Commit graph

1540 commits

Author SHA1 Message Date
Pieter Wuille
9aa459b294 assertion in CBlock::SetBestChainInner was too strong 2012-03-20 16:41:36 +01:00
Matt Corallo
ecf07f2729 Limit getheaders to a hard 2000.
Previously getheaders would return any number of headers up to
2000 + the distance the locator parameter was back (which is up to
~ the number of items in the locator ^ 2).

The only client I was able to find which actually handles the headers
message is BitcoinJ, and it clearly expects no more than 2000 headers
See:
http://code.google.com/p/bitcoinj/source/browse/core/src/main/java/com/google/bitcoin/core/HeadersMessage.java#35

Additionally, the wiki clearly states that getheaders will only ever
return 2000 headers: https://en.bitcoin.it/wiki/Network#Messages
2012-03-19 00:13:15 -04:00
Pieter Wuille
d68dcf741e Limit the impact of reorganisations on the database
Sometimes a new block arrives in a new chain that was already the
best valid one, but wasn't marked that way. This happens for example
when network rules change to recover after a fork.

In this case, it is not necessary to do the entire reorganisation
inside a single db commit. These can become huge, and exceed the
objects/lockers limits in bdb. This patch limits the blocks the
actual reorganisation is applied to, and adds the next blocks
afterwards in separate db transactions.
2012-03-12 20:31:56 +01:00
Pieter Wuille
a206b0ea12 Do not allow overwriting unspent transactions (BIP 30)
Introduce the following network rule:
 * a block is not valid if it contains a transaction whose hash
   already exists in the block chain, unless all that transaction's
   outputs were already spent before said block.

Warning: this is effectively a network rule change, with potential
risk for forking the block chain. Leaving this unfixed carries the
same risk however, for attackers that can cause a reorganisation
in part of the network.

Thanks to Russell O'Connor and Ben Reeves.
2012-03-03 18:26:36 +01:00
Gavin Andresen
142e604184 DoS fix for mapOrphanTransactions 2012-02-29 11:46:46 -05:00
Michael Ford
27adfb2e0c "February" 2012-02-28 20:31:56 +08:00
Gavin Andresen
21503e4556 Merge branch 'nodosbip16' of https://github.com/sipa/bitcoin 2012-02-27 15:47:27 -05:00
Gavin Andresen
972060ce0e bitcoind changes to stop storing settings in wallet.dat. 2012-02-26 23:21:33 +01:00
Pieter Wuille
db9f2e0117 Do not invoke anti-DoS system for invalid BIP16 transactions
Doing so would allow an attack on old nodes, which would relay a
standard transaction spending a BIP16 output in an invalid way,
until reaching a new node, which will disconnect their peer.

Reported by makomk on IRC.
2012-02-25 19:05:50 +01:00
Pieter Wuille
5fee401fe1 CAddrMan: stochastic address manager
Design goals:
 * Only keep a limited number of addresses around, so that addr.dat does not grow without bound.
 * Keep the address tables in-memory, and occasionally write the table to addr.dat.
 * Make sure no (localized) attacker can fill the entire table with his nodes/addresses.

See comments in addrman.h for more detailed information.
2012-02-24 13:41:04 +01:00
Gavin Andresen
6fe8c45375 Merge branch 'fixnullpfrom' of https://github.com/sipa/bitcoin 2012-02-22 11:25:08 -05:00
Gavin Andresen
e7e6ae2104 Merge branch 'postfeb20' of https://github.com/sipa/bitcoin 2012-02-22 11:06:44 -05:00
Gavin Andresen
8c7358e1dd Merge branch 'reorginfo' of https://github.com/sipa/bitcoin 2012-02-22 11:03:19 -05:00
Luke Dashjr
c170d03e03 Bugfix: Instead of reporting "bitcoin-qt" for both bitcoind and Bitcoin-Qt, report "Satoshi" which is at least correct 2012-02-22 10:36:19 -05:00
Pieter Wuille
18c0fa97d0 Post-feb20 simplifications
Now the entire network upgraded to (initial) protocol version 209,
crtainl simplifications in the source code are possible.
2012-02-21 20:46:39 +01:00
Pieter Wuille
73aa0421a7 ProcessBlock is sometimes called with pfrom==NULL 2012-02-20 22:35:08 +01:00
Pieter Wuille
ceaa13eff2 Report number of (dis)connected blocks in reorganization
Also report old and new best, and fork point.
2012-02-19 20:06:04 +01:00
Gavin Andresen
0a6b081cca Merge branch 'testnetmining' of github.com:gavinandresen/bitcoin-git 2012-02-17 13:48:01 -05:00
Gavin Andresen
0f8cb5db73 Fix issue #848 : broken mining on testnet 2012-02-16 11:37:54 -05:00
Pieter Wuille
c59881eaee Symbolic names for threads
Introduce an enum threadId, and use symbolic indices when accessing
vnThreadsRunning.
2012-02-16 12:43:06 +01:00
Chris Moore
74f28bf1fd Fix #794. Only remove transactions from memory pool when they're actually in the memory pool. 2012-02-09 05:21:41 -08:00
Gavin Andresen
882164196e Update all copyrights to 2012 2012-02-07 11:28:30 -05:00
Gavin Andresen
0b452dff5e Merge branch 'standardScriptSigs' of github.com:gavinandresen/bitcoin-git 2012-02-07 09:04:56 -05:00
Gavin Andresen
7bf8b7c25c -bip16 option (default: 1) to support / not support BIP 16. And bumped default BIP16 switchover date from Feb 15 to Mar 1 2012-02-06 16:27:05 -05:00
Gregory Maxwell
5d1b8f1725 Avoid advertising the node's address when it is not listening or IsInitialBlockDownload().
This also avoids flushing setAddrKnown until 24 hours has passed,
and avoids contacting the external IP services when not listening.

Advertising non-listening nodes is just addr message spam.
It doesn't help the network, in fact it hurts the network,
and it also hurts user's privacy.

Advertising far out of sync nodes doesn't help the network—
they can't even forward (most) transactions and wastes nodes
outbound slots.
2012-02-01 18:08:03 -05:00
Gavin Andresen
c52296a73e Testnet difficulty calculation changes, to take effect Feb 15 2012
Allow mining of min-difficulty blocks if 20 minutes have gone by without mining a regular-difficulty block.
Normal rules apply every 2016 blocks, though, so there may be a very-slow-to-confirm block at the difficulty-adjustment blocks.
2012-01-31 13:20:01 -05:00
Gavin Andresen
68649bef93 CreateNewBlock was not adding in transaction fees. 2012-01-28 10:16:21 -05:00
Luke Dashjr
2bc4fd609c Bitcoin-Qt signmessage GUI (pull request #582) 2012-01-27 08:41:55 +01:00
Gavin Andresen
b6a35d2d52 Merge pull request #773 from gavinandresen/p2shSigOpCount
Simplify counting of P2SH sigops to match BIP 16
2012-01-25 05:21:20 -08:00
Gavin Andresen
b8056dc5d0 Merge branch 'bugfix_areinpstd' of https://github.com/luke-jr/bitcoin 2012-01-23 13:09:34 -05:00
Gavin Andresen
149f580c82 Only store transactions with missing inputs in the orphan pool.
All previous versions of bitcoin could store some types of
invalid transactions in the orphan-transaction list.
2012-01-23 12:54:32 -05:00
Luke Dashjr
575bdcde93 Sanitize AreInputsStandard slightly
Correct comment for why the check is unnecessary for coinbases
Move testnet check out, to AcceptToMemoryPool where everything else checks it
2012-01-20 21:00:08 -05:00
Gavin Andresen
137d0685a4 Simplify counting of P2SH sigops to match BIP 16 (thanks to Matt Corallo for prompting this).
This also removes an un-needed sigops-per-byte check when accepting transactions to the memory pool (un-needed assuming only standard transactions are being accepted). And it only counts P2SH sigops after the switchover date.
2012-01-20 17:07:40 -05:00
Gavin Andresen
39f0d96860 Make transactions with extra data in their scriptSig's non-standard. 2012-01-19 13:30:54 -05:00
Forrest Voight
52a3d2635c Separated COINBASE_FLAGS out into main.h and made RPC getmemorypool return it 2012-01-14 19:22:24 -05:00
Gavin Andresen
4063460534 Refactor: needing to call ConnectInputs to process coinbase transactions was counter-intuitive 2012-01-13 10:22:24 -05:00
Gavin Andresen
8d7849b6db Refactored ConnectInputs, so valid-transaction-checks are done before ECDSA-verifying signatures. 2012-01-13 10:22:24 -05:00
Gavin Andresen
922e8e2929 Replace OP_EVAL (BIP 12) with Pay-to-script-hash (BIP 16). 2012-01-13 10:22:23 -05:00
Luke Dashjr
340f0876ea collect more info on tx pooling and block finding for getmininginfo 2012-01-12 19:47:39 -05:00
Gavin Andresen
3f64fa1369 Merge pull request #743 from gavinandresen/blocknotify
-blocknotify : run a command when best-block changes
2012-01-12 06:31:25 -08:00
Pieter Wuille
67a42f929b Network stack refactor
This introduces CNetAddr and CService, respectively wrapping an
(IPv6) IP address and an IP+port combination. This functionality used
to be part of CAddress, which also contains network flags and
connection attempt information. These extra fields are however not
always necessary.

These classes, along with logic for creating connections and doing
name lookups, are moved to netbase.{h,cpp}, which does not depend on
headers.h.

Furthermore, CNetAddr is mostly IPv6-ready, though IPv6
functionality is not yet enabled for the application itself.
2012-01-06 18:55:37 +01:00
Gavin Andresen
d237f62c23 -blocknotify=command argument, implemented using system() and boost::thread 2012-01-03 15:48:59 -05:00
Gavin Andresen
61977f956c Check all prevout.n if one transaction provides multiple inputs 2011-12-25 10:32:05 -05:00
Gavin Andresen
60835d9627 assert condition in previous commit was backwards 2011-12-25 10:08:01 -05:00
Gavin Andresen
6996a9d713 Check for valid prevout.n in FetchInputs.
IsStandardInputs could crash if given invalid input index.
2011-12-25 08:45:09 -05:00
Gavin Andresen
fe358165e3 Be more conservative: check all transactions in blocks after last checkpoint. 2011-12-23 17:13:10 -05:00
Wladimir J. van der Laan
bde280b9a4 Revert "Use standard C99 (and Qt) types for 64-bit integers"
This reverts commit 21d9f36781.
2011-12-21 22:33:19 +01:00
Luke Dashjr
21d9f36781 Use standard C99 (and Qt) types for 64-bit integers 2011-12-20 16:52:59 -05:00
Gavin Andresen
781c06c0f5 Merge pull request #677 from luke-jr/minfee_modes
API: GetMinFee modes
2011-12-20 13:09:18 -08:00
Gavin Andresen
595925592d Merge branch 'op_eval' 2011-12-20 14:43:31 -05:00
Gavin Andresen
9ef7fa3447 Code cleanup: use ECDSA_size() instead of fixed 10,000 byte sig buffer, and explicity init static var 2011-12-19 19:10:34 -05:00
Gavin Andresen
26ce92b352 Use std::numeric_limits<> for typesafe INT_MAX/etc 2011-12-19 19:10:34 -05:00
Gavin Andresen
9e470585b3 Update bitcoin address numbers for latest luke-jr/sipa scheme 2011-12-19 13:24:51 -05:00
Gavin Andresen
2a45a494b0 Use block times for 'hard' OP_EVAL switchover, and refactored EvalScript
so it takes a flag for how to interpret OP_EVAL.
Also increased IsStandard size of scriptSigs to 500 bytes, so
a 3-of-3 multisig transaction IsStandard.
2011-12-19 13:24:48 -05:00
Gavin Andresen
d7062ef1bd Put OP_EVAL string in coinbase of generated blocks 2011-12-19 13:24:48 -05:00
Gavin Andresen
e679ec969c OP_EVAL implementation
OP_EVAL is a new opcode that evaluates an item on the stack as a script.
It enables a new type of bitcoin address that needs an arbitrarily
complex script to redeem.
2011-12-19 12:40:19 -05:00
Gavin Andresen
99a289f531 Merge pull request #574 from sipa/dumpprivkey
Dumpprivkey
2011-12-19 07:27:25 -08:00
Gavin Andresen
f8ded588a2 Implement BIP 14 : separate protocol version from client version 2011-12-19 10:24:23 -05:00
Pieter Wuille
30ab2c9c46 Preparations for key import/export 2011-12-17 21:49:48 +01:00
Luke Dashjr
dbbf1d4a48 GetMinFee takes a mode parameter (GMF_{BLOCK,RELAY,SEND}) instead of fForRelay 2011-12-14 01:07:43 -05:00
Luke Dashjr
a880b29cab Bugfix: fForRelay should be false when deciding required fee to include in blocks
During the rushed transition from 0.01 BTC to 0.0005 BTC fees, we took the
approach of dropping the relay and block-inclusion fee to 0.0005 BTC
immediately, and only delayed adjusting the sending fee for the next release.
