diff options
| author | Philip Kaufmann <[email protected]> | 2012-11-08 19:38:49 +0100 |
|---|---|---|
| committer | Luke Dashjr <[email protected]> | 2012-11-12 23:55:22 +0000 |
| commit | ff31f1fa10e2062465520ad8a3ff846c23b7a96f (patch) | |
| tree | 2e74096d2185209048cf1523409d3d7a03ac5ca6 /src/crypter.h | |
| parent | Fixed 100% CPU utilization problem on FreeBSD 9 (diff) | |
| download | discoin-ff31f1fa10e2062465520ad8a3ff846c23b7a96f.tar.xz discoin-ff31f1fa10e2062465520ad8a3ff846c23b7a96f.zip | |
don't use memset() in privacy/security relevant code parts
As memset() can be optimized out by a compiler it should not be used in
privacy/security relevant code parts. OpenSSL provides the safe
OPENSSL_cleanse() function in crypto.h, which perfectly does the job of
clean and overwrite data.
For details see: http://www.viva64.com/en/b/0178/
- change memset() to OPENSSL_cleanse() where appropriate
- change a hard-coded number from netbase.cpp into a sizeof()
Diffstat (limited to 'src/crypter.h')
| -rw-r--r-- | src/crypter.h | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/crypter.h b/src/crypter.h index 0f9ea0217..698027c4f 100644 --- a/src/crypter.h +++ b/src/crypter.h @@ -75,8 +75,8 @@ public: void CleanKey() { - memset(&chKey, 0, sizeof chKey); - memset(&chIV, 0, sizeof chIV); + OPENSSL_cleanse(chKey, sizeof(chKey)); + OPENSSL_cleanse(chIV, sizeof(chIV)); munlock(&chKey, sizeof chKey); munlock(&chIV, sizeof chIV); fKeySet = false; |