aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/crypter.cpp12
-rw-r--r--src/crypter.h11
2 files changed, 9 insertions, 14 deletions
diff --git a/src/crypter.cpp b/src/crypter.cpp
index 411a1ee4c1..181b8fa00a 100644
--- a/src/crypter.cpp
+++ b/src/crypter.cpp
@@ -17,12 +17,6 @@ bool CCrypter::SetKeyFromPassphrase(const SecureString& strKeyData, const std::v
if (nRounds < 1 || chSalt.size() != WALLET_CRYPTO_SALT_SIZE)
return false;
- // Try to keep the key data out of swap (and be a bit over-careful to keep the IV that we don't even use out of swap)
- // Note that this does nothing about suspend-to-disk (which will put all our key data on disk)
- // Note as well that at no point in this program is any attempt made to prevent stealing of keys by reading the memory of the running process.
- mlock(&chKey[0], sizeof chKey);
- mlock(&chIV[0], sizeof chIV);
-
int i = 0;
if (nDerivationMethod == 0)
i = EVP_BytesToKey(EVP_aes_256_cbc(), EVP_sha512(), &chSalt[0],
@@ -44,12 +38,6 @@ bool CCrypter::SetKey(const CKeyingMaterial& chNewKey, const std::vector<unsigne
if (chNewKey.size() != WALLET_CRYPTO_KEY_SIZE || chNewIV.size() != WALLET_CRYPTO_KEY_SIZE)
return false;
- // Try to keep the key data out of swap
- // Note that this does nothing about suspend-to-disk (which will put all our key data on disk)
- // Note as well that at no point in this program is any attempt made to prevent stealing of keys by reading the memory of the running process.
- mlock(&chKey[0], sizeof chKey);
- mlock(&chIV[0], sizeof chIV);
-
memcpy(&chKey[0], &chNewKey[0], sizeof chKey);
memcpy(&chIV[0], &chNewIV[0], sizeof chIV);
diff --git a/src/crypter.h b/src/crypter.h
index d1bdb92c91..04538a3fa5 100644
--- a/src/crypter.h
+++ b/src/crypter.h
@@ -78,19 +78,26 @@ public:
{
memset(&chKey, 0, sizeof chKey);
memset(&chIV, 0, sizeof chIV);
- munlock(&chKey, sizeof chKey);
- munlock(&chIV, sizeof chIV);
fKeySet = false;
}
CCrypter()
{
fKeySet = false;
+
+ // Try to keep the key data out of swap (and be a bit over-careful to keep the IV that we don't even use out of swap)
+ // Note that this does nothing about suspend-to-disk (which will put all our key data on disk)
+ // Note as well that at no point in this program is any attempt made to prevent stealing of keys by reading the memory of the running process.
+ LockedPageManager::instance.LockRange(&chKey[0], sizeof chKey);
+ LockedPageManager::instance.LockRange(&chIV[0], sizeof chIV);
}
~CCrypter()
{
CleanKey();
+
+ LockedPageManager::instance.UnlockRange(&chKey[0], sizeof chKey);
+ LockedPageManager::instance.UnlockRange(&chIV[0], sizeof chIV);
}
};