Afterward, the relay fee was lowered to 0.0001 BTC to avoid having the same
problem in the future. However, the block inclusion code was left setting
fForRelay to true! This fixes that, so the lower 0.0001 BTC allowance is (as
intended) only permitted for real relaying.
2011-12-14 01:06:21 -05:00
Gavin Andresen
10fd7f6689 Orphan block fill-up-memory attack prevention 2011-12-01 13:53:38 -05:00
Gavin Andresen
eb5fff9e16 Moved checkpoints out of main, to prep for using them to help prevent DoS attacks 2011-12-01 12:18:50 -05:00
Pieter Wuille
d825e6a31b Some extra comments 2011-11-07 00:11:34 +01:00
Gavin Andresen
32ebde4612 Merge pull request #564 from luke-jr/optimize_remove_CheckWork_delay
Remove 2 second sleep from CheckWork
2011-10-06 07:54:50 -07:00
Gavin Andresen
b898c8fce6 Merge branch 'no-cryptopp' of https://github.com/tcatm/bitcoin 2011-10-05 10:38:10 -04:00
David Joel Schwartz
514b18722a Remove 2 second sleep from CheckWork 2011-10-04 00:04:43 -04:00
Forrest Voight
074d584a04 Added RPC call 'getmemorypool' that provides everything needed to construct a block with a custom generation transaction and submit a solution
getmemorypool [data]
If [data] is not specified, returns data needed to construct a block to work on:
  "version" : block version
  "previousblockhash" : hash of current highest block
  "transactions" : contents of non-coinbase transactions that should be included in the next block
  "coinbasevalue" : maximum allowable input to coinbase transaction, including the generation award and transaction fees
  "time" : timestamp appropriate for next block
  "bits" : compressed target of next block
If [data] is specified, tries to solve the block and returns true if it was successful.
2011-10-01 14:42:54 -04:00
Nils Schneider
6ccff2cbde remove cryptopp dependency, add simple unittest for SHA256Transform() 2011-09-30 20:00:22 +02:00
Wladimir J. van der Laan
002a4dcad0 Merge branch 'master' of https://github.com/bitcoin/bitcoin
Conflicts:
	.gitignore (used upstream version)
	bitcoin-qt.pro
2011-09-28 21:52:32 +02:00
Wladimir J. van der Laan
a8b95ce6ed use median filter for peer-reported reported number of blocks
- fixes problem that one misconfigured or malicious node can mess up progress bar
- implementation in src/util.h
- testcase in src/test/util_tests.cpp
2011-09-28 21:35:58 +02:00
Gavin Andresen
a8c108bca1 Remove DoS penalty for SigOpCount or immature transactions 2011-09-27 11:19:57 -04:00
Gavin Andresen
b14bd4df58 Skip verifying transaction signatures during initial block-chain download 2011-09-26 09:20:22 -04:00
Gavin Andresen
17e2c24645 Merge pull request #517 from gavinandresen/DoSprevention
Denial-of-service prevention
2011-09-26 06:06:16 -07:00
Gavin Andresen
f7f2a36925 Merge pull request #521 from laanwj/qt
Qt GUI
2011-09-26 06:05:11 -07:00
Wladimir J. van der Laan
0961c2fc0d Merge branch 'master' of https://github.com/bitcoin/bitcoin 2011-09-23 13:42:04 +02:00
Gavin Andresen
806704c237 More denial-of-service misbehavior detection: version/addr/inv/getdata messages 2011-09-21 12:50:13 -04:00
Gavin Andresen
3e52aaf212 Transaction/Block denial-of-service detection/response 2011-09-21 12:50:12 -04:00
