mlock() all private keys in memory

Inline comment and idea come from the encprivkeys branch
by Matt Corallo <matt@bluematt.me>.

src/serialize.h

@@ -28,6 +28,18 @@ typedef unsigned long long  uint64;
 #if defined(_MSC_VER) && _MSC_VER < 1300
 #define for  if (false) ; else for
 #endif
+
+#ifdef __WXMSW__
+// This is used to attempt to keep keying material out of swap
+// Note that VirtualLock does not provide this as a guarantee on Windows,
+// but, in practice, memory that has been VirtualLock'd almost never gets written to
+// the pagefile except in rare circumstances where memory is extremely low.
+#define mlock(p, n) VirtualLock((p), (n));
+#define munlock(p, n) VirtualUnlock((p), (n));
+#else
+#include <sys/mman.h>
+#endif
+
 class CScript;
 class CDataStream;
 class CAutoFile;
@@ -755,7 +767,8 @@ struct ser_streamplaceholder
 
 
 //
-// Allocator that clears its contents before deletion
+// Allocator that locks its contents from being paged
+// out of memory and clears its contents before deletion.
 //
 template<typename T>
 struct secure_allocator : public std::allocator<T>
@@ -777,10 +790,22 @@ struct secure_allocator : public std::allocator<T>
     template<typename _Other> struct rebind
     { typedef secure_allocator<_Other> other; };
 
+    T* allocate(std::size_t n, const void *hint = 0)
+    {
+        T *p;
+        p = std::allocator<T>::allocate(n, hint);
+        if (p != NULL)
+            mlock(p, sizeof(T) * n);
+        return p;
+    }
+
     void deallocate(T* p, std::size_t n)
     {
         if (p != NULL)
+        {
             memset(p, 0, sizeof(T) * n);
+            munlock(p, sizeof(T) * n);
+        }
         std::allocator<T>::deallocate(p, n);
     }
 };