Commit graph

1499 commits

Author SHA1 Message Date
Wladimir J. van der Laan
63f8b0128b
Merge #13917: Additional safety checks in PSBT signer
5df6f089b5 More tests of signer checks (Andrew Chow)
7c8bffdc24 Test that a non-witness script as witness utxo is not signed (Andrew Chow)
8254e9950f Additional sanity checks in SignPSBTInput (Pieter Wuille)
c05712cb59 Only wipe wrong UTXO type data if overwritten by wallet (Pieter Wuille)

Pull request description:

  The current PSBT signing code can end up producing a non-segwit signature, while only the UTXO being spent is provided in the PSBT (as opposed to the entire transaction being spent). This may be used to trick a user to incorrectly decide a transaction has the semantics he intends to sign.

  Fix this by refusing to sign if there is any mismatch between the provided data and what is being signed.

Tree-SHA512: b55790d79d8166e05513fc4c603a982a33710e79dc3c045060cddac6b48a1be3a28ebf8db63f988b6567b15dd27fd09bbaf48846e323c8635376ac20178956f4
2018-08-14 18:01:02 +02:00
Gregory Sanders
321159e53e don't report minversion wallet entry as unknown 2018-08-14 11:34:27 -04:00
Carl Dong
16bcc1b823 Remove unused dummy_tx variable from FillPSBT 2018-08-13 18:45:26 -07:00
Pieter Wuille
917353c8b0 Make SignPSBTInput operate on a private SignatureData object 2018-08-13 08:46:23 -07:00
Pieter Wuille
cad5dd2368 Pass HD path data through SignatureData 2018-08-13 08:46:23 -07:00
Pieter Wuille
03a99586a3 Implement key origin lookup in CWallet 2018-08-13 08:46:23 -07:00
Pieter Wuille
3b01efa0d1 [MOVEONLY] Move ParseHDKeypath to utilstrencodings 2018-08-13 08:46:23 -07:00
Pieter Wuille
81e1dd5ce1 Generalize PublicOnlySigningProvider into HidingSigningProvider 2018-08-13 08:46:23 -07:00
Pieter Wuille
611ab307fb Introduce KeyOriginInfo for fingerprint + path 2018-08-13 08:46:23 -07:00
Pieter Wuille
c05712cb59 Only wipe wrong UTXO type data if overwritten by wallet 2018-08-13 08:21:16 -07:00
MarcoFalke
3bd25c010c
Merge #13899: build: Enable -Wredundant-decls where available. Remove redundant redeclarations.
d56b73f217 Remove redundant extern (practicalswift)
f04bb1361c Enable -Wredundant-decls (gcc) if available (practicalswift)
a9e90e5002 Remove redundant redeclaration of rescanblockchain(...) in same scope (practicalswift)

Pull request description:

  Remove redundant redeclaration of `rescanblockchain` and enable `-Wredundant-decls` (gcc) where available to avoid accidental redundant redeclarations.

  ```
   CXX      wallet/libbitcoin_wallet_a-rpcwallet.o
  wallet/rpcwallet.cpp:4764:17: warning: redundant redeclaration of ‘UniValue rescanblockchain(const JSONRPCRequest&)’ in same scope [-Wredundant-decls]
   extern UniValue rescanblockchain(const JSONRPCRequest& request);
                   ^~~~~~~~~~~~~~~~
  wallet/rpcwallet.cpp:3929:10: note: previous declaration of ‘UniValue rescanblockchain(const JSONRPCRequest&)’
   UniValue rescanblockchain(const JSONRPCRequest& request)
            ^~~~~~~~~~~~~~~~
  ```

Tree-SHA512: b9af95fa53f494c3f6702e485956b66b042d2ff7578b4a53bf28e91aa844cdcf5d7ac3e2e710948eed566007324e81317304b8eabf2d4ea284cd6acd77f8ffcd
2018-08-13 09:55:35 -04:00
Wladimir J. van der Laan
2115cba9c6
Merge #13666: Always create signatures with Low R values
e306be7429 Use 72 byte dummy signatures when watching only inputs may be used (Andrew Chow)
48b1473c89 Use 71 byte signature for DUMMY_SIGNATURE_CREATOR (Andrew Chow)
18dfea0dd0 Always create 70 byte signatures with low R values (Andrew Chow)

Pull request description:

  When creating signatures for transactions, always make one which has a 32 byte or smaller R and 32 byte or smaller S value. This results in signatures that are always less than 71 bytes (32 byte R + 32 byte S + 6 bytes DER + 1 byte sighash) with low R values. In most cases, the signature will be 71 bytes.

  Because R is not mutable in the same way that S is, a low R value can only be found by trying different nonces. RFC 6979 for deterministic nonce generation has the option to specify additional entropy, so we simply use that and add a uin32_t counter which we increment in order to try different nonces. Nonces are sill deterministically generated as the nonce used will the be the first one where the counter results in a nonce that results in a low R value. Because different nonces need to be tried, time to produce a signature does increase. On average, it takes twice as long to make a signature as two signatures need to be created, on average, to find one with a low R.

  Having a fixed size signature makes size calculations easier and also saves half a byte of transaction size, on average.

  DUMMY_SIGNATURE_CREATOR has been modified to produce 71 byte dummy signatures instead of 72 byte signatures.

Tree-SHA512: 3cd791505126ce92da7c631856a97ba0b59e87d9c132feff6e0eef1dc47768e81fbb38bfbe970371bedf9714b7f61a13a5fe9f30f962c81734092a4d19a4ef33
2018-08-13 12:07:20 +02:00
Wladimir J. van der Laan
13d51a2b61
Merge #13808: wallet: shuffle coins before grouping, where warranted
18f690ec2f wallet: shuffle coins before grouping, where warranted (Karl-Johan Alm)

Pull request description:

  Coins are randomly shuffled in coin selection to avoid unintentional privacy leaks regarding the user's coin set. For the case where a user has a lot of coins with the same destination, these will be grouped into groups of 10 *before* the shuffling.

  It is unclear whether this has any implications at all, but this PR plugs the potential issue, if there ever is one, by shuffling the coins before they are grouped.

