X-Git-Url: https://git.novaco.in/?a=blobdiff_plain;f=src%2Fcrypter.h;h=733d9a31230a76f87516656f30f75dcabdbeda87;hb=0a18ce8f4cd1a723f50333945d94c84b45c8d56b;hp=d1bdb92c91013e94e88a887a7f0b0ea7f26ae35e;hpb=6b6aaa1698838278a547f16a15e635bd58ec867d;p=novacoin.git

diff --git a/src/crypter.h b/src/crypter.h
index d1bdb92..733d9a3 100644
--- a/src/crypter.h
+++ b/src/crypter.h
@@ -76,21 +76,28 @@ public:
 
     void CleanKey()
     {
-        memset(&chKey, 0, sizeof chKey);
-        memset(&chIV, 0, sizeof chIV);
-        munlock(&chKey, sizeof chKey);
-        munlock(&chIV, sizeof chIV);
+        OPENSSL_cleanse(&chKey, sizeof chKey);
+        OPENSSL_cleanse(&chIV, sizeof chIV);
         fKeySet = false;
     }
 
     CCrypter()
     {
         fKeySet = false;
+
+        // Try to keep the key data out of swap (and be a bit over-careful to keep the IV that we don't even use out of swap)
+        // Note that this does nothing about suspend-to-disk (which will put all our key data on disk)
+        // Note as well that at no point in this program is any attempt made to prevent stealing of keys by reading the memory of the running process.
+        LockedPageManager::instance.LockRange(&chKey[0], sizeof chKey);
+        LockedPageManager::instance.LockRange(&chIV[0], sizeof chIV);
     }
 
     ~CCrypter()
     {
         CleanKey();
+
+        LockedPageManager::instance.UnlockRange(&chKey[0], sizeof chKey);
+        LockedPageManager::instance.UnlockRange(&chIV[0], sizeof chIV);
     }
 };