Commit graph

47 commits

Author SHA1 Message Date
Tim Ruffing
f53a70ce95
Improve documentation of memory_cleanse()
So far, the documentation of memory_cleanse() is a verbatim copy of
the commit message in BoringSSL, where this code was originally
written. However, our code evolved since then, and the commit message
is not particularly helpful in the code but is rather of historical
interested in BoringSSL only.

This commit improves improves the comments around memory_cleanse()
and gives a better rationale for the method that we use. This commit
touches only comments.
2019-07-01 12:59:44 +02:00
Tim Ruffing
cac30a436c Clean up logic in memory_cleanse() for MSVC
Commit fbf327b138 ("Minimal code
changes to allow msvc compilation.") was indeed minimal in terms
of lines touched. But as a result of that minimalism it changed the
logic in memory_cleanse() to first call std::memset() and then
additionally the MSVC-specific SecureZeroMemory() function, and it
also moved a comment to the wrong location.

This commit removes the superfluous call to std::memset() on MSVC
and ensures that the comment is in the right position again.
2019-06-06 11:49:11 +02:00
Chun Kuan Lee
1bd9ffdd44 windows: Set _WIN32_WINNT to 0x0601 (Windows 7)
Also remove all defines in many places and define it in configure stage to keep consistency.
2019-01-23 16:28:27 +08:00
practicalswift
ca126d490b Fix out-of-bounds write in case of failing mmap(...) in PosixLockedPageAllocator::AllocateLocked 2019-01-06 17:45:53 +01:00
practicalswift
ada356208e Fix typos reported by codespell 2018-09-04 13:11:26 +02:00
DrahtBot
eb7daf4d60 Update copyright headers to 2018 2018-07-27 07:15:02 -04:00
practicalswift
c3f34d06be Make it clear which functions that are intended to be translation unit local
Do not share functions that are meant to be translation unit local with
other translation units. Use internal linkage for those consistently.
2018-05-03 21:47:40 +02:00
practicalswift
280023f31d Remove duplicate includes 2018-04-09 09:18:49 +02:00
Wladimir J. van der Laan
bd59c4395c
Merge #12859: Bugfix: Include <memory> for std::unique_ptr
a5bca13 Bugfix: Include <memory> for std::unique_ptr (Luke Dashjr)

Pull request description:

  Not sure why all these includes were missing, but it's breaking builds for some users:

  https://bugs.gentoo.org/show_bug.cgi?id=652142

  (Added to all files with a reference to `std::unique_ptr`)

Tree-SHA512: 8a2c67513ca07b9bb52c34e8a20b15e56f8af2530310d9ee9b0a69694dd05e02e7a3683f14101a2685d457672b56addec591a0bb83900a0eb8e2a43d43200509
2018-04-05 09:31:53 +02:00
Luke Dashjr
a5bca13095 Bugfix: Include <memory> for std::unique_ptr 2018-04-02 18:31:52 +00:00
Wladimir J. van der Laan
a6926b065d
Merge #12048: Use best-fit strategy in Arena, now O(log(n)) instead O(n)
5fbf7c4 fix nits: variable naming, typos (Martin Ankerl)
1e0ee90 Use best-fit strategy in Arena, now O(log(n)) instead O(n) (Martin Ankerl)

Pull request description:

  This replaces the first-fit algorithm used in the Arena with a best-fit. According to "Dynamic Storage Allocation: A Survey and Critical Review", Wilson et. al. 1995, http://www.scs.stanford.edu/14wi-cs140/sched/readings/wilson.pdf, both startegies work well in practice.

  The advantage of using best-fit is that we can switch the O(n) allocation to O(log(n)). Additionally, some previously O(log(n)) operations are now O(1) operations by using hash maps. The end effect is that the benchmark runs about 2.5 times faster on my machine:

      # Benchmark, evals, iterations, total, min, max, median
      old: BenchLockedPool, 5, 530, 5.25749, 0.00196938, 0.00199755, 0.00198172
      new: BenchLockedPool, 5, 1300, 5.11313, 0.000781493, 0.000793314, 0.00078606

  I've run all unit tests and benchmarks, and increased the number of iterations so that BenchLockedPool takes about 5 seconds again.

