aboutsummaryrefslogtreecommitdiff
path: root/src/support
AgeCommit message (Collapse)Author
2020-05-29Limit scope of all global std::once_flagMarcoFalke
2020-05-04Merge #18443: lockedpool: avoid sensitive data in core files (FreeBSD)Wladimir J. van der Laan
f85203097f78d9daa1d35c4097a80beab31da2a4 lockedpool: avoid sensitive data in core files (FreeBSD) (Vasil Dimov) Pull request description: This is a followup to 23991ee53 / https://github.com/bitcoin/bitcoin/pull/15600 to also use madvise(2) on FreeBSD to avoid sensitive data allocated with secure_allocator ending up in core files in addition to preventing it from going to the swap. ACKs for top commit: sipa: ACK f85203097f78d9daa1d35c4097a80beab31da2a4 if someone verifies this works as intended on *BSD. laanwj: ACK f85203097f78d9daa1d35c4097a80beab31da2a4 practicalswift: Code-review ACK f85203097f78d9daa1d35c4097a80beab31da2a4 assuming a reviewer with FreeBSD access verifies that the PR goal is achieved :) Tree-SHA512: 2e6d4ab6a9fbe18732c8ba530eacc17f58128c97140758b80c905b5b838922a2bcaa5f9abc45ab69d5a1a2baa0cba322f006048b60a877228e089c7e64dadd2a
2020-04-16scripted-diff: Bump copyright headersMarcoFalke
-BEGIN VERIFY SCRIPT- ./contrib/devtools/copyright_header.py update ./ -END VERIFY SCRIPT-
2020-03-26lockedpool: avoid sensitive data in core files (FreeBSD)Vasil Dimov
This is a followup to 23991ee53 / https://github.com/bitcoin/bitcoin/pull/15600 to also use madvise(2) on FreeBSD to avoid sensitive data allocated with secure_allocator ending up in core files in addition to preventing it from going to the swap.
2020-03-26Merge #15600: lockedpool: When possible, use madvise to avoid including ↵Wladimir J. van der Laan
sensitive information in core dumps d831831822885717e9841f1ff67c19add566fa45 lockedpool: When possible, use madvise to avoid including sensitive information in core dumps (Luke Dashjr) Pull request description: If we're mlocking something, it's because it's sensitive information. Therefore, don't include it in core dump files, ~~and unmap it from forked processes~~. The return value is not checked because the madvise calls might fail on older kernels as a rule (unsure). ACKs for top commit: practicalswift: Code review ACK d831831822885717e9841f1ff67c19add566fa45 -- patch looks correct laanwj: ACK d831831822885717e9841f1ff67c19add566fa45 jonatack: ACK d831831822885717e9841f1ff67c19add566fa45 vasild: ACK d831831822885717e9841f1ff67c19add566fa45 Tree-SHA512: 9a6c1fef126a4bbee0698bfed5a01233460fbcc86380d984e80dfbdfbed3744fef74527a8e3439ea226167992cff9d3ffa8f2d4dbd5ae96ebe0c12f3eee0eb9e
2020-03-04lockedpool: When possible, use madvise to avoid including sensitive ↵Luke Dashjr
information in core dumps
2019-12-30scripted-diff: Bump copyright of files changed in 2019MarcoFalke
-BEGIN VERIFY SCRIPT- ./contrib/devtools/copyright_header.py update ./ -END VERIFY SCRIPT-
2019-11-16Fix segfault in allocator_tests/arena_testsJeffrey Czyz
The test uses reinterpret_cast<void*> on unallocated memory. Using this memory in printchunk as char* causes a segfault, so have printchunk take void* instead.
2019-11-16Fix compilation errors in support/lockedpool.cppJeffrey Czyz
Changes in #12048 cause a compilation error in Arena::walk() when ARENA_DEBUG is defined. Specifically, Arena's chunks_free map was changed to have a different value type. Additionally, missing includes cause other compilation errors when ARENA_DEBUG is defined. Reproduced with: make CPPFLAGS=-DARENA_DEBUG
2019-07-01Improve documentation of memory_cleanse()Tim Ruffing
So far, the documentation of memory_cleanse() is a verbatim copy of the commit message in BoringSSL, where this code was originally written. However, our code evolved since then, and the commit message is not particularly helpful in the code but is rather of historical interested in BoringSSL only. This commit improves improves the comments around memory_cleanse() and gives a better rationale for the method that we use. This commit touches only comments.
