diff options
author | Cory Fields <cory-nospam-@coryfields.com> | 2015-01-20 19:23:25 -0500 |
---|---|---|
committer | Cory Fields <cory-nospam-@coryfields.com> | 2015-02-15 11:34:02 -0500 |
commit | 1630219d906f592c9258bfe2a0e0c4923df35782 (patch) | |
tree | 02b0ed9574290873f88bd0ebc1bd0a224c98e5b1 /src | |
parent | a9565863e09a32729bd6ce33f31889099b3d75cb (diff) |
openssl: abstract out OPENSSL_cleanse
This makes it easier for us to replace it if desired, since it's now only in
one spot. Also, it avoids the openssl include from allocators.h, which
essentially forced openssl to be included from every compilation unit.
Diffstat (limited to 'src')
-rw-r--r-- | src/Makefile.am | 2 | ||||
-rw-r--r-- | src/allocators.h | 10 | ||||
-rw-r--r-- | src/base58.cpp | 2 | ||||
-rw-r--r-- | src/crypter.cpp | 4 | ||||
-rw-r--r-- | src/crypter.h | 4 | ||||
-rw-r--r-- | src/db.cpp | 2 | ||||
-rw-r--r-- | src/qt/paymentrequestplus.cpp | 1 | ||||
-rw-r--r-- | src/qt/paymentrequestplus.h | 2 | ||||
-rw-r--r-- | src/qt/paymentserver.cpp | 1 | ||||
-rw-r--r-- | src/random.cpp | 6 | ||||
-rw-r--r-- | src/streams.h | 1 | ||||
-rw-r--r-- | src/support/cleanse.cpp | 13 | ||||
-rw-r--r-- | src/support/cleanse.h | 13 |
13 files changed, 44 insertions, 17 deletions
diff --git a/src/Makefile.am b/src/Makefile.am index 009c3c5196..7644f6b325 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -123,6 +123,7 @@ BITCOIN_CORE_H = \ script/standard.h \ serialize.h \ streams.h \ + support/cleanse.h \ sync.h \ threadsafety.h \ timedata.h \ @@ -268,6 +269,7 @@ libbitcoin_util_a_SOURCES = \ compat/strnlen.cpp \ random.cpp \ rpcprotocol.cpp \ + support/cleanse.cpp \ sync.cpp \ uint256.cpp \ util.cpp \ diff --git a/src/allocators.h b/src/allocators.h index 6a131c3517..8ffe015b9e 100644 --- a/src/allocators.h +++ b/src/allocators.h @@ -6,6 +6,8 @@ #ifndef BITCOIN_ALLOCATORS_H #define BITCOIN_ALLOCATORS_H +#include "support/cleanse.h" + #include <map> #include <string> #include <string.h> @@ -14,8 +16,6 @@ #include <boost/thread/mutex.hpp> #include <boost/thread/once.hpp> -#include <openssl/crypto.h> // for OPENSSL_cleanse() - /** * Thread-safe class to keep track of locked (ie, non-swappable) memory pages. * @@ -174,7 +174,7 @@ void LockObject(const T& t) template <typename T> void UnlockObject(const T& t) { - OPENSSL_cleanse((void*)(&t), sizeof(T)); + memory_cleanse((void*)(&t), sizeof(T)); LockedPageManager::Instance().UnlockRange((void*)(&t), sizeof(T)); } @@ -217,7 +217,7 @@ struct secure_allocator : public std::allocator<T> { void deallocate(T* p, std::size_t n) { if (p != NULL) { - OPENSSL_cleanse(p, sizeof(T) * n); + memory_cleanse(p, sizeof(T) * n); LockedPageManager::Instance().UnlockRange(p, sizeof(T) * n); } std::allocator<T>::deallocate(p, n); @@ -254,7 +254,7 @@ struct zero_after_free_allocator : public std::allocator<T> { void deallocate(T* p, std::size_t n) { if (p != NULL) - OPENSSL_cleanse(p, sizeof(T) * n); + memory_cleanse(p, sizeof(T) * n); std::allocator<T>::deallocate(p, n); } }; diff --git a/src/base58.cpp b/src/base58.cpp index 980d3cbf42..c809185056 100644 --- a/src/base58.cpp +++ b/src/base58.cpp @@ -172,7 +172,7 @@ bool CBase58Data::SetString(const char* psz, unsigned int nVersionBytes) vchData.resize(vchTemp.size() - nVersionBytes); if (!vchData.empty()) memcpy(&vchData[0], &vchTemp[nVersionBytes], vchData.size()); - OPENSSL_cleanse(&vchTemp[0], vchData.size()); + memory_cleanse(&vchTemp[0], vchData.size()); return true; } diff --git a/src/crypter.cpp b/src/crypter.cpp index 75d84dbf13..c7f7e21679 100644 --- a/src/crypter.cpp +++ b/src/crypter.cpp @@ -26,8 +26,8 @@ bool CCrypter::SetKeyFromPassphrase(const SecureString& strKeyData, const std::v if (i != (int)WALLET_CRYPTO_KEY_SIZE) { - OPENSSL_cleanse(chKey, sizeof(chKey)); - OPENSSL_cleanse(chIV, sizeof(chIV)); + memory_cleanse(chKey, sizeof(chKey)); + memory_cleanse(chIV, sizeof(chIV)); return false; } diff --git a/src/crypter.h b/src/crypter.h index cbaf1562f0..8a91498e2e 100644 --- a/src/crypter.h +++ b/src/crypter.h @@ -82,8 +82,8 @@ public: void CleanKey() { - OPENSSL_cleanse(chKey, sizeof(chKey)); - OPENSSL_cleanse(chIV, sizeof(chIV)); + memory_cleanse(chKey, sizeof(chKey)); + memory_cleanse(chIV, sizeof(chIV)); fKeySet = false; } diff --git a/src/db.cpp b/src/db.cpp index a7f885135b..3246e4b67a 100644 --- a/src/db.cpp +++ b/src/db.cpp @@ -21,8 +21,6 @@ #include <boost/thread.hpp> #include <boost/version.hpp> -#include <openssl/rand.h> - using namespace std; diff --git a/src/qt/paymentrequestplus.cpp b/src/qt/paymentrequestplus.cpp index 4c1e898020..b69461ad9e 100644 --- a/src/qt/paymentrequestplus.cpp +++ b/src/qt/paymentrequestplus.cpp @@ -13,7 +13,6 @@ #include <stdexcept> -#include <openssl/x509.h> #include <openssl/x509_vfy.h> #include <QDateTime> diff --git a/src/qt/paymentrequestplus.h b/src/qt/paymentrequestplus.h index fbc3a09265..61f8a3415d 100644 --- a/src/qt/paymentrequestplus.h +++ b/src/qt/paymentrequestplus.h @@ -9,6 +9,8 @@ #include "base58.h" +#include <openssl/x509.h> + #include <QByteArray> #include <QList> #include <QString> diff --git a/src/qt/paymentserver.cpp b/src/qt/paymentserver.cpp index 9aab944f6b..96ceeb18a4 100644 --- a/src/qt/paymentserver.cpp +++ b/src/qt/paymentserver.cpp @@ -16,7 +16,6 @@ #include <cstdlib> -#include <openssl/x509.h> #include <openssl/x509_vfy.h> #include <QApplication> diff --git a/src/random.cpp b/src/random.cpp index 663456e962..ae25bee1b7 100644 --- a/src/random.cpp +++ b/src/random.cpp @@ -5,6 +5,7 @@ #include "random.h" +#include "support/cleanse.h" #ifdef WIN32 #include "compat.h" // for Windows API #endif @@ -18,7 +19,6 @@ #include <sys/time.h> #endif -#include <openssl/crypto.h> #include <openssl/err.h> #include <openssl/rand.h> @@ -40,7 +40,7 @@ void RandAddSeed() // Seed with CPU performance counter int64_t nCounter = GetPerformanceCounter(); RAND_add(&nCounter, sizeof(nCounter), 1.5); - OPENSSL_cleanse((void*)&nCounter, sizeof(nCounter)); + memory_cleanse((void*)&nCounter, sizeof(nCounter)); } void RandAddSeedPerfmon() @@ -70,7 +70,7 @@ void RandAddSeedPerfmon() RegCloseKey(HKEY_PERFORMANCE_DATA); if (ret == ERROR_SUCCESS) { RAND_add(begin_ptr(vData), nSize, nSize / 100.0); - OPENSSL_cleanse(begin_ptr(vData), nSize); + memory_cleanse(begin_ptr(vData), nSize); LogPrint("rand", "%s: %lu bytes\n", __func__, nSize); } else { static bool warned = false; // Warn only once diff --git a/src/streams.h b/src/streams.h index bd8568b1af..9999c2341f 100644 --- a/src/streams.h +++ b/src/streams.h @@ -16,6 +16,7 @@ #include <map> #include <set> #include <stdint.h> +#include <stdio.h> #include <string> #include <string.h> #include <utility> diff --git a/src/support/cleanse.cpp b/src/support/cleanse.cpp new file mode 100644 index 0000000000..a2141b2449 --- /dev/null +++ b/src/support/cleanse.cpp @@ -0,0 +1,13 @@ +// Copyright (c) 2009-2010 Satoshi Nakamoto +// Copyright (c) 2009-2015 The Bitcoin Core developers +// Distributed under the MIT software license, see the accompanying +// file COPYING or http://www.opensource.org/licenses/mit-license.php. + +#include "cleanse.h" + +#include <openssl/crypto.h> + +void memory_cleanse(void *ptr, size_t len) +{ + OPENSSL_cleanse(ptr, len); +} diff --git a/src/support/cleanse.h b/src/support/cleanse.h new file mode 100644 index 0000000000..3e02aa8fd1 --- /dev/null +++ b/src/support/cleanse.h @@ -0,0 +1,13 @@ +// Copyright (c) 2009-2010 Satoshi Nakamoto +// Copyright (c) 2009-2015 The Bitcoin Core developers +// Distributed under the MIT software license, see the accompanying +// file COPYING or http://www.opensource.org/licenses/mit-license.php. + +#ifndef BITCOIN_SUPPORT_CLEANSE_H +#define BITCOIN_SUPPORT_CLEANSE_H + +#include <stdlib.h> + +void memory_cleanse(void *ptr, size_t len); + +#endif // BITCOIN_SUPPORT_CLEANSE_H |