  Issue brought up in https://github.com/bitcoin/bitcoin/pull/12257#discussion_r204554549

Tree-SHA512: fb50ed4b5fc03ab4853d45b76e1c64476ad5bcd797497179bc37b9262885c974ed6811159fd8e581f1461b6cc6d0a66146f4b70a2777c0f5e818d1322e0edb89
2018-08-13 11:36:39 +02:00
MarcoFalke
d6faea4f91
Merge #13908: [Docs] upgrade rescan time warning from minutes to >1 hour
bb5b1c0b2d [Docs] upgrade rescan time warning from minutes to >1 hour (Mason Simon)

Pull request description:

  When I rescanned just now it took well over an hour. The time warning "may take minutes" didn't prepare me for that.

  ```
  2018-08-08T03:10:17Z [wallet] Still rescanning. At block 174747. Progress=0.008341
  2018-08-08T03:11:17Z [wallet] Still rescanning. At block 204233. Progress=0.024533
  2018-08-08T03:12:17Z [wallet] Still rescanning. At block 221170. Progress=0.038340
  ...
  2018-08-08T04:16:17Z [wallet] Still rescanning. At block 524815. Progress=0.957105
  2018-08-08T04:17:17Z [wallet] Still rescanning. At block 528572. Progress=0.971323
  2018-08-08T04:18:17Z [wallet] Still rescanning. At block 532458. Progress=0.986824
  ```

  This is on a 4-core 4ghz system with a 7200rpm drive.

Tree-SHA512: 722ccf566bfd6a3381fa173e08849cb676fe4c1f1cb2c4b86b07df2a5dc1ca0d54797cbe8fd606cdc2c60fef2be7c98e052460decdac2132ba759cff822132e8
2018-08-10 21:36:18 -04:00
lucash.dev@gmail.com
a679109be4 Speed up knapsack_solver_test by not recreating wallet 100 times.
Moved the code for creating the wallet out of the 100-times repetition loop, for the most time-consuming tests.
2018-08-10 18:33:47 -07:00
Andrew Chow
e306be7429 Use 72 byte dummy signatures when watching only inputs may be used
With watching only inputs, we do not know how large the signatures
for those inputs will be as their signers may not have implemented
71 byte signatures. Thus we estimate their fees using the 72 byte
dummy signature to ensure that we pay enough fees.

This only effects fundrawtransaction when includeWatching is true.
2018-08-09 18:39:56 -07:00
Andrew Chow
48b1473c89 Use 71 byte signature for DUMMY_SIGNATURE_CREATOR
Changes DUMMY_SIGNATURE_CREATOR to create 71 byte dummy signatures.

Update comments to reflect this change
2018-08-09 18:39:56 -07:00
Karl-Johan Alm
18f690ec2f
wallet: shuffle coins before grouping, where warranted
Issue brought up in https://github.com/bitcoin/bitcoin/pull/12257\#discussion_r204554549
2018-08-10 09:08:11 +09:00
Andrew Chow
c1dde3a949 No longer shutdown after encrypting the wallet
Since the database environment is flushed, closed, and reopened during
EncryptWallet, there is no need to shut down the software anymore.
2018-08-09 11:28:33 -07:00
Andrew Chow
d7637c5a3f After encrypting the wallet, reload the database environment
Calls ReloadDbEnv after encrypting the wallet so that the database
environment is flushed, closed, and reopened to prevent unencrypted
keys from being saved on disk.
2018-08-09 11:27:39 -07:00
Andrew Chow
5d296ac810 Add function to close all Db's and reload the databae environment
Adds a ReloadDbEnv function to BerkeleyEnvironment in order to close all Db
instances, closes the environment, resets it, and then reopens
the BerkeleyEnvironment.

Also adds a ReloadDbEnv function to BerkeleyDatabase that calls
BerkeleyEnvironment's ReloadDbEnv.
2018-08-09 11:27:39 -07:00
Andrew Chow
a769461d5e Move BerkeleyEnvironment deletion from internal method to callsite
Instead of having the object destroy itself, having the caller
destroy it.
2018-08-09 11:27:39 -07:00
Daniel Kraft
227d27e70c Use pushKV in some new PSBT RPCs.
Most of the code uses UniValue::pushKV where appropriate, but some new
RPC code related to PSBTs did not.
2018-08-09 18:08:45 +02:00
MarcoFalke
3e3a50aeb8
Merge #13911: doc: Revert translated string change, clarify wallet log messages
c4a884d555 Trivial: Revert translated string change, clarify wallet log messages (Pierre Rochard)

Pull request description:

  Fixes https://github.com/bitcoin/bitcoin/pull/12992 post-merge nits from @jnewbery

Tree-SHA512: 002d8a69b489fd216e15b7d6200d7117c489b32405d5e9f514f120d43113fd97ca2f235452b0093e0760bc03baf714edc4564ae14af8456e1b2a54f83c577bf3
2018-08-09 08:11:17 -04:00
MarcoFalke
8eb9870052
Merge #13876: wallet: Catch filesystem_error and raise InitError
fa8527ffec wallet: Catch filesystem_error and raise InitError (MarcoFalke)

Pull request description:

  Fixes #13754 by restoring the previous behaviour

Tree-SHA512: f64052e89f6b332be395df2a5ea6f227c213fa2f38e415e83f30a4fad0938e947e5cddff7902368a43c07be135955a31b90f7eac5a46875c58d54ea95f87f6e6
2018-08-09 08:03:23 -04:00
practicalswift
0e534d4dca Fix incorrect Doxygen comments 2018-08-08 22:14:45 +02:00
Pierre Rochard
c4a884d555 Trivial: Revert translated string change, clarify wallet log messages 2018-08-08 11:00:55 -04:00
Wladimir J. van der Laan
78dae8cacc
Merge #13780: 0.17: Pre-branch maintenance
3fc20632a3 qt: Set BLOCK_CHAIN_SIZE = 220 (DrahtBot)
2b6a2f4a28 Regenerate manpages (DrahtBot)
eb7daf4d60 Update copyright headers to 2018 (DrahtBot)

Pull request description:

  Some trivial maintenance to avoid having to do it again after the 0.17 branch off.

