +{ + OPENSSL_cleanse(ptr, len); +} diff --git a/src/support/cleanse.h b/src/support/cleanse.h new file mode 100644 index 0000000000..3e02aa8fd1 --- /dev/null +++ b/src/support/cleanse.h @@ -0,0 +1,13 @@ +// Copyright (c) 2009-2010 Satoshi Nakamoto +// Copyright (c) 2009-2015 The Bitcoin Core developers +// Distributed under the MIT software license, see the accompanying +// file COPYING or http://www.opensource.org/licenses/mit-license.php. + +#ifndef BITCOIN_SUPPORT_CLEANSE_H +#define BITCOIN_SUPPORT_CLEANSE_H + +#include <stdlib.h> + +void memory_cleanse(void *ptr, size_t len); + +#endif // BITCOIN_SUPPORT_CLEANSE_H |