move memwipe to epee to avoid common<->crypto circular dependencies

src/common/CMakeLists.txt

@@ -35,7 +35,6 @@ set(common_sources
   download.cpp
   util.cpp
   i18n.cpp
-  memwipe.c
   password.cpp
   perf_timer.cpp
   threadpool.cpp
@@ -64,7 +63,6 @@ set(common_private_headers
   util.h
   varint.h
   i18n.h
-  memwipe.h
   password.h
   perf_timer.h
   stack_trace.h
@@ -92,9 +90,5 @@ target_link_libraries(common
     ${OPENSSL_LIBRARIES}
     ${EXTRA_LIBRARIES})
 
-if(HAVE_C11)
-SET_PROPERTY(SOURCE memwipe.c PROPERTY COMPILE_FLAGS -std=c11)
-endif()
-
 #monero_install_headers(common
 #  ${common_headers})

src/common/memwipe.c

@@ -1,106 +0,0 @@
-// Copyright (c) 2017, The Monero Project
-// 
-// All rights reserved.
-// 
-// Redistribution and use in source and binary forms, with or without modification, are
-// permitted provided that the following conditions are met:
-// 
-// 1. Redistributions of source code must retain the above copyright notice, this list of
-//    conditions and the following disclaimer.
-// 
-// 2. Redistributions in binary form must reproduce the above copyright notice, this list
-//    of conditions and the following disclaimer in the documentation and/or other
-//    materials provided with the distribution.
-// 
-// 3. Neither the name of the copyright holder nor the names of its contributors may be
-//    used to endorse or promote products derived from this software without specific
-//    prior written permission.
-// 
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
-// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
-// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
-// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
-// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-//
-// Parts of this file Copyright (c) 2009-2015 The Bitcoin Core developers
-
-#define __STDC_WANT_LIB_EXT1__ 1
-#include <string.h>
-#include <stdlib.h>
-#ifdef HAVE_EXPLICIT_BZERO
-#include <strings.h>
-#endif
-#include "memwipe.h"
-
-#if defined(_MSC_VER)
-#define SCARECROW \
-    __asm;
-#else
-#define SCARECROW \
-    __asm__ __volatile__("" : : "r"(ptr) : "memory");
-#endif
-
-#ifdef HAVE_MEMSET_S
-
-void *memwipe(void *ptr, size_t n)
-{
-  if (memset_s(ptr, n, 0, n))
-  {
-    abort();
-  }
-  SCARECROW // might as well...
-  return ptr;
-}
-
-#elif defined HAVE_EXPLICIT_BZERO
-
-void *memwipe(void *ptr, size_t n)
-{
-  explicit_bzero(ptr, n);
-  SCARECROW
-  return ptr;
-}
-
-#else
-
-/* The memory_cleanse implementation is taken from Bitcoin */
-
-/* Compilers have a bad habit of removing "superfluous" memset calls that
- * are trying to zero memory. For example, when memset()ing a buffer and
- * then free()ing it, the compiler might decide that the memset is
- * unobservable and thus can be removed.
- *
- * Previously we used OpenSSL which tried to stop this by a) implementing
- * memset in assembly on x86 and b) putting the function in its own file
- * for other platforms.
- *
- * This change removes those tricks in favour of using asm directives to
- * scare the compiler away. As best as our compiler folks can tell, this is
- * sufficient and will continue to be so.
- *
- * Adam Langley <agl@google.com>
- * Commit: ad1907fe73334d6c696c8539646c21b11178f20f
- * BoringSSL (LICENSE: ISC)
- */
-static void memory_cleanse(void *ptr, size_t len)
-{
-    memset(ptr, 0, len);
-
-    /* As best as we can tell, this is sufficient to break any optimisations that
-       might try to eliminate "superfluous" memsets. If there's an easy way to
-       detect memset_s, it would be better to use that. */
-    SCARECROW
-}
-
-void *memwipe(void *ptr, size_t n)
-{
-  memory_cleanse(ptr, n);
-  SCARECROW
-  return ptr;
-}
-
-#endif

src/common/memwipe.h

@@ -1,84 +0,0 @@
-// Copyright (c) 2017, The Monero Project
-// 
-// All rights reserved.
-// 
-// Redistribution and use in source and binary forms, with or without modification, are
-// permitted provided that the following conditions are met:
-// 
-// 1. Redistributions of source code must retain the above copyright notice, this list of
-//    conditions and the following disclaimer.
-// 
-// 2. Redistributions in binary form must reproduce the above copyright notice, this list
-//    of conditions and the following disclaimer in the documentation and/or other
-//    materials provided with the distribution.
-// 
-// 3. Neither the name of the copyright holder nor the names of its contributors may be
-//    used to endorse or promote products derived from this software without specific
-//    prior written permission.
-// 
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
-// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
-// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
-// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
-// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-// 
-// Parts of this file are originally copyright (c) 2012-2013 The Cryptonote developers
-
-#pragma once
-
-#ifdef __cplusplus
-#include <array>
-
-extern "C" {
-#endif
-
-void *memwipe(void *src, size_t n);
-
-#ifdef __cplusplus
-}
-#endif
-
-#ifdef __cplusplus
-namespace tools {
-
-  /// Scrubs data in the contained type upon destruction.
-  ///
-  /// Primarily useful for making sure that private keys don't stick around in
-  /// memory after the objects that held them have gone out of scope.
-  template <class T>
-  struct scrubbed : public T {
-    using type = T;
-
-    ~scrubbed() {
-      scrub();
-    }
-
-    /// Destroy the contents of the contained type.
-    void scrub() {
-      static_assert(std::is_pod<T>::value,
-                    "T cannot be auto-scrubbed. T must be POD.");
-      static_assert(std::is_trivially_destructible<T>::value,
-                    "T cannot be auto-scrubbed. T must be trivially destructable.");
-      memwipe(this, sizeof(T));
-    }
-  };
-
-  template <class T, size_t N>
-  using scrubbed_arr = scrubbed<std::array<T, N>>;
-} // namespace tools
-
-// Partial specialization for std::is_pod<tools::scrubbed<T>> so that it can
-// pretend to be the containted type in those contexts.
-namespace std
-{
-  template<class t_scrubbee>
-  struct is_pod<tools::scrubbed<t_scrubbee>> {
-    static const bool value = is_pod<t_scrubbee>::value;
-  };
-}
-
-#endif // __cplusplus

src/common/password.cpp

@@ -46,7 +46,7 @@
   #include "readline_buffer.h"
 #endif
 
-#include "common/memwipe.h"
+#include "memwipe.h"
 
 namespace
 {