  (The scripts to do this are in `./contrib/`)

Tree-SHA512: 16b2af45e0351b1c691c5311d48025dc6828079e98c2aa2e600dc5910ee8aa01858ca6c356538150dc46fe14c8819ed8ec8e4ec9a0f682b9950dd41bc50518fa
2018-08-08 13:55:27 +02:00
Mason Simon
bb5b1c0b2d [Docs] upgrade rescan time warning from minutes to >1 hour 2018-08-07 22:39:34 -07:00
Wladimir J. van der Laan
9d86aad287
Merge #13812: wallet: sum ancestors rather than taking max in output groups
23fbbb100f wallet: sum ancestors rather than taking max in output groups (Karl-Johan Alm)

Pull request description:

  This is pointed out in https://github.com/bitcoin/bitcoin/pull/12257#discussion_r204549758.

  Basically, the ancestors gives an indication as to how many ancestors the resulting transaction will have, which is more precise when summing up the values, rather than taking the maximum, since all the coins in the group will become ancestors if selected.

Tree-SHA512: 0588c4b6059669650614817e041526a2ab89dda8c07fca8e077c7669dca1fed51cd164f7df56340840ab60285d48f3b140dcee64f64bf696b2dd4ab16d556a13
2018-08-07 17:23:04 +02:00
Wladimir J. van der Laan
e8f387f997
Merge #13843: [trivial] Add doxygen-compatible comments to CAffectedKeysVisitor
3339d84535 [trivial] add doxygen-compatible comments to CAffectedKeysVisitor (Pierre Rochard)

Pull request description:

Tree-SHA512: 0003fde198a6977d0c8988efc8f76428f9e095009fddf131b07bd9809ef76a778c86bb2b1305e33df16101b6b703cf43eb6193462bb9f3687f98c1d9b109dd96
2018-08-07 16:49:18 +02:00
Wladimir J. van der Laan
51c693d49e
Merge #13657: wallet: assert to ensure accuracy of CMerkleTx::GetBlocksToMaturity
93de2891fa wallet: assert to ensure accuracy of CMerkleTx::GetBlocksToMaturity (Ben Woosley)

Pull request description:

  According to my understanding, it should not be possible for coinbase
  transactions to be conflicting, thus it should not be possible for
  GetDepthInMainChain to return a negative result. If it did, this would
  also result in innacurate results for GetBlocksToMaturity due to the
  math therein. asserting ensures accuracy.

Tree-SHA512: 8e71c26f09fe457cfb00c362ca27066f7f018ea2af1f395090fdc7fd9f5964b76f4317c23f7a4923776f00087558511da5c1c368095be39fb1bacc614a93c32f
2018-08-07 14:19:50 +02:00
Wladimir J. van der Laan
b81a8a5ea9
Merge #13667: wallet: Fix backupwallet for multiwallets
a1a998cf24 wallet: Fix backupwallet for multiwallets (Daniel Kraft)

Pull request description:

  `backupwallet` was broken for multiwallets in their own directories (i.e. something like `DATADIR/wallets/mywallet/wallet.dat`).  In this case, the backup would use `DATADIR/wallets/wallet.dat` as source file and not take the specific wallet's directory into account.

  This led to either an error during the backup (if the wrong source file was not present) or would silently back up the wrong wallet; especially the latter behaviour can be quite bad for users.

Tree-SHA512: 7efe2450ca047e40719fcc7cc211ed94699056020ac737cada7b59e8240298675960570c45079add424d0aab520437d5050d956acd695a9c2452dd4317b4d2c4
2018-08-07 13:31:54 +02:00
practicalswift
d56b73f217 Remove redundant extern 2018-08-07 09:34:45 +02:00
practicalswift
a9e90e5002 Remove redundant redeclaration of rescanblockchain(...) in same scope 2018-08-06 23:52:35 +02:00
MarcoFalke
fa8527ffec
wallet: Catch filesystem_error and raise InitError 2018-08-04 12:04:38 -04:00
Pierre Rochard
3339d84535 [trivial] add doxygen-compatible comments to CAffectedKeysVisitor 2018-08-03 15:30:08 -04:00
Ben Woosley
384273260a
test: Add testing of value_ret for SelectCoinsBnB
Fix that the early bailout optimization tests did not test the actual
selection because their utxo pool was polluted by the make_hard_case test
preceding.
2018-08-03 02:45:20 -04:00
Pierre Rochard
909f54c80a [wallet] Add wallet name to log messages
After multiple wallets became supported, wallet-related log messages
became ambiguous as to which wallet they were being emitted by.

fixes #11317
2018-08-02 12:09:39 -04:00
Varunram
d5f745a5c7
trivial: correct typos 2018-08-02 21:27:17 +08:00
MarcoFalke
c88529a178
Merge #13805: [wallet] Correctly limit output group size
a13647b8bd [qa] Add test for too-large wallet output groups (Suhas Daftuar)
57ec1c97b2 [wallet] correctly limit output group size (Suhas Daftuar)

Pull request description:

  Also add a test to ensure that output groups are being limited, even if a wallet has many outputs corresponding to the same scriptPubKey (the test fails without the first commit).

Tree-SHA512: 2aaa82005b0910488f5cbf40690d4c5e2f46949e299ef70b4cb6e440713811443d411dcbc6d71b1701fd82423073125e21747787d70830cd021c841afb732d51
2018-08-01 12:03:20 -04:00
Karl-Johan Alm
23fbbb100f
wallet: sum ancestors rather than taking max in output groups 2018-07-31 04:54:41 +09:00
Suhas Daftuar
57ec1c97b2 [wallet] correctly limit output group size 2018-07-30 10:43:16 -04:00
Ben Woosley
23f4343781
Add CMerkleTx::IsImmatureCoinBase method
All but one call to GetBlocksToMaturity is testing it relative to 0
for the purposes of determining whether the coinbase tx is immature.
In such case, the value greater than 0 implies that the tx is coinbase,
so there is no need to separately test that status.

This names the concept for easy singular use.
2018-07-29 19:49:14 -04:00
MarcoFalke
fa5ed4f8d2
refactor: Avoid locking tx pool cs thrice 2018-07-29 08:04:06 -04:00
MarcoFalke
ad51e1372b
Merge #13774: Return void instead of bool for functions that cannot fail
d78a8dc3e8 Return void instead of bool for functions that cannot fail (practicalswift)

Pull request description:

  Return `void` instead of `bool` for functions that cannot fail:
  * `CBlockTreeDB::ReadReindexing(...)`
  * `CChainState::ResetBlockFailureFlags(...)`
  * `CTxMemPool::addUnchecked(...)`
  * `CWallet::CommitTransaction(...)`
  * `CWallet::LoadDestData(...)`
  * `CWallet::LoadKeyMetadata(...)`
  * `CWallet::LoadScriptMetadata(...)`
  * `CWallet::LoadToWallet(...)`
  * `CWallet::SetHDChain(...)`
  * `CWallet::SetHDSeed(...)`
  * `PendingWalletTx::commit(...)`
  * `RemoveLocal(...)`
  * `SetMinVersion(...)`
  * `StartHTTPServer(...)`
  * `StartRPC(...)`
  * `TorControlConnection::Disconnect(...)`

  Some of the functions can fail by throwing.

  Found by manually inspecting the following candidate functions:

  ```
  $ git grep -E '(^((static|virtual|inline|friend)[^a-z])*[^a-z]*bool [^=]*\(|return true|return false)' -- "*.cpp" "*.h"
  ```

Tree-SHA512: c0014e045362dbcd1a0cc8f69844e7b8cbae4f538e7632028daeca3a797ac11d8d3d86ebc480bedcb8626df3e96779d592747d52a12556fc49921b114fa0ccc6
2018-07-29 07:56:36 -04:00
practicalswift
620361fce8 Fix accidental use of the addition assignment operator ("+="). Remove newlines from error message. 2018-07-27 18:47:03 +02:00
practicalswift
d78a8dc3e8 Return void instead of bool for functions that cannot fail
* CBlockTreeDB::ReadReindexing(...)
* CChainState::ResetBlockFailureFlags(...)
* CTxMemPool::addUnchecked(...)
* CWallet::LoadDestData(...)
* CWallet::LoadKeyMetadata(...)
* CWallet::LoadScriptMetadata(...)
* CWallet::LoadToWallet(...)
* CWallet::SetHDChain(...)
* CWallet::SetHDSeed(...)
* RemoveLocal(...)
* SetMinVersion(...)
* StartHTTPServer(...)
* StartRPC(...)
* TorControlConnection::Disconnect(...)
2018-07-27 13:19:03 +02:00
DrahtBot
eb7daf4d60 Update copyright headers to 2018 2018-07-27 07:15:02 -04:00
Wladimir J. van der Laan
2d41af1728
Merge #13658: [moveonly] Extract RescanWallet to handle a simple rescan
3fe836b78d [moveonly] Extract RescanWallet to handle a simple rescan (Ben Woosley)

Pull request description:

  Where the outcome does not depend on the result, apart from a simple
  success check.

Tree-SHA512: e0d29c6fc0c7f99a730289e5a80deb586b2848aead56b5198a71ef01f65374812468dfd57be0b8b076eb9be4090d5101d28d979a1d5c3d2f1caeca77b303e90e
2018-07-25 15:39:04 +02:00
MarcoFalke
1211b15bf6
Merge #13656: Remove the boost/algorithm/string/predicate.hpp dependency
e3245f2e7b Removes Boost predicate.hpp dependency (251)

Pull request description:

  This pull request removes the `boost/algorithm/string/predicate.hpp` dependency from the project.

  To replace the the `predicate.hpp` dependency from the project the function calls to `boost::algorithm::starts_with` and `boost::algorithm::ends_with` have been replaced with respectively C++11's `std::basic_string::front` and `std::basic_string::back` function calls.

  Refactors that were not required, but have been done anyways:

  - The Boost function `all` was implicitly made available via the `predicate.hpp` header. Instead of including the appropriate header, function calls to `all` have been replaced with function calls to `std::all_of`.

  - The  `boost::algorithm::is_digit` predicate has been replaced with a custom `IsDigit` function that is locale independent and ASCII deterministic.

Tree-SHA512: 22dda6adfb4d7ac0cabac8cc33e8fb8330c899805acc1ae4ede402c4b11ea75a399414b389dfaa3650d23b47f41351b4650077af9005d598fbe48d5277bdc320
2018-07-24 14:50:05 -04:00
Wladimir J. van der Laan
5f7575e263
Merge #12257: [wallet] Use destination groups instead of coins in coin select
232f96f5c8 doc: Add release notes for -avoidpartialspends (Karl-Johan Alm)
e00b4699cc clean-up: Remove no longer used ivars from CInputCoin (Karl-Johan Alm)
43e04d13b1 wallet: Remove deprecated OutputEligibleForSpending (Karl-Johan Alm)
0128121101 test: Add basic testing for wallet groups (Karl-Johan Alm)
59d6f7b4e2 wallet: Switch to using output groups instead of coins in coin selection (Karl-Johan Alm)
87ebce25d6 wallet: Add output grouping (Karl-Johan Alm)
bb629cb9dc Add -avoidpartialspends and m_avoid_partial_spends (Karl-Johan Alm)
65b3eda458 wallet: Add input bytes to CInputCoin (Karl-Johan Alm)
a443d7a0ca moveonly: CoinElegibilityFilter into coinselection.h (Karl-Johan Alm)
173e18a289 utils: Add insert() convenience templates (Karl-Johan Alm)

Pull request description:

  This PR adds an optional (off by default) `-avoidpartialspends` flag, which changes coin select to use output groups rather than outputs, where each output group corresponds to all outputs with the same destination.

  It is a privacy improvement, as each time you spend some output, any other output that is publicly associated with the destination (address) will also be spent at the same time, at the cost of fee increase for cases where coin select without group restriction would find a more optimal set of coins (see example below).

  For regular use without address reuse, this PR should have no effect on the user experience whatsoever; it only affects users who, for some reason, have multiple outputs with the same destination (i.e. address reuse).

  Nodes with this turned off will still try to avoid partial spending, if the fee of the resulting transaction is not greater than the fee of the original transaction.

  Example: a node has four outputs linked to two addresses `A` and `B`:

  * 1.0 btc to `A`
  * 0.5 btc to `A`
  * 1.0 btc to `B`
  * 0.5 btc to `B`

  The node sends 0.2 btc to `C`. Without `-avoidpartialspends`, the following coin selection will occur:
  * 0.5 btc to `A` or `B` is picked
  * 0.2 btc is output to `C`
  * 0.3 - fee is output to (unique change address)

  With `-avoidpartialspends`, the following will instead happen:
  * Both of (0.5, 1.0) btc to `A` or `B` is picked (one or the other pair)
  * 0.2 btc is output to `C`
  * 1.3 - fee is output to (unique change address)

  As noted, the pro here is that, assuming nobody sends to the address after you spend from it, you will only ever use one address once. The con is that the transaction becomes slightly larger in this case, because it is overpicking outputs to adhere to the no partial spending rule.

  This complements #10386, in particular it addresses @luke-jr and @gmaxwell's concerns in https://github.com/bitcoin/bitcoin/pull/10386#issuecomment-300667926 and https://github.com/bitcoin/bitcoin/pull/10386#issuecomment-302361381.

  Together with `-avoidreuse`, this fully addresses the concerns in #10065 I believe.

Tree-SHA512: 24687a4490ba59cf4198ed90052944ff4996653a4257833bb52ed24d058b3e924800c9b3790aeb6be6385b653b49e304453e5d7ff960e64c682fc23bfc447621
2018-07-24 16:34:03 +02:00
Karl-Johan Alm
e00b4699cc
clean-up: Remove no longer used ivars from CInputCoin 2018-07-24 15:05:38 +09:00
Karl-Johan Alm
43e04d13b1
wallet: Remove deprecated OutputEligibleForSpending 2018-07-24 15:05:38 +09:00
Karl-Johan Alm
59d6f7b4e2
wallet: Switch to using output groups instead of coins in coin selection 2018-07-24 15:05:37 +09:00
Karl-Johan Alm
87ebce25d6
wallet: Add output grouping 2018-07-24 15:05:37 +09:00
Karl-Johan Alm
bb629cb9dc
Add -avoidpartialspends and m_avoid_partial_spends 2018-07-24 15:05:37 +09:00
Karl-Johan Alm
65b3eda458
wallet: Add input bytes to CInputCoin
With nInputBytes, coin selection can execute without a reference to the COutput
2018-07-24 15:05:36 +09:00
Karl-Johan Alm
a443d7a0ca
moveonly: CoinElegibilityFilter into coinselection.h 2018-07-24 15:05:36 +09:00
Ben Woosley
984d72ec65
Return the script type from Solver
Because false is synonymous with TX_NONSTANDARD, this conveys the same
information and makes the handling explicitly based on script type,
simplifying each call site.

Prior to this change it was common for the return value to be ignored,
or for the return value and TX_NONSTANDARD to be redundantly handled.
2018-07-22 21:37:00 -04:00
251
e3245f2e7b Removes Boost predicate.hpp dependency
This is a squashed commit that squashes the following commits:

This commit removes the `boost/algorithm/string/predicate.hpp` dependenc
from the project by replacing the function calls to `boost::algorithm::starts_with`
`boost::algorithm::ends_with` and `all` with respectively C++11'
`std::basic_string::front`, `std::basic_string::back`, `std::all_of` function calls

This commit replaces `boost::algorithm::is_digit` with  a locale independent isdigi
function, because the use of the standard library's `isdigit` and `std::isdigit
functions is discoraged in the developer notes
2018-07-22 21:34:45 +02:00
MarcoFalke
62baa28787
Merge #13691: Remove redundant variables, statements and forward declarations
3dee4cc509 Remove redundant statement (practicalswift)
99be644966 Remove redundant unused variables (practicalswift)
66ed242343 Remove redundant forward declaration (practicalswift)

Pull request description:

  Remove redundant …
  * ~access modifiers,~
  * forward declarations,
  * unused variables,
  * statements, and
  * ~return types from lambdas.~

Tree-SHA512: 328bb7d9c45398e44ecbee32095b6376879470dfddbc2180e037620d8390d524b51d7fda112fd58a078715e04432b24dd6998a2459f3550aa0498aa68de866d4
2018-07-22 09:38:10 -04:00
MarcoFalke
e8c74348d3
Merge #13683: wallet: Introduce assertion to document the assumption that cache and cache_used are always set in tandem
d06330396f wallet: Avoid potential null pointer dereference in CWalletTx::GetAvailableCredit(...) (practicalswift)

Pull request description:

  Avoid potential null pointer dereference in `CWalletTx::GetAvailableCredit(...)`.

  Introduced in 4279da4785.

Tree-SHA512: 92d1da9682f0bab11f6f96395ca30549331b0a056cbceb7e1a7f98b3d17d10082aaeed0907cafd46f4164b0e0f4b77e01f78bfd7d24e0503a66c6942ae842aa5
2018-07-22 08:34:09 -04:00
Wladimir J. van der Laan
6b6e854362
Merge #9662: Add createwallet "disableprivatekeys" option: a sane mode for watchonly-wallets
a3fa4d6a6a QA: Fix bug in -usecli logic that converts booleans to non-lowercase strings (Jonas Schnelli)
4704e5f074 [QA] add createwallet disableprivatekey test (Jonas Schnelli)
c7b8f343e9 [Qt] Disable creating receive addresses when private keys are disabled (Jonas Schnelli)
2f15c2bc20 Add disable privatekeys option to createwallet (Jonas Schnelli)
cebefba085 Add option to disable private keys during internal wallet creation (Jonas Schnelli)
9995a602a6 Add facility to store wallet flags (64 bits) (Jonas Schnelli)

Pull request description:

  This mode ('createwallet {"disableprivatekeys": true}') is intended for a sane pure watch-only mode, ideal for a use-case where one likes to use Bitcoin-Core in conjunction with a hardware-wallet or another solutions for cold-storage.

  Since we have support for custom change addresses in `fundrawtransaction`, pure watch-only wallets including coin-selection are possible and do make sense for some use cases.

  This new mode disables all forms of private key generation and ensure that no mix between hot and cold keys are possible.

Tree-SHA512: 3ebe7e8d54c4d4e5f790c348d4c292d456f573960a5b04d69ca5ef43a9217c7e7671761c6968cdc56f9a8bc235f3badd358576651af9f10855a0eb731f3fc508
2018-07-20 14:28:50 +02:00
MarcoFalke
aba2e666d7
Merge #13712: wallet: Fix non-determinism in ParseHDKeypath(...). Avoid using an uninitialized variable in path calculation.
27ee53c1ae wallet: Add error handling. Check return value of ParseUInt32(...) in ParseHDKeypath(...). (practicalswift)
7223263899 wallet: Add tests for ParseHDKeypath(...) (practicalswift)

Pull request description:

  Add error handling. Check return value of `ParseUInt32(...)` in `ParseHDKeypath(...)`.

  `ParseUInt32(...)` returns `false` if the entire string could not be parsed or when an overflow or underflow occurred. In such case the uninitialized variable `number` would be used in the calculation of `path` (prior to this commit).

  An example key path triggering this is `m/0/4294967296`:

  ```
    ParseHDKeypath("m/0/4294967296", keypath);
  ```

  `4294967296` is `1` + `0xFFFFFFFF` (`uint32_t` max: `4294967295`).

  Introduced in a4b06fb42e which was merged into `master` 14 hours ago as part of #13557 ("BIP 174 PSBT Serializations and RPCs").

Tree-SHA512: e5ff423f67c18d82c1231bde6343587a453e793c32004d93dc9b61be6d9372b57a6b2c9978d9eb1000d6cc82fd180f2486013f928dca737fb92daad22c16e467
2018-07-19 17:39:59 -04:00
MarcoFalke
f281f8f755
Merge #13074: [trivial] Correct help text for importaddress RPC
2c71edc2fc [wallet] [rpc] Fix importaddress help text (John Newbery)

Pull request description:

  Help text for `importaddress` referred to the first parameter as `script`, when in fact it's `address`. Calling with a script argument fails:

  ```
  → bcli -named importaddress script=2N3qhMpHK8WNo7wv87W9eHMgvGyJU1593Ei
  error code: -8
  error message:
  Unknown named parameter script
  → bcli -named importaddress address=2N3qhMpHK8WNo7wv87W9eHMgvGyJU1593Ei
  # success!
  ```

Tree-SHA512: 24dcb2cbd0a43e25896b1c67fa0386df2453ec04d49a339e10992417b3921ce3df8a6aa5abba7d2237d6188b018948b2a21ea2f04d37120ad36c31c7b7fc9f1c
2018-07-19 17:34:12 -04:00
practicalswift
27ee53c1ae wallet: Add error handling. Check return value of ParseUInt32(...) in ParseHDKeypath(...). 2018-07-19 21:13:03 +02:00
practicalswift
7223263899 wallet: Add tests for ParseHDKeypath(...) 2018-07-19 21:13:03 +02:00
Wladimir J. van der Laan
4a3e8c5aa6
Merge #13500: [wallet] Decouple wallet version from client version
cd3f4aa808 Decouple wallet version from client version (Andrew Chow)

Pull request description:

  Instead of comparing version numbers in the wallet to the client version number, compare them to the latest supported wallet version in the client. This allows for wallet version numbers to be unrelated to the client version number.

Tree-SHA512: 69c3e1f45a40bde01d622d504a803fea32fc14e2e27b14b0729725349d8592d56ebca26fd06f117fd6f5164fb4ce980122751b6370f6e25f1a947dbdf4143ddd
2018-07-18 20:58:54 +02:00
Wladimir J. van der Laan
b654723461
Merge #13557: BIP 174 PSBT Serializations and RPCs
020628e3a4 Tests for PSBT (Andrew Chow)
a4b06fb42e Create wallet RPCs for PSBT (Andrew Chow)
c27fe419ef Create utility RPCs for PSBT (Andrew Chow)
8b5ef27937 SignPSBTInput wrapper function (Andrew Chow)
58a8e28918 Refactor transaction creation and transaction funding logic (Andrew Chow)
e9d86a43ad Methods for interacting with PSBT structs (Andrew Chow)
12bcc64f27 Add pubkeys and whether input was witness to SignatureData (Andrew Chow)
41c607f09b Implement PSBT Structures and un/serialization methods per BIP 174 (Andrew Chow)

Pull request description:

  This Pull Request fully implements the [updated](https://github.com/bitcoin/bips/pull/694) BIP 174 specification. It is based upon #13425 which implements the majority of the signing logic.

  BIP 174 specifies a binary transaction format which contains the information necessary for a signer to produce signatures for the transaction and holds the signatures for an input while the input does not have a complete set of signatures.

  This PR contains structs for PSBT, serialization, and deserialzation code. Some changes to `SignatureData` have been made to support detection of UTXO type and storing public keys.

  ***

  Many RPCs have been added to handle PSBTs.

  `walletprocesspsbt` takes a PSBT format transaction, updates the PSBT with any inputs related to this wallet, signs, and finalizes the transaction. There is also an option to not sign and just update.

  `walletcreatefundedpsbt` creates a PSBT from user provided data in the same form as createrawtransaction. It also funds the transaction and takes an options argument in the same form as `fundrawtransaction`. The resulting PSBT is blank with no input or output data filled in. It is analogous to a combination of `createrawtransaction` and `fundrawtransaction`

  `decodepsbt` takes a PSBT and decodes it to JSON. It is analogous to `decoderawtransaction`

  `combinepsbt` takes multiple PSBTs for the same tx and combines them. It is analogous to `combinerawtransaction`

  `finalizepsbt` takes a PSBT and finalizes the inputs. If all inputs are final, it extracts the network serialized transaction and returns that instead of a PSBT unless instructed otherwise.

  `createpsbt` is like `createrawtransaction` but for PSBTs instead of raw transactions.

  `convertpsbt` takes a network serialized transaction and converts it into a psbt. The resulting psbt will lose all signature data and an explicit flag must be set to allow transactions with signature data to be converted.

