From ff31f1fa10e2062465520ad8a3ff846c23b7a96f Mon Sep 17 00:00:00 2001 From: Philip Kaufmann Date: Thu, 8 Nov 2012 19:38:49 +0100 Subject: don't use memset() in privacy/security relevant code parts As memset() can be optimized out by a compiler it should not be used in privacy/security relevant code parts. OpenSSL provides the safe OPENSSL_cleanse() function in crypto.h, which perfectly does the job of clean and overwrite data. For details see: http://www.viva64.com/en/b/0178/ - change memset() to OPENSSL_cleanse() where appropriate - change a hard-coded number from netbase.cpp into a sizeof() --- src/base58.h | 6 ++++-- src/crypter.cpp | 4 ++-- src/crypter.h | 4 ++-- src/netbase.cpp | 2 +- src/serialize.h | 6 ++++-- src/util.cpp | 2 +- 6 files changed, 14 insertions(+), 10 deletions(-) (limited to 'src') diff --git a/src/base58.h b/src/base58.h index 78cb40f11d..ff0dad791c 100644 --- a/src/base58.h +++ b/src/base58.h @@ -17,6 +17,8 @@ #include #include +#include // for OPENSSL_cleanse() + #include "bignum.h" #include "key.h" @@ -189,7 +191,7 @@ protected: { // zero the memory, as it may contain sensitive data if (!vchData.empty()) - memset(&vchData[0], 0, vchData.size()); + OPENSSL_cleanse(&vchData[0], vchData.size()); } void SetData(int nVersionIn, const void* pdata, size_t nSize) @@ -220,7 +222,7 @@ public: vchData.resize(vchTemp.size() - 1); if (!vchData.empty()) memcpy(&vchData[0], &vchTemp[1], vchData.size()); - memset(&vchTemp[0], 0, vchTemp.size()); + OPENSSL_cleanse(&vchTemp[0], vchData.size()); return true; } diff --git a/src/crypter.cpp b/src/crypter.cpp index cbfb020f15..134d2be02e 100644 --- a/src/crypter.cpp +++ b/src/crypter.cpp @@ -33,8 +33,8 @@ bool CCrypter::SetKeyFromPassphrase(const SecureString& strKeyData, const std::v if (i != (int)WALLET_CRYPTO_KEY_SIZE) { - memset(&chKey, 0, sizeof chKey); - memset(&chIV, 0, sizeof chIV); + OPENSSL_cleanse(chKey, sizeof(chKey)); + OPENSSL_cleanse(chIV, sizeof(chIV)); return false; } diff --git a/src/crypter.h b/src/crypter.h index 0f9ea02175..698027c4f6 100644 --- a/src/crypter.h +++ b/src/crypter.h @@ -75,8 +75,8 @@ public: void CleanKey() { - memset(&chKey, 0, sizeof chKey); - memset(&chIV, 0, sizeof chIV); + OPENSSL_cleanse(chKey, sizeof(chKey)); + OPENSSL_cleanse(chIV, sizeof(chIV)); munlock(&chKey, sizeof chKey); munlock(&chIV, sizeof chIV); fKeySet = false; diff --git a/src/netbase.cpp b/src/netbase.cpp index 84038ffb45..b0f2903a65 100644 --- a/src/netbase.cpp +++ b/src/netbase.cpp @@ -297,7 +297,7 @@ bool ConnectSocket(const CService &addrDest, SOCKET& hSocketRet, int nTimeout) void CNetAddr::Init() { - memset(ip, 0, 16); + memset(ip, 0, sizeof(ip)); } void CNetAddr::SetIP(const CNetAddr& ipIn) diff --git a/src/serialize.h b/src/serialize.h index 8b75cf8b83..73c1139dbc 100644 --- a/src/serialize.h +++ b/src/serialize.h @@ -14,6 +14,8 @@ #include #include +#include // for OPENSSL_cleanse() + #include #include #include @@ -813,7 +815,7 @@ struct secure_allocator : public std::allocator { if (p != NULL) { - memset(p, 0, sizeof(T) * n); + OPENSSL_cleanse(p, sizeof(T) * n); munlock(p, sizeof(T) * n); } std::allocator::deallocate(p, n); @@ -847,7 +849,7 @@ struct zero_after_free_allocator : public std::allocator void deallocate(T* p, std::size_t n) { if (p != NULL) - memset(p, 0, sizeof(T) * n); + OPENSSL_cleanse(p, sizeof(T) * n); std::allocator::deallocate(p, n); } }; diff --git a/src/util.cpp b/src/util.cpp index 9c12b15677..4c884173fb 100644 --- a/src/util.cpp +++ b/src/util.cpp @@ -132,7 +132,7 @@ void RandAddSeedPerfmon() if (ret == ERROR_SUCCESS) { RAND_add(pdata, nSize, nSize/100.0); - memset(pdata, 0, nSize); + OPENSSL_cleanse(pdata, nSize); printf("%s RandAddSeed() %d bytes\n", DateTimeStrFormat("%x %H:%M", GetTime()).c_str(), nSize); } #endif -- cgit v1.2.3