diff options
| author | Philip Kaufmann <phil.kaufmann@t-online.de> | 2012-11-08 19:38:49 +0100 |
|---|---|---|
| committer | Philip Kaufmann <phil.kaufmann@t-online.de> | 2012-11-09 12:53:53 +0100 |
| commit | 0f8a6477825fbaad0d37233bdd3011d748f607ab (patch) | |
| tree | e4ef0256d9b5bccac47b3e9c901960d403bbdcbe /src/util.cpp | |
| parent | 16d9d61f99c2e081585e6634d25da3523804eabf (diff) | |
| download | bitcoin-0f8a6477825fbaad0d37233bdd3011d748f607ab.tar.xz | |
don't use memset() in privacy/security relevant code parts
As memset() can be optimized out by a compiler it should not be used in
privacy/security relevant code parts. OpenSSL provides the safe
OPENSSL_cleanse() function in crypto.h, which perfectly does the job of
clean and overwrite data.
For details see: http://www.viva64.com/en/b/0178/
- change memset() to OPENSSL_cleanse() where appropriate
- change a hard-coded number from netbase.cpp into a sizeof()
Diffstat (limited to 'src/util.cpp')
| -rw-r--r-- | src/util.cpp | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/util.cpp b/src/util.cpp index 9162886450..03014a5da0 100644 --- a/src/util.cpp +++ b/src/util.cpp @@ -156,7 +156,7 @@ void RandAddSeedPerfmon() if (ret == ERROR_SUCCESS) { RAND_add(pdata, nSize, nSize/100.0); - memset(pdata, 0, nSize); + OPENSSL_cleanse(pdata, nSize); printf("RandAddSeed() %lu bytes\n", nSize); } #endif |