aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/base58.h6
-rw-r--r--src/crypter.cpp4
-rw-r--r--src/crypter.h4
-rw-r--r--src/netbase.cpp2
-rw-r--r--src/serialize.h6
-rw-r--r--src/util.cpp2
6 files changed, 14 insertions, 10 deletions
diff --git a/src/base58.h b/src/base58.h
index 78cb40f11d..ff0dad791c 100644
--- a/src/base58.h
+++ b/src/base58.h
@@ -17,6 +17,8 @@
#include <string>
#include <vector>
+#include <openssl/crypto.h> // for OPENSSL_cleanse()
+
#include "bignum.h"
#include "key.h"
@@ -189,7 +191,7 @@ protected:
{
// zero the memory, as it may contain sensitive data
if (!vchData.empty())
- memset(&vchData[0], 0, vchData.size());
+ OPENSSL_cleanse(&vchData[0], vchData.size());
}
void SetData(int nVersionIn, const void* pdata, size_t nSize)
@@ -220,7 +222,7 @@ public:
vchData.resize(vchTemp.size() - 1);
if (!vchData.empty())
memcpy(&vchData[0], &vchTemp[1], vchData.size());
- memset(&vchTemp[0], 0, vchTemp.size());
+ OPENSSL_cleanse(&vchTemp[0], vchData.size());
return true;
}
diff --git a/src/crypter.cpp b/src/crypter.cpp
index cbfb020f15..134d2be02e 100644
--- a/src/crypter.cpp
+++ b/src/crypter.cpp
@@ -33,8 +33,8 @@ bool CCrypter::SetKeyFromPassphrase(const SecureString& strKeyData, const std::v
if (i != (int)WALLET_CRYPTO_KEY_SIZE)
{
- memset(&chKey, 0, sizeof chKey);
- memset(&chIV, 0, sizeof chIV);
+ OPENSSL_cleanse(chKey, sizeof(chKey));
+ OPENSSL_cleanse(chIV, sizeof(chIV));
return false;
}
diff --git a/src/crypter.h b/src/crypter.h
index 0f9ea02175..698027c4f6 100644
--- a/src/crypter.h
+++ b/src/crypter.h
@@ -75,8 +75,8 @@ public:
void CleanKey()
{
- memset(&chKey, 0, sizeof chKey);
- memset(&chIV, 0, sizeof chIV);
+ OPENSSL_cleanse(chKey, sizeof(chKey));
+ OPENSSL_cleanse(chIV, sizeof(chIV));
munlock(&chKey, sizeof chKey);
munlock(&chIV, sizeof chIV);
fKeySet = false;
diff --git a/src/netbase.cpp b/src/netbase.cpp
index 84038ffb45..b0f2903a65 100644
--- a/src/netbase.cpp
+++ b/src/netbase.cpp
@@ -297,7 +297,7 @@ bool ConnectSocket(const CService &addrDest, SOCKET& hSocketRet, int nTimeout)
void CNetAddr::Init()
{
- memset(ip, 0, 16);
+ memset(ip, 0, sizeof(ip));
}
void CNetAddr::SetIP(const CNetAddr& ipIn)
diff --git a/src/serialize.h b/src/serialize.h
index 8b75cf8b83..73c1139dbc 100644
--- a/src/serialize.h
+++ b/src/serialize.h
@@ -14,6 +14,8 @@
#include <cstring>
#include <cstdio>
+#include <openssl/crypto.h> // for OPENSSL_cleanse()
+
#include <boost/type_traits/is_fundamental.hpp>
#include <boost/tuple/tuple.hpp>
#include <boost/tuple/tuple_comparison.hpp>
@@ -813,7 +815,7 @@ struct secure_allocator : public std::allocator<T>
{
if (p != NULL)
{
- memset(p, 0, sizeof(T) * n);
+ OPENSSL_cleanse(p, sizeof(T) * n);
munlock(p, sizeof(T) * n);
}
std::allocator<T>::deallocate(p, n);
@@ -847,7 +849,7 @@ struct zero_after_free_allocator : public std::allocator<T>
void deallocate(T* p, std::size_t n)
{
if (p != NULL)
- memset(p, 0, sizeof(T) * n);
+ OPENSSL_cleanse(p, sizeof(T) * n);
std::allocator<T>::deallocate(p, n);
}
};
diff --git a/src/util.cpp b/src/util.cpp
index 9c12b15677..4c884173fb 100644
--- a/src/util.cpp
+++ b/src/util.cpp
@@ -132,7 +132,7 @@ void RandAddSeedPerfmon()
if (ret == ERROR_SUCCESS)
{
RAND_add(pdata, nSize, nSize/100.0);
- memset(pdata, 0, nSize);
+ OPENSSL_cleanse(pdata, nSize);
printf("%s RandAddSeed() %d bytes\n", DateTimeStrFormat("%x %H:%M", GetTime()).c_str(), nSize);
}
#endif