/root/bitcoin/src/support/allocators/secure.h

Source
// Copyright (c) 2009-2010 Satoshi Nakamoto
// Copyright (c) 2009-present The Bitcoin Core developers
// Distributed under the MIT software license, see the accompanying
// file COPYING or http://www.opensource.org/licenses/mit-license.php.

#ifndef BITCOIN_SUPPORT_ALLOCATORS_SECURE_H
#define BITCOIN_SUPPORT_ALLOCATORS_SECURE_H

#include <support/lockedpool.h>
#include <support/cleanse.h>

#include <memory>
#include <string>

//
// Allocator that locks its contents from being paged
// out of memory and clears its contents before deletion.
//
template <typename T>
struct secure_allocator {
    using value_type = T;

    secure_allocator() = default;
    template <typename U>
    secure_allocator(const secure_allocator<U>&) noexcept {}

    T* allocate(std::size_t n)
    {
        T* allocation = static_cast<T*>(LockedPoolManager::Instance().alloc(sizeof(T) * n));
        if (!allocation) {
            throw std::bad_alloc();
        }
        return allocation;
    }

    void deallocate(T* p, std::size_t n)
    {
        if (p != nullptr) {
            memory_cleanse(p, sizeof(T) * n);
        }
        LockedPoolManager::Instance().free(p);
    }

    template <typename U>
    friend bool operator==(const secure_allocator&, const secure_allocator<U>&) noexcept
    {
        return true;
    }
};

// This is exactly like std::string, but with a custom allocator.
// TODO: Consider finding a way to make incoming RPC request.params[i] mlock()ed as well
typedef std::basic_string<char, std::char_traits<char>, secure_allocator<char> > SecureString;

template<typename T>
struct SecureUniqueDeleter {
    void operator()(T* t) noexcept {
        secure_allocator<T>().deallocate(t, 1);
    }
};

template<typename T>
using secure_unique_ptr = std::unique_ptr<T, SecureUniqueDeleter<T>>;

template<typename T, typename... Args>
secure_unique_ptr<T> make_secure_unique(Args&&... as)
{
    T* p = secure_allocator<T>().allocate(1);

    // initialize in place, and return as secure_unique_ptr
    try {
        return secure_unique_ptr<T>(new (p) T(std::forward<Args>(as)...));
    } catch (...) {
        secure_allocator<T>().deallocate(p, 1);
        throw;
    }
}

