don't use memset() in privacy/security relevant code parts
0f8a6477825fUnpublished
Actions

Unpublished Commit · Learn More

Repository Importing: This repository is still importing.

Description

don't use memset() in privacy/security relevant code parts

As memset() can be optimized out by a compiler it should not be used in
privacy/security relevant code parts. OpenSSL provides the safe
OPENSSL_cleanse() function in crypto.h, which perfectly does the job of
clean and overwrite data.

For details see: http://www.viva64.com/en/b/0178/

change memset() to OPENSSL_cleanse() where appropriate
change a hard-coded number from netbase.cpp into a sizeof()

Details

Provenance

Philip Kaufmann <phil.kaufmann@t-online.de>	Authored on Nov 8 2012, 18:38
deadalnix	Pushed on May 14 2017, 22:04

Parents

rABC16d9d61f99c2: Merge pull request #1981 from sipa/caches

Branches

Unknown

Tags

Unknown

Event Timeline

Philip Kaufmann <phil.kaufmann@t-online.de> committed rABC0f8a6477825f: don't use memset() in privacy/security relevant code parts (authored by Philip Kaufmann <phil.kaufmann@t-online.de>).Nov 9 2012, 11:53

Changes (6)

Path

Size

src/

rABC0f8a6477825f

View Options

src/allocators.h

View Options

src/base58.h

View Options

src/crypter.cpp

View Options

src/crypter.h

View Options

src/netbase.cpp

View Options

don't use memset() in privacy/security relevant code parts0f8a6477825fUnpublishedActions

Unpublished Commit · Learn More

Description

Details

Event Timeline

Changes (6)

rABC0f8a6477825f

src/allocators.h

src/base58.h

src/crypter.cpp

src/crypter.h

src/netbase.cpp

src/util.cpp

don't use memset() in privacy/security relevant code parts
0f8a6477825fUnpublished
Actions