mirror of
https://github.com/dashpay/dash.git
synced 2024-12-27 04:52:59 +01:00
Make CCrypter use LockedPageManager to manage locked pages
Replace direct calls to mlock. Also, change the class to lock the memory areas in the constructor and unlock them again in the destructor. This makes sure that locked pages won't leak.
This commit is contained in:
parent
e95568b78d
commit
0b886ad1bd
@ -17,12 +17,6 @@ bool CCrypter::SetKeyFromPassphrase(const SecureString& strKeyData, const std::v
|
|||||||
if (nRounds < 1 || chSalt.size() != WALLET_CRYPTO_SALT_SIZE)
|
if (nRounds < 1 || chSalt.size() != WALLET_CRYPTO_SALT_SIZE)
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
// Try to keep the key data out of swap (and be a bit over-careful to keep the IV that we don't even use out of swap)
|
|
||||||
// Note that this does nothing about suspend-to-disk (which will put all our key data on disk)
|
|
||||||
// Note as well that at no point in this program is any attempt made to prevent stealing of keys by reading the memory of the running process.
|
|
||||||
mlock(&chKey[0], sizeof chKey);
|
|
||||||
mlock(&chIV[0], sizeof chIV);
|
|
||||||
|
|
||||||
int i = 0;
|
int i = 0;
|
||||||
if (nDerivationMethod == 0)
|
if (nDerivationMethod == 0)
|
||||||
i = EVP_BytesToKey(EVP_aes_256_cbc(), EVP_sha512(), &chSalt[0],
|
i = EVP_BytesToKey(EVP_aes_256_cbc(), EVP_sha512(), &chSalt[0],
|
||||||
@ -44,12 +38,6 @@ bool CCrypter::SetKey(const CKeyingMaterial& chNewKey, const std::vector<unsigne
|
|||||||
if (chNewKey.size() != WALLET_CRYPTO_KEY_SIZE || chNewIV.size() != WALLET_CRYPTO_KEY_SIZE)
|
if (chNewKey.size() != WALLET_CRYPTO_KEY_SIZE || chNewIV.size() != WALLET_CRYPTO_KEY_SIZE)
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
// Try to keep the key data out of swap
|
|
||||||
// Note that this does nothing about suspend-to-disk (which will put all our key data on disk)
|
|
||||||
// Note as well that at no point in this program is any attempt made to prevent stealing of keys by reading the memory of the running process.
|
|
||||||
mlock(&chKey[0], sizeof chKey);
|
|
||||||
mlock(&chIV[0], sizeof chIV);
|
|
||||||
|
|
||||||
memcpy(&chKey[0], &chNewKey[0], sizeof chKey);
|
memcpy(&chKey[0], &chNewKey[0], sizeof chKey);
|
||||||
memcpy(&chIV[0], &chNewIV[0], sizeof chIV);
|
memcpy(&chIV[0], &chNewIV[0], sizeof chIV);
|
||||||
|
|
||||||
|
@ -78,19 +78,26 @@ public:
|
|||||||
{
|
{
|
||||||
memset(&chKey, 0, sizeof chKey);
|
memset(&chKey, 0, sizeof chKey);
|
||||||
memset(&chIV, 0, sizeof chIV);
|
memset(&chIV, 0, sizeof chIV);
|
||||||
munlock(&chKey, sizeof chKey);
|
|
||||||
munlock(&chIV, sizeof chIV);
|
|
||||||
fKeySet = false;
|
fKeySet = false;
|
||||||
}
|
}
|
||||||
|
|
||||||
CCrypter()
|
CCrypter()
|
||||||
{
|
{
|
||||||
fKeySet = false;
|
fKeySet = false;
|
||||||
|
|
||||||
|
// Try to keep the key data out of swap (and be a bit over-careful to keep the IV that we don't even use out of swap)
|
||||||
|
// Note that this does nothing about suspend-to-disk (which will put all our key data on disk)
|
||||||
|
// Note as well that at no point in this program is any attempt made to prevent stealing of keys by reading the memory of the running process.
|
||||||
|
LockedPageManager::instance.LockRange(&chKey[0], sizeof chKey);
|
||||||
|
LockedPageManager::instance.LockRange(&chIV[0], sizeof chIV);
|
||||||
}
|
}
|
||||||
|
|
||||||
~CCrypter()
|
~CCrypter()
|
||||||
{
|
{
|
||||||
CleanKey();
|
CleanKey();
|
||||||
|
|
||||||
|
LockedPageManager::instance.UnlockRange(&chKey[0], sizeof chKey);
|
||||||
|
LockedPageManager::instance.UnlockRange(&chIV[0], sizeof chIV);
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user