Nils Schneider
59090133c0 log low-level network messages only when fDebug is set 2011-09-17 18:29:41 +02:00
Wladimir J. van der Laan
5dd7318db7 Merge branch 'master' of https://github.com/bitcoin/bitcoin 2011-09-16 06:55:47 +02:00
Wladimir J. van der Laan
d33cc2b5e3 clarify function signature (GetNumBlocksOfPeers) and use number of 'frozen' blocks as initial value for number of peer blocks 2011-09-11 10:49:30 +02:00
Wladimir J. van der Laan
a0d2f9a12d Merge branch 'master' of https://github.com/bitcoin/bitcoin
Conflicts:
	.gitignore
2011-09-07 18:57:11 +02:00
Gavin Andresen
5a3dea451d Merge branch 'unique_coinbase' of git://gitorious.org/~Luke-Jr/bitcoin/luke-jr-bitcoin into unique_coinbase 2011-09-07 10:51:57 -04:00
Luke Dashjr
83f4cd156e Bugfix: Use timestamp in coinbase rather than "bits", needed to ensure coinbase txn is unique even if address is the same 2011-09-06 16:43:40 -04:00
Luke Dashjr
b760e25458 Merge branch 'getwork_dedupe' into unique_coinbase 2011-09-06 16:43:32 -04:00
Gavin Andresen
e077cce617 Optimize database writes for transactions with lots of TxIns.
Patch from ArtForz, who discovered the problem.
2011-09-05 14:33:07 -04:00
Wladimir J. van der Laan
0a70a3f4d8 Merge branch 'master' of https://github.com/bitcoin/bitcoin 2011-09-03 09:09:34 +02:00
Gavin Andresen
ec74e8a443 Versions 0.3.20 THROUGH 0.3.23 have trouble with blockchain downloads; avoid them 2011-09-02 12:56:10 -04:00
Wladimir J. van der Laan
c5aa1b139a update to work with new lock system, add protocol.* to build system 2011-09-02 18:02:22 +02:00
Gavin Andresen
fb45259967 Do not try to download blockchain from 0.3.23 nodes 2011-09-02 12:00:01 -04:00
Wladimir J. van der Laan
7a15d4ff67 Merge branch 'master' of https://github.com/bitcoin/bitcoin
Conflicts:
	src/main.cpp
2011-09-02 17:35:30 +02:00
Gavin Andresen
783c636c73 Merge pull request #467 from gavinandresen/keypoolzero
Logic running with -keypool=0 was wrong (empty keys were being returned).
2011-09-01 12:01:29 -07:00
Gavin Andresen
dd7868364d Merge branch 'code-cleanup' of git://github.com/muggenhor/bitcoin 2011-09-01 11:52:07 -04:00
Gavin Andresen
7db3b75b3e Logic running with -keypool=0 was wrong (empty keys were being returned). Fixes #445
Renames GetOrReuseKeyFromKeyPool to GetKeyFromPool, with fAllowReuse arg and bool result.
2011-09-01 10:12:59 -04:00
Gavin Andresen
f662cefd85 Merge pull request #470 from fabianhjr/master
Checkpoints
2011-09-01 06:58:14 -07:00
Gavin Andresen
6cc4a62c0e Fix rpc-hanging deadlocks
Collapsed multiple wallet mutexes to a single cs_wallet, to avoid deadlocks with wallet methods that acquired locks in different order.
Also change master RPC call handler to acquire cs_main and cs_wallet locks before executing RPC calls; requiring each RPC call to acquire the right set of locks in the right order was too error-prone.
2011-08-31 12:55:16 -04:00
Wladimir J. van der Laan
adce862c27 Merge branch 'master' of https://github.com/bitcoin/bitcoin 2011-08-22 14:43:37 +02:00
Giel van Schijndel
99860de3c9 Make some global variables less-global (static)
Explicitly make these global variables less-global to reduce the maximum
scope of this global state.

In my experience global variables tend to be a major source of bugs. As
such the less accessible they are the less likely they are to be the
source of a bug.

Signed-off-by: Giel van Schijndel <me@mortis.eu>
2011-08-19 07:24:37 +02:00
Gavin Andresen
c7286112ef Remove unused ScanMessageStart function 2011-08-16 11:20:56 -04:00
Wladimir J. van der Laan
b90c9ecb13 Merge branch 'master' of https://github.com/bitcoin/bitcoin 2011-08-16 10:28:24 +02:00
Fabian H jr.
d0d9486f44 Updated checkpoints, maybe Tx fee should be reduced to 0.0001 from 0.0005 and maximum minimum tx should be 0.0010. 2011-08-15 21:33:00 -03:00
Gavin Andresen
498a2c9b16 Merge pull request #458 from TheBlueMatt/copyright
Unify copyright notices.
2011-08-11 10:34:29 -07:00
Wladimir J. van der Laan
0a76546ae9 Merge branch 'master' of https://github.com/bitcoin/bitcoin 2011-08-11 10:17:21 +02:00
Gavin Andresen
c648b589be Merge pull request #459 from jgarzik/char-msgstart
Use 'unsigned char' rather than 'char' for pchMessageStart.
2011-08-10 20:01:37 -07:00
Venkatesh Srinivas
25133bd74b Use 'unsigned char' rather than 'char' for pchMessageStart.
Regarding https://bitcointalk.org/index.php?topic=28022.0

main.cpp has: "char pchMessageStart[4] = { 0xf9, 0xbe, 0xb4, 0xd9 };"
Per discussion on the thread linked, leaving the signedness of
pchMessageStart is unsafe for values > 0x80. This patch specifies
'unsigned char' in main.cpp and net.h.

Signed-off-by: Jeff Garzik <jgarzik@pobox.com>
2011-08-10 22:42:43 -04:00
Matt Corallo
b2120e223a Unify copyright notices.
To a variation on:
// Copyright (c) 2009-2010 Satoshi Nakamoto
// Copyright (c) 2011 The Bitcoin developers
2011-08-09 13:32:52 +02:00
Matt Corallo
33208fb557 Check for duplicate txins in CheckTransaction. 2011-07-31 14:20:10 +02:00
Wladimir J. van der Laan
491ad6db50 Merge remote branch 'upstream/master'
Conflicts:
	src/bitcoinrpc.cpp
2011-07-26 16:47:23 +02:00
Jeff Garzik
a9ba47101a Merge pull request #403 from sipa/cbitcoinaddress
keys indexed by address + introduced CBitcoinaddress
2011-07-24 15:38:38 -07:00
Wladimir J. van der Laan
7beada58cd Merge branch 'master' of https://github.com/bitcoin/bitcoin 2011-07-22 21:41:24 +02:00
Matt Corallo
643160f6e7 Actually use mapAlreadyAskedFor.
Previously, mapAlreadyAskedFor was read from, but never added to.
The original intent was to use mapAlreadyAskedFor to keep track
of the time an item was requested and "Each retry is 2 minutes
after the last".
This implements that intent.
2011-07-21 22:06:20 +02:00
Wladimir J. van der Laan
5df0b03c95 make initial block download reporting somewhat better by tracking version responses 2011-07-17 14:17:13 +02:00
Pieter Wuille
03fbd79049 get rid of mapPubKeys
Make CKeyStore's interface work on uint160's instead of pubkeys, so
no separate global mapPubKeys is necessary anymore.
2011-07-17 12:07:59 +02:00
Patrick Varilly
8c41469140 Single DB transaction for all addresses in a message
Cuts disk activity at startup immensely
2011-07-14 03:29:07 +02:00
Giel van Schijndel
ecf1c79aad fix warnings: expression result unused [-Wunused-value]
In the assert()s take advantage of the fact that string constants
("string") are effectively of type 'const char []', which when used in
an expression yield a non-NULL pointer.

An assertion that should always fail can thus be formulated as:
  assert(!"fail);

An assertion where a text message should be added to the expression can
be written as such:
  assert("message" && expression);

Signed-off-by: Giel van Schijndel <me@mortis.eu>
2011-07-13 05:07:44 +02:00
Matt Corallo
7414733bea Make an invalid addrIncoming so that old clients crash.
This prevents old clients from opening, and thus corrupting
or otherwise causing harm to encrypted wallets.
2011-07-13 02:11:25 +02:00
Matt Corallo
4e87d341f7 Add wallet privkey encryption.
This commit adds support for ckeys, or enCrypted private keys, to the wallet.
All keys are stored in memory in their encrypted form and thus the passphrase
is required from the user to spend coins, or to create new addresses.