  ***

  This supersedes #12136

Tree-SHA512: 1ac7a79e5bc669933f0a6fcc93ded55263fdde9e8c144a30266b13ef9f62aacf43edd4cbca1ffbe003090b067e9643c9298c79be69d7c1b10231b32acafb6338
2018-07-18 20:25:44 +02:00
practicalswift
3dee4cc509 Remove redundant statement 2018-07-18 09:39:31 +02:00
practicalswift
d06330396f wallet: Avoid potential null pointer dereference in CWalletTx::GetAvailableCredit(...) 2018-07-17 10:58:22 +02:00
Andrew Chow
020628e3a4 Tests for PSBT
Added functional tests for PSBT that test the RPCs. Also added all
of the BIP 174 test vectors (except for the updater tests) in the
functional tests.

Added a Unit test for the BIP 174 updater test vector.
2018-07-16 17:05:30 -07:00
Andrew Chow
a4b06fb42e Create wallet RPCs for PSBT
walletprocesspsbt takes a PSBT format transaction, updates the
PSBT with any inputs related to this wallet, signs, and finalizes
the transaction. There is also an option to not sign and just
update.

walletcreatefundedpsbt creates a PSBT from user provided data
in the same form as createrawtransaction. It also funds the transaction
and takes an options argument in the same form as fundrawtransaction.
The resulting PSBT is blank with no input or output data filled
in.
2018-07-16 16:08:24 -07:00
Wladimir J. van der Laan
17943f77bd
Merge #13652: rpc: Fix that CWallet::AbandonTransaction would leave the grandchildren, etc. active
89e70f9d7f Fix that CWallet::AbandonTransaction would only traverse one level (Ben Woosley)

Pull request description:

  Prior to this change, it would mark only the first layer of
  child transactions abandoned, due to always following the input `hashTx`
  rather than the current `now` tx.

Tree-SHA512: df068b49637d299ad73237c7244005fe5aa966d6beae57aff12e6948f173d9381e1b5d08533f7e3a1416991ed57f9f1f7b834057141d85c07dc60bb1f0872cea
2018-07-16 14:53:30 +02:00
Daniel Kraft
a1a998cf24 wallet: Fix backupwallet for multiwallets
backupwallet was broken for multiwallets in their own directories
(i.e. something like DATADIR/wallets/mywallet/wallet.dat).  In this
case, the backup would use DATADIR/wallets/wallet.dat as source file
and not take the specific wallet's directory into account.

This led to either an error during the backup (if the wrong source
file was not present) or would silently back up the wrong wallet;
especially the latter behaviour can be quite bad for users.
2018-07-15 16:38:33 +02:00
Ben Woosley
3fe836b78d
[moveonly] Extract RescanWallet to handle a simple rescan
Where the outcome does not depend on the result, apart from a simple
success check.
2018-07-14 12:42:28 -04:00
Pieter Wuille
b25a4c2284
Merge #13072: Update createmultisig RPC to support segwit
f40b3b82df [tests] functional test for createmultisig RPC (Anthony Towns)
b9024fdda3 segwit support for createmultisig RPC (Anthony Towns)
d58055d25f Move AddAndGetDestinationForScript from wallet to outputype module (Anthony Towns)
9a44db2e46 Add outputtype module (Anthony Towns)

Pull request description:

  Adds an "address_type" parameter that accepts "legacy", "p2sh-segwit", and "bech32" to choose the type of address created. Defaults to "legacy" rather than the value of the `-address-type` option for backwards compatibility.

  As part of implementing this, OutputType is moved from wallet into its own module, and `AddAndGetDestinationForScript` is changed to apply to a `CKeyStore` rather than a wallet, and to invoke `keystore.AddCScript(script)` itself rather than expecting the caller to have done that.

  Fixes #12502

Tree-SHA512: a08c1cfa89976e4fd7d29caa90919ebd34a446354d17abb862e99f2ee60ed9bc19d8a21a18547c51dc3812cb9fbed86af0bef2f1e971f62bf95cade4a7d86237
2018-07-13 20:31:13 -07:00
Pieter Wuille
1329ef1f00
Merge #13651: [moveonly] Extract CWallet::MarkInputsDirty, and privatize AddToWalletIfInvolvingMe
17e6aa8e33 Privatize CWallet::AddToWalletIfInvolvingMe (Ben Woosley)
b7f5650942 Extract CWallet::MarkInputsDirty (Ben Woosley)

Pull request description:

  Thus reducing code and surface area of CWallet.

Tree-SHA512: 31a99acc77ef3438ef9b95d60030972b707bd69d6e7b1498a5f776b219d9aabc83464f75bfec7bad5cb635d0b2d686c389914e5cc57a4bb0b93c47bd82ca608c
2018-07-13 20:24:37 -07:00
Pieter Wuille
ad552a54c5
Merge #13566: Fix get balance
702ae1e21a [RPC] [wallet] allow getbalance to use min_conf and watch_only without accounts. (John Newbery)
cf15761f6d [wallet] GetBalance can take a min_depth argument. (John Newbery)
0f3d6e9ab7 [wallet] factor out GetAvailableWatchOnlyBalance() (John Newbery)
7110c830f8 [wallet] deduplicate GetAvailableCredit logic (John Newbery)
ef7bc8893c [wallet] Factor out GetWatchOnlyBalance() (John Newbery)
4279da4785 [wallet] GetBalance can take an isminefilter filter. (John Newbery)

Pull request description:

  #12953 inadvertently removed the functionality to call `getbalance "*" <int> <bool>` to get the wallet's balance with either minconfs or include_watchonly.

  This restores that functionality (when `-deprecatedrpc=accounts`), and also makes it possible to call ``getbalance minconf=<int> include_watchonly=<bool>` when accounts are not being used.

