crypto: secure erase memory #31744

issue embetrix openend this issue on January 28, 2025
  1. embetrix commented at 8:01 am on January 28, 2025: none

    Is there an existing issue for this?

    • I have searched the existing issues

    Current behaviour

    In AES256Encrypt::~AES256Encrypt(): https://github.com/bitcoin/bitcoin/blob/master/src/crypto/aes.cpp#L20 and AES256Decrypt::~AES256Decrypt(): https://github.com/bitcoin/bitcoin/blob/master/src/crypto/aes.cpp#L35

    memset is used to reset the ctx and key, this is not secure and can be optimized out by the compiler:

    https://www.cryptologie.net/article/419/zeroing-memory-compiler-optimizations-and-memset_s/

    Instead use secure erase primitives such as OPENSSL_cleanse: https://github.com/openssl/openssl/blob/master/crypto/mem_clr.c

    Expected behaviour

    memset should be avoided to reset the ctx and key,

    Steps to reproduce

    NA

    Relevant log output

    No response

    How did you obtain Bitcoin Core

    Compiled from source

    What version of Bitcoin Core are you using?

    master

    Operating system and version

    Linux

    Machine specifications

    No response

  2. davidgumberg commented at 9:43 pm on January 31, 2025: contributor
    Thanks for reporting, I’ve opened #31774 to address this.

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2025-02-07 15:12 UTC

This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me