Keys are encrypted with AES-256-CBC using OpenSSL's EVP library. The key is
calculated via EVP_BytesToKey using SHA512 with (by default) 25000 rounds and
a random salt.

By default, the user's wallet remains unencrypted until they call the RPC
command encryptwallet <passphrase> or, from the GUI menu, Options->
Encrypt Wallet.

When the user is attempting to call RPC functions which require the password
to unlock the wallet, an error will be returned unless they call
walletpassphrase <passphrase> <time to keep key in memory> first.

A keypoolrefill command has been added which tops up the users keypool
(requiring the passphrase via walletpassphrase first).
keypoolsize has been added to the output of getinfo to show the user the
number of keys left before they need to specify their passphrase (and call
keypoolrefill).

Note that walletpassphrase will automatically fill keypool in a separate
thread which it spawns when the passphrase is set. This could cause some
delays in other threads waiting for locks on the wallet passphrase, including
one which could cause the passphrase to be stored longer than expected,
however it will not allow the passphrase to be used longer than expected as
ThreadCleanWalletPassphrase will attempt to get a lock on the key as soon
as the specified lock time has arrived.

When the keypool runs out (and wallet is locked) GetOrReuseKeyFromPool
returns vchDefaultKey, meaning miners may start to generate many blocks to
vchDefaultKey instead of a new key each time.

A walletpassphrasechange <oldpassphrase> <newpassphrase> has been added to
allow the user to change their password via RPC.

Whenever keying material (unencrypted private keys, the user's passphrase,
the wallet's AES key) is stored unencrypted in memory, any reasonable attempt
is made to mlock/VirtualLock that memory before storing the keying material.
This is not true in several (commented) cases where mlock/VirtualLocking the
memory is not possible.

Although encryption of private keys in memory can be very useful on desktop
systems (as some small amount of protection against stupid viruses), on an
RPC server, the password is entered fairly insecurely. Thus, the only main
advantage encryption has for RPC servers is for RPC servers that do not spend
coins, except in rare cases, eg. a webserver of a merchant which only receives
payment except for cases of manual intervention.

Thanks to jgarzik for the original patch and sipa, gmaxwell and many others
for all their input.

Conflicts:

	src/wallet.cpp
2011-07-13 02:11:25 +02:00
Gavin Andresen
d547a44332 Block-chain lock-in at 134444 2011-07-03 11:20:39 -04:00
Pieter Wuille
4973174534 Limit response to getblocks to half of output buffer size
Introduce SendBufferSize() and ReceiveBufferSize(), and limit
the blocks sent as response to the "getblocks" message to
half of the active send buffer size.
2011-07-01 09:39:44 +02:00
Gavin Andresen
c774b16976 Merge branch 'totalblocksestimate1' of https://github.com/laanwj/bitcoin 2011-06-24 11:17:22 -04:00
Shane Wegner
926e14b362 Fix missing includes needed for Boost 1.46. 2011-06-19 15:12:31 -07:00
Wladimir J. van der Laan
eade213197 add GetTotalBlocksEstimate() function, move magic number to constant 2011-06-19 00:12:02 +02:00
Pieter Wuille
64c7ee7e6b CWallet class
* A new class CKeyStore manages private keys, and script.cpp depends on access to CKeyStore.
* A new class CWallet extends CKeyStore, and contains all former wallet-specific globals; CWallet depends on script.cpp, not the other way around.
* Wallet-specific functions in CTransaction/CTxIn/CTxOut (GetDebit, GetCredit, GetChange, IsMine, IsFromMe), are moved to CWallet, taking their former 'this' argument as an explicit parameter
* CWalletTx objects know which CWallet they belong to, for convenience, so they have their own direct (and caching) GetDebit/... functions.
* Some code was moved from CWalletDB to CWallet, such as handling of reserve keys.
* Main.cpp keeps a set of all 'registered' wallets, which should be informed about updates to the block chain, and does not have any notion about any 'main' wallet. Function in main.cpp that require a wallet (such as GenerateCoins), take an explicit CWallet* argument.
* The actual CWallet instance used by the application is defined in init.cpp as "CWallet* pwalletMain". rpc.cpp and ui.cpp use this variable.
* Functions in main.cpp and db.cpp that are not used by other modules are marked static.
* The code for handling the 'submitorder' message is removed, as it not really compatible with the idea that a node is independent from the wallet(s) connected to it, and obsolete anyway.
2011-06-15 11:05:55 +02:00
Pieter Wuille
e89b9f6a2a move wallet code to separate file
This introduces two new source files, keystore.cpp and wallet.cpp with
corresponding headers. Code is moved from main and db, in a preparation
for a follow-up commit which introduces the classes CWallet and CKeyStore.
2011-06-15 11:05:55 +02:00
Jeff Garzik
19ea44208f Merge pull request #226 from jordanlewis/betterheaders
Optimize header dependencies; improve Makefile dependency graph
2011-06-14 02:05:57 -07:00
Jeff Garzik
09d1484b22 Merge pull request #264 from sipa/mintxfeefix
Fix for small change outputs
2011-06-05 07:32:58 -07:00
Jeff Garzik
7a234cdae5 Merge pull request #255 from sipa/rescanupdate
Update transactions already in the wallet when rescanning.
2011-06-05 07:30:47 -07:00
Pieter Wuille
12a1256c1d bugfix: accept free transactions 2011-05-28 16:43:49 +02:00
Pieter Wuille
2bfda1be11 Separate required fee for relaying and creation
Transactions created with the new minimal fee policy would not be
relayed by the network. Therefore, we separate the minimal fee that
is necessary to relay and to create, leaving the creation one at
the old amount, for now.
2011-05-26 00:54:58 +02:00
Pieter Wuille
ca253d5911 Fix for small change outputs
With the separation of CENT and MIN_TX_FEE, it is now reasonable
to create change outputs between 0.01 and 0.0005, as these are
spendable according to the policy, even though they require a fee
to be paid.

Also, when enough fee was already present, everything can go into
a change output, without further increasing the fee.
2011-05-25 21:30:14 +02:00
Pieter Wuille
1c528eeee9 Update transactions already in the wallet when rescanning.
When rescanning, if the scanned transaction is already in the wallet, it
is skipped. However, if someone sends a transaction, does not wait for
confirmation, switches wallets, waits for a block that contains his original
transaction, and switches wallets again, a rescan will leave his wallet
transaction (which has no merkle branch, so no confirmations) untouched.
2011-05-22 17:12:20 +02:00
Jordan Lewis
31f2931281 Only include certain boost headers if necessary. 2011-05-17 18:58:47 -05:00
Jordan Lewis
edd309e537 Only include init.h when we have to 2011-05-15 22:23:37 -05:00
Jordan Lewis
40c2614ef4 Only include net.h when we have to 2011-05-15 22:19:17 -05:00
Jordan Lewis
1512d5ce64 Only include db.h when we have to. 2011-05-15 22:19:16 -05:00
Wladimir J. van der Laan
223b6f1ba4 make bitcoin include files more modular 2011-05-15 12:04:20 +02:00
Daniel Holbert
5d1d69453a Add #ifdef USE_UPNP around usage of fUseUPnP to fix build failure. 2011-05-12 23:30:27 +02:00
Jeff Garzik
a630da6400 Replace CENT with new constant MIN_TX_FEE, where appropriate.
MIN_TX_FEE==CENT remains true (until next commit).
2011-05-11 16:48:51 -04:00
Jeff Garzik
b17be7e14b Manual merge of jaromil's source tree reorg commit.
Conflicts:
	src/sha256.cpp
2011-05-09 14:00:14 -04:00
Jaromil
84c3fb07b0 directory re-organization (keeps the old build system)
there is no internal modification of any file in this commit

files are moved into directories according to established standards in
sourcecode distribution; these directories contain:

 src - Files that are used in constructing the executable binaries,
       but are not installed.

 doc - Files in HTML and text format that document usage, quirks of
       the implementation, and contributor checklists.

 locale - Files that contain human language translation of strings
          used in the program

 contrib - Files contributed from distributions or other third party
 	   implementing scripts and auxiliary programs
2011-04-23 12:10:25 +02:00
Renamed from main.cpp (Browse further)