2019-06-06Clean up logic in memory_cleanse() for MSVCTim Ruffing
Commit fbf327b13868861c2877c5754caf5a9816f2603c ("Minimal code changes to allow msvc compilation.") was indeed minimal in terms of lines touched. But as a result of that minimalism it changed the logic in memory_cleanse() to first call std::memset() and then additionally the MSVC-specific SecureZeroMemory() function, and it also moved a comment to the wrong location. This commit removes the superfluous call to std::memset() on MSVC and ensures that the comment is in the right position again.
2019-01-23windows: Set _WIN32_WINNT to 0x0601 (Windows 7)Chun Kuan Lee
Also remove all defines in many places and define it in configure stage to keep consistency.
2019-01-06Fix out-of-bounds write in case of failing mmap(...) in ↵practicalswift
PosixLockedPageAllocator::AllocateLocked
2018-09-04Fix typos reported by codespellpracticalswift
2018-07-27Update copyright headers to 2018DrahtBot
2018-05-03Make it clear which functions that are intended to be translation unit localpracticalswift
Do not share functions that are meant to be translation unit local with other translation units. Use internal linkage for those consistently.
2018-04-09Remove duplicate includespracticalswift
2018-04-05Merge #12859: Bugfix: Include <memory> for std::unique_ptrWladimir J. van der Laan
a5bca13 Bugfix: Include <memory> for std::unique_ptr (Luke Dashjr) Pull request description: Not sure why all these includes were missing, but it's breaking builds for some users: https://bugs.gentoo.org/show_bug.cgi?id=652142 (Added to all files with a reference to `std::unique_ptr`) Tree-SHA512: 8a2c67513ca07b9bb52c34e8a20b15e56f8af2530310d9ee9b0a69694dd05e02e7a3683f14101a2685d457672b56addec591a0bb83900a0eb8e2a43d43200509
2018-04-02Bugfix: Include <memory> for std::unique_ptrLuke Dashjr
2018-03-22Merge #12048: Use best-fit strategy in Arena, now O(log(n)) instead O(n)Wladimir J. van der Laan
5fbf7c4 fix nits: variable naming, typos (Martin Ankerl) 1e0ee90 Use best-fit strategy in Arena, now O(log(n)) instead O(n) (Martin Ankerl) Pull request description: This replaces the first-fit algorithm used in the Arena with a best-fit. According to "Dynamic Storage Allocation: A Survey and Critical Review", Wilson et. al. 1995, http://www.scs.stanford.edu/14wi-cs140/sched/readings/wilson.pdf, both startegies work well in practice. The advantage of using best-fit is that we can switch the O(n) allocation to O(log(n)). Additionally, some previously O(log(n)) operations are now O(1) operations by using hash maps. The end effect is that the benchmark runs about 2.5 times faster on my machine: # Benchmark, evals, iterations, total, min, max, median old: BenchLockedPool, 5, 530, 5.25749, 0.00196938, 0.00199755, 0.00198172 new: BenchLockedPool, 5, 1300, 5.11313, 0.000781493, 0.000793314, 0.00078606 I've run all unit tests and benchmarks, and increased the number of iterations so that BenchLockedPool takes about 5 seconds again. Tree-SHA512: 6551e384671f93f10c60df530a29a1954bd265cc305411f665a8756525e5afe2873a8032c797d00b6e8c07e16d9827465d0b662875433147381474a44119ccce
2018-03-21Fix typosDimitris Apostolou
2018-01-06fix nits: variable naming, typosMartin Ankerl
2018-01-03Increment MIT Licence copyright header year on files modified in 2017Akira Takizawa
2017-12-29Use best-fit strategy in Arena, now O(log(n)) instead O(n)Martin Ankerl
This replaces the first-fit algorithm used in the Arena with a best-fit. According to "Dynamic Storage Allocation: A Survey and Critical Review", Wilson et. al. 1995, http://www.scs.stanford.edu/14wi-cs140/sched/readings/wilson.pdf, both startegies work well in practice. The advantage of using best-fit is that we can switch the slow O(n) algorithm to O(log(n)) operations. Additionally, some previously O(log(n)) operations are now replaced with O(1) operations by using a hash map. The end effect is that the benchmark runs about 2.5 times faster on my machine: old: BenchLockedPool, 5, 530, 5.25749, 0.00196938, 0.00199755, 0.00198172 new: BenchLockedPool, 5, 1300, 5.11313, 0.000781493, 0.000793314, 0.00078606 I've run all unit tests and benchmarks.
