Fixes #31744
Reuse secure_allocator
for AES256_ctx
in the aes 256 encrypters and decrypters and the iv
of AES256CBC
encrypters and decrypters. These classes are relevant to CCrypter
, used for encrypting wallets, and my understanding is that if an attacker knows some or all of the contents of these data structures (AES256_ctx
& iv
) they might be able to decrypt a user’s wallet.
Presently the secure_allocator
tries to protect sensitive data with mlock()
on POSIX systems and VirtualLock()
on Windows to prevent memory being paged to disk, and by zero’ing out memory contents on deallocation with memory_cleanse()
which is similar to OPENSSL_cleanse()
by scaring compilers away from optimizing memset
calls on non-Windows systems, and using SecureZeroMemory()
on Windows.