Tree-SHA512: 6551e384671f93f10c60df530a29a1954bd265cc305411f665a8756525e5afe2873a8032c797d00b6e8c07e16d9827465d0b662875433147381474a44119ccce
2018-03-22 14:28:37 +01:00
Dimitris Apostolou
4d9b4256d8 Fix typos 2018-03-21 08:34:44 +02:00
Martin Ankerl
5fbf7c478a fix nits: variable naming, typos 2018-01-06 09:13:41 +01:00
Akira Takizawa
595a7bab23 Increment MIT Licence copyright header year on files modified in 2017 2018-01-03 02:26:56 +09:00
Martin Ankerl
1e0ee9095c Use best-fit strategy in Arena, now O(log(n)) instead O(n)
This replaces the first-fit algorithm used in the Arena with a best-fit. According to "Dynamic Storage Allocation: A Survey and Critical Review", Wilson et. al. 1995, http://www.scs.stanford.edu/14wi-cs140/sched/readings/wilson.pdf, both startegies work well in practice.

The advantage of using best-fit is that we can switch the slow O(n) algorithm to O(log(n)) operations. Additionally, some previously O(log(n)) operations are now replaced with O(1) operations by using a hash map. The end effect is that the benchmark runs about 2.5 times faster on my machine:

old: BenchLockedPool, 5, 530, 5.25749, 0.00196938, 0.00199755, 0.00198172
new: BenchLockedPool, 5, 1300, 5.11313, 0.000781493, 0.000793314, 0.00078606

I've run all unit tests and benchmarks.
2017-12-29 11:36:11 +01:00
Wladimir J. van der Laan
68e021e3a3
Merge #11558: Minimal code changes to allow msvc compilation
fbf327b Minimal code changes to allow msvc compilation. (Aaron Clauson)

Pull request description:

  These changes are required to allow the Bitcoin source to build with Microsoft's C++ compiler (#11562 is also required).

  I looked around for a better place for the typedef of ssize_t which is in random.h. The best candidate looks like src/compat.h but I figured including that header in random.h is a bigger change than the typedef. Note that the same typedef is in at least two other places including the OpenSSL and Berkeley DB headers so some of the Bitcoin code already picks it up.

Tree-SHA512: aa6cc6283015e08ab074641f9abdc116c4dc58574dc90f75e7a5af4cc82946d3052370e5cbe855fb6180c00f8dc66997d3724ff0412e4b7417e51b6602154825
2017-12-13 14:05:25 +01:00
MeshCollider
1a445343f6 scripted-diff: Replace #include "" with #include <> (ryanofsky)
-BEGIN VERIFY SCRIPT-
for f in \
  src/*.cpp \
  src/*.h \
  src/bench/*.cpp \
  src/bench/*.h \
  src/compat/*.cpp \
  src/compat/*.h \
  src/consensus/*.cpp \
  src/consensus/*.h \
  src/crypto/*.cpp \
  src/crypto/*.h \
  src/crypto/ctaes/*.h \
  src/policy/*.cpp \
  src/policy/*.h \
  src/primitives/*.cpp \
  src/primitives/*.h \
  src/qt/*.cpp \
  src/qt/*.h \
  src/qt/test/*.cpp \
  src/qt/test/*.h \
  src/rpc/*.cpp \
  src/rpc/*.h \
  src/script/*.cpp \
  src/script/*.h \
  src/support/*.cpp \
  src/support/*.h \
  src/support/allocators/*.h \
  src/test/*.cpp \
  src/test/*.h \
  src/wallet/*.cpp \
  src/wallet/*.h \
  src/wallet/test/*.cpp \
  src/wallet/test/*.h \
  src/zmq/*.cpp \
  src/zmq/*.h
do
  base=${f%/*}/ relbase=${base#src/} sed -i "s:#include \"\(.*\)\"\(.*\):if test -e \$base'\\1'; then echo \"#include <\"\$relbase\"\\1>\\2\"; else echo \"#include <\\1>\\2\"; fi:e" $f
done
-END VERIFY SCRIPT-
2017-11-16 08:23:01 +13:00
Aaron Clauson
fbf327b138 Minimal code changes to allow msvc compilation. 2017-11-10 07:06:49 +11:00
Dan Raviv
2a07f878a8 Refactor: Modernize disallowed copy constructors/assignment
Use C++11's better capability of expressing an interface of a non-copyable class by publicly deleting its copy ctor and assignment operator instead of just declaring them private.
2017-09-16 13:06:05 +03:00
Adam Langley
1444c2e7d0 Switch memory_cleanse implementation to BoringSSL's to ensure memory clearing even with link-time optimization.
The implementation we currently use from OpenSSL prevents the compiler from optimizing away clensing operations on blocks of memory that are about to be released, but this protection is not extended to link-time optimization. This commit copies the solution cooked up by Google compiler engineers which uses inline assembly directives to instruct the compiler not to optimize out the call under any circumstances. As the code is in-lined, this has the added advantage of removing one more OpenSSL dependency.