2017-12-13Merge #11558: Minimal code changes to allow msvc compilationWladimir J. van der Laan
fbf327b Minimal code changes to allow msvc compilation. (Aaron Clauson) Pull request description: These changes are required to allow the Bitcoin source to build with Microsoft's C++ compiler (#11562 is also required). I looked around for a better place for the typedef of ssize_t which is in random.h. The best candidate looks like src/compat.h but I figured including that header in random.h is a bigger change than the typedef. Note that the same typedef is in at least two other places including the OpenSSL and Berkeley DB headers so some of the Bitcoin code already picks it up. Tree-SHA512: aa6cc6283015e08ab074641f9abdc116c4dc58574dc90f75e7a5af4cc82946d3052370e5cbe855fb6180c00f8dc66997d3724ff0412e4b7417e51b6602154825
2017-11-16scripted-diff: Replace #include "" with #include <> (ryanofsky)MeshCollider
-BEGIN VERIFY SCRIPT- for f in \ src/*.cpp \ src/*.h \ src/bench/*.cpp \ src/bench/*.h \ src/compat/*.cpp \ src/compat/*.h \ src/consensus/*.cpp \ src/consensus/*.h \ src/crypto/*.cpp \ src/crypto/*.h \ src/crypto/ctaes/*.h \ src/policy/*.cpp \ src/policy/*.h \ src/primitives/*.cpp \ src/primitives/*.h \ src/qt/*.cpp \ src/qt/*.h \ src/qt/test/*.cpp \ src/qt/test/*.h \ src/rpc/*.cpp \ src/rpc/*.h \ src/script/*.cpp \ src/script/*.h \ src/support/*.cpp \ src/support/*.h \ src/support/allocators/*.h \ src/test/*.cpp \ src/test/*.h \ src/wallet/*.cpp \ src/wallet/*.h \ src/wallet/test/*.cpp \ src/wallet/test/*.h \ src/zmq/*.cpp \ src/zmq/*.h do base=${f%/*}/ relbase=${base#src/} sed -i "s:#include \"\(.*\)\"\(.*\):if test -e \$base'\\1'; then echo \"#include <\"\$relbase\"\\1>\\2\"; else echo \"#include <\\1>\\2\"; fi:e" $f done -END VERIFY SCRIPT-
2017-11-10Minimal code changes to allow msvc compilation.Aaron Clauson
2017-09-16Refactor: Modernize disallowed copy constructors/assignmentDan Raviv
Use C++11's better capability of expressing an interface of a non-copyable class by publicly deleting its copy ctor and assignment operator instead of just declaring them private.
2017-09-06Switch memory_cleanse implementation to BoringSSL's to ensure memory ↵Adam Langley
clearing even with link-time optimization. The implementation we currently use from OpenSSL prevents the compiler from optimizing away clensing operations on blocks of memory that are about to be released, but this protection is not extended to link-time optimization. This commit copies the solution cooked up by Google compiler engineers which uses inline assembly directives to instruct the compiler not to optimize out the call under any circumstances. As the code is in-lined, this has the added advantage of removing one more OpenSSL dependency. Regarding license compatibility, Google's contributions to BoringSSL library, including this code, is made available under the ISC license, which is MIT compatible. BoringSSL git commit: ad1907fe73334d6c696c8539646c21b11178f20f
2017-08-16Declare single-argument (non-converting) constructors "explicit"practicalswift
In order to avoid unintended implicit conversions.
