New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Refactoring] Abstract out and switch openssl cleanse #761

Open
wants to merge 2 commits into
base: master
from

Conversation

4 participants
@Warrows
Collaborator

Warrows commented Oct 28, 2018

Backport of bitcoin#5689 and bitcoin#11196. That's part of the project of keeping up with Bitcoin Core and moving away from OpenSSL as much as possible.

theuni and others added some commits Jan 21, 2015

openssl: abstract out OPENSSL_cleanse
This makes it easier for us to replace it if desired, since it's now only in
one spot. Also, it avoids the openssl include from allocators.h, which
essentially forced openssl to be included from every compilation unit.
Switch memory_cleanse implementation to BoringSSL's to ensure memory …
…clearing even with link-time optimization.

The implementation we currently use from OpenSSL prevents the compiler from optimizing away clensing operations on blocks of memory that are about to be released, but this protection is not extended to link-time optimization. This commit copies the solution cooked up by Google compiler engineers which uses inline assembly directives to instruct the compiler not to optimize out the call under any circumstances. As the code is in-lined, this has the added advantage of removing one more OpenSSL dependency.

Regarding license compatibility, Google's contributions to BoringSSL library, including this code, is made available under the ISC license, which is MIT compatible.

BoringSSL git commit: ad1907fe73334d6c696c8539646c21b11178f20f
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment