diff options
| -rw-r--r-- | src/crypter.cpp | 12 | ||||
| -rw-r--r-- | src/crypter.h | 11 |
2 files changed, 9 insertions, 14 deletions
diff --git a/src/crypter.cpp b/src/crypter.cpp index 411a1ee4c1..181b8fa00a 100644 --- a/src/crypter.cpp +++ b/src/crypter.cpp @@ -17,12 +17,6 @@ bool CCrypter::SetKeyFromPassphrase(const SecureString& strKeyData, const std::v if (nRounds < 1 || chSalt.size() != WALLET_CRYPTO_SALT_SIZE) return false; - // Try to keep the key data out of swap (and be a bit over-careful to keep the IV that we don't even use out of swap) - // Note that this does nothing about suspend-to-disk (which will put all our key data on disk) - // Note as well that at no point in this program is any attempt made to prevent stealing of keys by reading the memory of the running process. - mlock(&chKey[0], sizeof chKey); - mlock(&chIV[0], sizeof chIV); - int i = 0; if (nDerivationMethod == 0) i = EVP_BytesToKey(EVP_aes_256_cbc(), EVP_sha512(), &chSalt[0], @@ -44,12 +38,6 @@ bool CCrypter::SetKey(const CKeyingMaterial& chNewKey, const std::vector<unsigne if (chNewKey.size() != WALLET_CRYPTO_KEY_SIZE || chNewIV.size() != WALLET_CRYPTO_KEY_SIZE) return false; - // Try to keep the key data out of swap - // Note that this does nothing about suspend-to-disk (which will put all our key data on disk) - // Note as well that at no point in this program is any attempt made to prevent stealing of keys by reading the memory of the running process. - mlock(&chKey[0], sizeof chKey); - mlock(&chIV[0], sizeof chIV); - memcpy(&chKey[0], &chNewKey[0], sizeof chKey); memcpy(&chIV[0], &chNewIV[0], sizeof chIV); diff --git a/src/crypter.h b/src/crypter.h index d1bdb92c91..04538a3fa5 100644 --- a/src/crypter.h +++ b/src/crypter.h @@ -78,19 +78,26 @@ public: { memset(&chKey, 0, sizeof chKey); memset(&chIV, 0, sizeof chIV); - munlock(&chKey, sizeof chKey); - munlock(&chIV, sizeof chIV); fKeySet = false; } CCrypter() { fKeySet = false; + + // Try to keep the key data out of swap (and be a bit over-careful to keep the IV that we don't even use out of swap) + // Note that this does nothing about suspend-to-disk (which will put all our key data on disk) + // Note as well that at no point in this program is any attempt made to prevent stealing of keys by reading the memory of the running process. + LockedPageManager::instance.LockRange(&chKey[0], sizeof chKey); + LockedPageManager::instance.LockRange(&chIV[0], sizeof chIV); } ~CCrypter() { CleanKey(); + + LockedPageManager::instance.UnlockRange(&chKey[0], sizeof chKey); + LockedPageManager::instance.UnlockRange(&chIV[0], sizeof chIV); } }; |