2017-08-16Use nullptr instead of zero (0) as the null pointer constantpracticalswift
2017-08-16Merge #10965: Replace deprecated throw() with noexcept specifier (C++11)MarcoFalke
986255026 Use the noexcept specifier (C++11) instead of deprecated throw() (practicalswift) Pull request description: Use the `noexcept` specifier (C++11) instead of deprecated `throw()`. Tree-SHA512: cf9b6b18f61f2f59bbeceb2e43b5cd07a60f5e569c8def05c410cb72326d597c80cb731059969ef89fa5fddaae1242225886e6109fcb535c4ad62d56ebcdf1ea
2017-08-07scripted-diff: Use the C++11 keyword nullptr to denote the pointer literal ↵practicalswift
instead of the macro NULL -BEGIN VERIFY SCRIPT- sed -i 's/\<NULL\>/nullptr/g' src/*.cpp src/*.h src/*/*.cpp src/*/*.h src/qt/*/*.cpp src/qt/*/*.h src/wallet/*/*.cpp src/wallet/*/*.h src/support/allocators/*.h sed -i 's/Prefer nullptr, otherwise SAFECOOKIE./Prefer NULL, otherwise SAFECOOKIE./g' src/torcontrol.cpp sed -i 's/tor: Using nullptr authentication/tor: Using NULL authentication/g' src/torcontrol.cpp sed -i 's/METHODS=nullptr/METHODS=NULL/g' src/test/torcontrol_tests.cpp src/torcontrol.cpp sed -i 's/nullptr certificates/NULL certificates/g' src/qt/paymentserver.cpp sed -i 's/"nullptr"/"NULL"/g' src/torcontrol.cpp src/test/torcontrol_tests.cpp -END VERIFY SCRIPT-
2017-07-31Use the noexcept specifier (C++11) instead of deprecated throw()practicalswift
2017-06-28Use the override specifier (C++11) where we expect to be overriding the ↵practicalswift
virtual function of a base class
2017-06-22Merge #9517: [refactor] Switched httpserver.cpp to use RAII wrapped libevents.Wladimir J. van der Laan
1ae86ec Changed event RAII helper functions to inline to deal with duplicate symbol linker errors. (Karl-Johan Alm) fd369d2 Switched httpserver.cpp to use RAII wrapped libevents. (Kalle Alm) Tree-SHA512: 877e431f211024d42a3b0800e860e02833398611433e8393f8d5d4970f47f4bd670b900443678c067fec110c087aaab7dc1981ccbf17f6057676fdbbda89aed9
2017-05-03[wallet] Securely erase potentially sensitive keys/valuesThomas Snider
2017-04-14Changed event RAII helper functions to inline to deal with duplicate symbol ↵Karl-Johan Alm
linker errors.
2017-03-03Merge #8808: Do not shadow variables (gcc set)Wladimir J. van der Laan
ad1ae7a Check and enable -Wshadow by default. (Pavel Janík) 9de90bb Do not shadow variables (gcc set) (Pavel Janík) Tree-SHA512: 9517feb423dc8ddd63896016b25324673bfbe0bffa97f22996f59d7a3fcbdc2ebf2e43ac02bc067546f54e293e9b2f2514be145f867321e9031f895c063d9fb8
2017-01-05Merge #9387: [Refactor] RAII of libevent stuff using unique ptrs with deletersWladimir J. van der Laan
05a55a6 Added EVENT_CFLAGS to test makefile to explicitly include libevent headers. (Karl-Johan Alm) 280a559 Added some simple tests for the RAII-style events. (Karl-Johan Alm) 7f7f102 Switched bitcoin-cli.cpp to use RAII unique pointers with deleters. (Karl-Johan Alm) e5534d2 Added std::unique_ptr<> wrappers with deleters for libevent modules. (Karl-Johan Alm)
2016-12-31Increment MIT Licence copyright header year on files modified in 2016isle2983
Edited via: $ contrib/devtools/copyright_header.py update .
2016-12-21Added some simple tests for the RAII-style events.Karl-Johan Alm
2016-12-20Added std::unique_ptr<> wrappers with deleters for libevent modules.Karl-Johan Alm
2016-12-05Do not shadow variables (gcc set)Pavel Janík
2016-11-28Fix some typosfsb4000
2016-11-02LockedPool: avoid quadratic-time allocationKaz Wesley
Use separate maps for used/free chunks to avoid linear scan through alloced chunks for each alloc.
2016-11-02LockedPool: fix explosion for illegal-sized allocKaz Wesley
Check for unreasonable alloc size in LockedPool rather than lancing through new Arenas until we improbably find one worthy of the quixotic request or the system can support no more Arenas.
2016-11-02Do not shadow variable, use deprecated MAP_ANON if MAP_ANONYMOUS is not defined.Pavel Janík
2016-10-27support: Add LockedPoolWladimir J. van der Laan
Add a pool for locked memory chunks, replacing LockedPageManager. This is something I've been wanting to do for a long time. The current approach of locking objects where they happen to be on the stack or heap in-place causes a lot of mlock/munlock system call overhead, slowing down any handling of keys. Also locked memory is a limited resource on many operating systems (and using a lot of it bogs down the system), so the previous approach of locking every page that may contain any key information (but also other information) is wasteful.
2016-10-19wallet: Get rid of LockObject and UnlockObject calls in key.hWladimir J. van der Laan
Replace these with vectors allocated from the secure allocator. This avoids mlock syscall churn on stack pages, as well as makes it possible to get rid of these functions. Please review this commit and the previous one carefully that no `sizeof(vectortype)` remains in the memcpys and memcmps usage (ick!), and `.data()` or `&vec[x]` is used as appropriate instead of &vec.