Regarding license compatibility, Google's contributions to BoringSSL library, including this code, is made available under the ISC license, which is MIT compatible.

BoringSSL git commit: ad1907fe73334d6c696c8539646c21b11178f20f
2017-09-06 13:46:11 -07:00
practicalswift
64fb0ac016 Declare single-argument (non-converting) constructors "explicit"
In order to avoid unintended implicit conversions.
2017-08-16 16:33:25 +02:00
practicalswift
36d326e8b0 Use nullptr instead of zero (0) as the null pointer constant 2017-08-16 10:24:18 +02:00
MarcoFalke
655970d9c6
Merge #10965: Replace deprecated throw() with noexcept specifier (C++11)
986255026 Use the noexcept specifier (C++11) instead of deprecated throw() (practicalswift)

Pull request description:

  Use the `noexcept` specifier (C++11) instead of deprecated `throw()`.

Tree-SHA512: cf9b6b18f61f2f59bbeceb2e43b5cd07a60f5e569c8def05c410cb72326d597c80cb731059969ef89fa5fddaae1242225886e6109fcb535c4ad62d56ebcdf1ea
2017-08-16 02:29:18 +02:00
practicalswift
90d4d89230 scripted-diff: Use the C++11 keyword nullptr to denote the pointer literal instead of the macro NULL
-BEGIN VERIFY SCRIPT-
sed -i 's/\<NULL\>/nullptr/g' src/*.cpp src/*.h src/*/*.cpp src/*/*.h src/qt/*/*.cpp src/qt/*/*.h src/wallet/*/*.cpp src/wallet/*/*.h src/support/allocators/*.h
sed -i 's/Prefer nullptr, otherwise SAFECOOKIE./Prefer NULL, otherwise SAFECOOKIE./g' src/torcontrol.cpp
sed -i 's/tor: Using nullptr authentication/tor: Using NULL authentication/g' src/torcontrol.cpp
sed -i 's/METHODS=nullptr/METHODS=NULL/g' src/test/torcontrol_tests.cpp src/torcontrol.cpp
sed -i 's/nullptr certificates/NULL certificates/g' src/qt/paymentserver.cpp
sed -i 's/"nullptr"/"NULL"/g' src/torcontrol.cpp src/test/torcontrol_tests.cpp
-END VERIFY SCRIPT-
2017-08-07 07:36:37 +02:00
practicalswift
9862550260 Use the noexcept specifier (C++11) instead of deprecated throw() 2017-07-31 19:44:01 +02:00
practicalswift
aa95947ded Use the override specifier (C++11) where we expect to be overriding the virtual function of a base class 2017-06-28 02:12:06 +02:00
Wladimir J. van der Laan
ffce893982
Merge #9517: [refactor] Switched httpserver.cpp to use RAII wrapped libevents.
1ae86ec Changed event RAII helper functions to inline to deal with duplicate symbol linker errors. (Karl-Johan Alm)
fd369d2 Switched httpserver.cpp to use RAII wrapped libevents. (Kalle Alm)

Tree-SHA512: 877e431f211024d42a3b0800e860e02833398611433e8393f8d5d4970f47f4bd670b900443678c067fec110c087aaab7dc1981ccbf17f6057676fdbbda89aed9
2017-06-22 19:16:37 +02:00
Thomas Snider
6c914ac176 [wallet] Securely erase potentially sensitive keys/values 2017-05-03 11:35:51 -07:00
Karl-Johan Alm
1ae86ec5ec
Changed event RAII helper functions to inline to deal with duplicate symbol linker errors. 2017-04-14 13:44:10 +09:00
Wladimir J. van der Laan
75d012e8c7
Merge #8808: Do not shadow variables (gcc set)
ad1ae7a Check and enable -Wshadow by default. (Pavel Janík)
9de90bb Do not shadow variables (gcc set) (Pavel Janík)