#endif // BITCOIN_SUPPORT_ALLOCATORS_SECURE_H

Line	Count	Source
1		// Copyright (c) 2009-2010 Satoshi Nakamoto
2		// Copyright (c) 2009-present The Bitcoin Core developers
3		// Distributed under the MIT software license, see the accompanying
4		// file COPYING or http://www.opensource.org/licenses/mit-license.php.
5
6		#ifndef BITCOIN_SUPPORT_ALLOCATORS_SECURE_H
7		#define BITCOIN_SUPPORT_ALLOCATORS_SECURE_H
8
9		#include <support/lockedpool.h>
10		#include <support/cleanse.h>
11
12		#include <memory>
13		#include <string>
14
15		//
16		// Allocator that locks its contents from being paged
17		// out of memory and clears its contents before deletion.
18		//
19		template <typename T>
20		struct secure_allocator {
21		using value_type = T;
22
23		secure_allocator() = default;
24		template <typename U>
25		secure_allocator(const secure_allocator<U>&) noexcept {}
26
27		T* allocate(std::size_t n)
28	0	{
29	0	T* allocation = static_cast<T>(LockedPoolManager::Instance().alloc(sizeof(T) n));
30	0	if (!allocation) {
31	0	throw std::bad_alloc();
32	0	}
33	0	return allocation;
34	0	} Unexecuted instantiation: secure_allocator<std::array<unsigned char, 32ul> >::allocate(unsigned long) Unexecuted instantiation: secure_allocator<std::array<unsigned char, 96ul> >::allocate(unsigned long) Unexecuted instantiation: secure_allocator<unsigned char>::allocate(unsigned long) Unexecuted instantiation: secure_allocator<char>::allocate(unsigned long) Unexecuted instantiation: secure_allocator<secp256k1_musig_secnonce>::allocate(unsigned long) Unexecuted instantiation: random.cpp:secure_allocator<(anonymous namespace)::RNGState>::allocate(unsigned long) Unexecuted instantiation: secure_allocator<AES256_ctx>::allocate(unsigned long)
35
36		void deallocate(T* p, std::size_t n)
37	0	{
38	0	if (p != nullptr) {
39	0	memory_cleanse(p, sizeof(T) * n);
40	0	}
41	0	LockedPoolManager::Instance().free(p);
42	0	} Unexecuted instantiation: secure_allocator<std::array<unsigned char, 32ul> >::deallocate(std::array<unsigned char, 32ul>, unsigned long) Unexecuted instantiation: secure_allocator<std::array<unsigned char, 96ul> >::deallocate(std::array<unsigned char, 96ul>, unsigned long) Unexecuted instantiation: secure_allocator<unsigned char>::deallocate(unsigned char, unsigned long) Unexecuted instantiation: secure_allocator<char>::deallocate(char, unsigned long) Unexecuted instantiation: secure_allocator<secp256k1_musig_secnonce>::deallocate(secp256k1_musig_secnonce, unsigned long) Unexecuted instantiation: random.cpp:secure_allocator<(anonymous namespace)::RNGState>::deallocate((anonymous namespace)::RNGState, unsigned long) Unexecuted instantiation: secure_allocator<AES256_ctx>::deallocate(AES256_ctx*, unsigned long)
43
44		template <typename U>
45		friend bool operator==(const secure_allocator&, const secure_allocator<U>&) noexcept
46	0	{
47	0	return true;
48	0	} Unexecuted instantiation: bool operator==<unsigned char>(secure_allocator<unsigned char> const&, secure_allocator<unsigned char> const&) Unexecuted instantiation: bool operator==<char>(secure_allocator<char> const&, secure_allocator<char> const&)
49		};
50
51		// This is exactly like std::string, but with a custom allocator.
52		// TODO: Consider finding a way to make incoming RPC request.params[i] mlock()ed as well
53		typedef std::basic_string<char, std::char_traits<char>, secure_allocator<char> > SecureString;
54
55		template<typename T>
56		struct SecureUniqueDeleter {
57	0	void operator()(T* t) noexcept {
58	0	secure_allocator<T>().deallocate(t, 1);
59	0	} Unexecuted instantiation: SecureUniqueDeleter<std::array<unsigned char, 32ul> >::operator()(std::array<unsigned char, 32ul>) Unexecuted instantiation: SecureUniqueDeleter<std::array<unsigned char, 96ul> >::operator()(std::array<unsigned char, 96ul>) Unexecuted instantiation: SecureUniqueDeleter<secp256k1_musig_secnonce>::operator()(secp256k1_musig_secnonce*)
60		};
61
62		template<typename T>
63		using secure_unique_ptr = std::unique_ptr<T, SecureUniqueDeleter<T>>;
64
65		template<typename T, typename... Args>
66		secure_unique_ptr<T> make_secure_unique(Args&&... as)
67	0	{
68	0	T* p = secure_allocator<T>().allocate(1);
69
70		// initialize in place, and return as secure_unique_ptr
71	0	try {
72	0	return secure_unique_ptr<T>(new (p) T(std::forward<Args>(as)...));
73	0	} catch (...) {
74	0	secure_allocator<T>().deallocate(p, 1);
75	0	throw;
76	0	}
77	0	} Unexecuted instantiation: std::unique_ptr<std::array<unsigned char, 32ul>, SecureUniqueDeleter<std::array<unsigned char, 32ul> > > make_secure_unique<std::array<unsigned char, 32ul> >() Unexecuted instantiation: std::unique_ptr<std::array<unsigned char, 96ul>, SecureUniqueDeleter<std::array<unsigned char, 96ul> > > make_secure_unique<std::array<unsigned char, 96ul> >() Unexecuted instantiation: std::unique_ptr<secp256k1_musig_secnonce, SecureUniqueDeleter<secp256k1_musig_secnonce> > make_secure_unique<secp256k1_musig_secnonce>()
78
79		#endif // BITCOIN_SUPPORT_ALLOCATORS_SECURE_H

Bitcoin Core Fuzz Coverage Report

Coverage Report

Created: 2026-03-24 13:57