Tree-SHA512: 9517feb423dc8ddd63896016b25324673bfbe0bffa97f22996f59d7a3fcbdc2ebf2e43ac02bc067546f54e293e9b2f2514be145f867321e9031f895c063d9fb8
2017-03-03 15:48:53 +01:00
Wladimir J. van der Laan
cfe41d7a60
Merge #9387: [Refactor] RAII of libevent stuff using unique ptrs with deleters
05a55a6 Added EVENT_CFLAGS to test makefile to explicitly include libevent headers. (Karl-Johan Alm)
280a559 Added some simple tests for the RAII-style events. (Karl-Johan Alm)
7f7f102 Switched bitcoin-cli.cpp to use RAII unique pointers with deleters. (Karl-Johan Alm)
e5534d2 Added std::unique_ptr<> wrappers with deleters for libevent modules. (Karl-Johan Alm)
2017-01-05 11:11:17 +01:00
isle2983
27765b6403 Increment MIT Licence copyright header year on files modified in 2016
Edited via:

$ contrib/devtools/copyright_header.py update .
2016-12-31 11:01:21 -07:00
Karl-Johan Alm
280a5599eb Added some simple tests for the RAII-style events. 2016-12-21 16:49:21 +09:00
Karl-Johan Alm
e5534d2f01 Added std::unique_ptr<> wrappers with deleters for libevent modules. 2016-12-20 20:45:08 +09:00
Pavel Janík
9de90bb749 Do not shadow variables (gcc set) 2016-12-05 11:41:46 +01:00
fsb4000
15fa95d7e5 Fix some typos 2016-11-28 16:16:37 +07:00
Kaz Wesley
b3ddc5e76f LockedPool: avoid quadratic-time allocation
Use separate maps for used/free chunks to avoid linear scan through alloced
chunks for each alloc.
2016-11-02 16:52:56 -07:00
Kaz Wesley
0b59f80625 LockedPool: fix explosion for illegal-sized alloc
Check for unreasonable alloc size in LockedPool rather than lancing through new
Arenas until we improbably find one worthy of the quixotic request or the system
can support no more Arenas.
2016-11-02 14:41:40 -07:00
Pavel Janík
4a9f3c50cc Do not shadow variable, use deprecated MAP_ANON if MAP_ANONYMOUS is not defined. 2016-11-02 14:18:19 +01:00
Wladimir J. van der Laan
4536148b15 support: Add LockedPool
Add a pool for locked memory chunks, replacing LockedPageManager.

This is something I've been wanting to do for a long time. The current
approach of locking objects where they happen to be on the stack or heap
in-place causes a lot of mlock/munlock system call overhead, slowing
down any handling of keys.

Also locked memory is a limited resource on many operating systems (and
using a lot of it bogs down the system), so the previous approach of
locking every page that may contain any key information (but also other
information) is wasteful.
2016-10-27 13:17:25 +02:00
Wladimir J. van der Laan
f4d1fc259b wallet: Get rid of LockObject and UnlockObject calls in key.h
Replace these with vectors allocated from the secure allocator.

This avoids mlock syscall churn on stack pages, as well as makes
it possible to get rid of these functions.

Please review this commit and the previous one carefully that
no `sizeof(vectortype)` remains in the memcpys and memcmps usage
(ick!), and `.data()` or `&vec[x]` is used as appropriate instead of
&vec.
2016-10-19 16:17:33 +02:00
Pavel Janík
4731cab8fb Do not shadow variables 2016-09-27 09:25:15 +02:00
MarcoFalke
fa24439ff3 Bump copyright headers to 2015 2015-12-13 18:08:39 +01:00
Wladimir J. van der Laan
881027a79d Remove assertion from ~LockedPageManager
This assertion will occur any time that the client quits without
shutting down properly due to an error condition. As the user will
report this error instead of the error that was the root cause, it is
better to remove it.
2015-05-15 11:44:58 +02:00
Philip Kaufmann
a21df62069 ensure consistent header comment naming conventions
- BITCOIN_FOLDER_SUBFOLDER_FILENAME_H
2015-04-20 13:29:22 +02:00
Cory Fields
d7d187e8a4 allocators: split allocators and pagelocker
Pagelocker is only needed for secure (usually wallet) operations, so don't make
the zero-after-free allocator depend on it.
2015-03-20 12:23:44 +01:00
Cory Fields
1630219d90 openssl: abstract out OPENSSL_cleanse
This makes it easier for us to replace it if desired, since it's now only in
one spot. Also, it avoids the openssl include from allocators.h, which
essentially forced openssl to be included from every compilation unit.
2015-02-15 11:34:02 -05:00