Tree-SHA512: 67e84de9291ed6d34b23c626f4dc5988ba0ae6c99708d02b87dd3aaad3f4b6baa6202a66cc2dadd30dd993a39de8036ee920fcaa8cbb1c5dfe606e6fac183344
2018-07-13 19:46:31 -07:00
Pieter Wuille
d6b2235ca4
Merge #13630: Drop unused pindexRet arg to CMerkleTx::GetDepthInMainChain
d6f39b6c64 Drop unused pindexRet arg to CMerkleTx::GetDepthInMainChain (Ben Woosley)

Pull request description:

Tree-SHA512: 5f064a47e71113f90f296ab36dae92173ff3fc632ab4e1e85dc71d556cb9239d15939b1e542f4292dab93d336795b7f2e4ae64f6984303c852df8d24f54ccebe
2018-07-13 19:33:41 -07:00
Andrew Chow
58a8e28918 Refactor transaction creation and transaction funding logic
In preparation for more create transaction and fund transcation RPCs,
refactor the transaction creation and funding logic into separate
functions.
2018-07-13 14:27:31 -07:00
Ben Woosley
17e6aa8e33
Privatize CWallet::AddToWalletIfInvolvingMe
And document in the header.
2018-07-13 16:18:14 -04:00
Ben Woosley
b7f5650942
Extract CWallet::MarkInputsDirty
To avoid repeated implementations.
2018-07-13 16:18:13 -04:00
Jonas Schnelli
619cd29393
Merge #12944: [wallet] ScanforWalletTransactions should mark input txns as dirty
3c292cc19 ScanforWalletTransactions should mark input txns as dirty (Gregory Sanders)

Pull request description:

  I'm hitting a corner case in my mainnet wallet where I load a restore a wallet, call `rescanblockchain` from RPC, and it's "double counting" an output I've sent to myself since currently it never marks input transactions as dirty. This is fixed by a restart of the wallet.

  Note that this only happens with keys with birthdate *after* the blocks containing the spent funds which gets scanned on startup, so it's hard to test without a set seed function.

Tree-SHA512: ee1fa152bb054b57ab4c734e355df10d241181e0372c81d583be61678fffbabe5ae60b09b05dc1bbbcfb4838df9d8538791d4c1d80a09b84d78ad2f50dcb0a61
2018-07-13 20:34:43 +01:00
Ben Woosley
93de2891fa
wallet: assert to ensure accuracy of CMerkleTx::GetBlocksToMaturity
According to my understanding, it should not be possible for coinbase
transactions to be conflicting, thus it should not be possible for
GetDepthInMainChain to return a negative result. If it did, this would
also result in innacurate results for GetBlocksToMaturity due to the
math therein. asserting ensures accuracy.
2018-07-13 12:41:45 -04:00
Ben Woosley
89e70f9d7f
Fix that CWallet::AbandonTransaction would only traverse one level
Prior to this change, it would mark only the first layer of
child transactions abandoned, due to always following the input hashTx
rather than the current now tx.
2018-07-13 11:16:08 -04:00
Jonas Schnelli
4704e5f074
[QA] add createwallet disableprivatekey test 2018-07-12 20:32:07 +01:00
Jonas Schnelli
2f15c2bc20
Add disable privatekeys option to createwallet 2018-07-12 20:32:07 +01:00
Jonas Schnelli
cebefba085
Add option to disable private keys during internal wallet creation 2018-07-12 20:31:57 +01:00
Wladimir J. van der Laan
9b638c7ce1
Merge #13627: Free keystore.h from file scope level type aliases
d0b9405f96 Refactors `keystore.h` type aliases. (251)

Pull request description:

  This pull request frees `keystore.h` from type alias declarations that have been declared at file scope level.

  `keystore.h` has various type aliases that have been declared ~3 - 6 years ago at file scope level, which can either be encapsulated or removed.

  Where type alias declarations are encapsulated at the appropriate scope and access level, C++11's `using` notation is used in favor of the `typedef` notation.

Tree-SHA512: 1395cdc63e0c7ff5a1b1721675ad4416f71f507e999bd4ba019f03457cbfc08877848f10a8db7f5ccd2cd5ca3f5a291c986616f7703172fb6d79fba7447ffba8
2018-07-12 14:37:28 +02:00
MarcoFalke
d3dae3ddf9
Merge #13145: Use common getPath method to create temp directory in tests.
075429a482 Use common SetDataDir method to create temp directory in tests. (winder)

Pull request description:

  Took a stab at #12574

  Created a `getPath` method which can be used with the `TestingSetup` fixture to create a temp directory. Updated tests using temp directories to use this method.

  I tried setting up a `BOOST_GLOBAL_FIXTURE` to create a truly global path for all tests but was getting linker errors when including `boost/test/unit_test.hpp` in `test_bitcoin.cpp`. Even if I had gotten the linking to work, it looks like `make check` invokes the test binary a bunch of times, so it may not have worked anyway.

Tree-SHA512: b51d0f5fada5d652ccc9362596cf98a742aa47f5daf94f189b5f034d8c035c85d095377befdcff7fb4247154d5160e8c500d70f554a2158e2c185a9d24f694f1
2018-07-12 07:47:53 -04:00
Jonas Schnelli
9995a602a6
Add facility to store wallet flags (64 bits) 2018-07-12 10:30:21 +01:00
winder
075429a482 Use common SetDataDir method to create temp directory in tests. 2018-07-11 23:44:12 -04:00
251
d0b9405f96 Refactors keystore.h type aliases.
This squashed commit either encapsulates type alias declarations at the appropriate scope; or removes type aliases that are not used.

The encapsulated type aliases are declared using C++11's `using` notation in favor of the `typedef` notation.
2018-07-12 00:48:49 +02:00
MarcoFalke
5ba77df15d
Merge #13114: wallet/keystore: Add Clang thread safety annotations for variables guarded by cs_KeyStore
968b76f77c Add missing cs_KeyStore lock (practicalswift)
4bcd5bb87d Add locking annotations for variables guarded by cs_KeyStore (practicalswift)

Pull request description:

  * Add Clang thread safety annotations for variables guarded by `cs_KeyStore`
  * Add missing `cs_KeyStore` lock

Tree-SHA512: 7d93513c2da0cd564b9f1e75aa5156a454a4133eb845020fde8872e685dd5758353e93c33364aeea4a812c08353a810494e503a5ce160cc5be0af5af4bb2e6d7
2018-07-11 15:09:24 -04:00
Ben Woosley
d6f39b6c64
Drop unused pindexRet arg to CMerkleTx::GetDepthInMainChain 2018-07-11 00:22:10 -04:00
Matt Corallo
beef7ec4be Remove useless mapRequest tracking that just effects Qt display.
I thought we had removed this a long time ago, TBH, its really
confusing feedback to users that we display whether a tx was
broadcast to immediate neighbor nodes, given that has little
indication of whether the tx propagated very far.
2018-07-09 20:06:39 -04:00
Anthony Towns
d58055d25f Move AddAndGetDestinationForScript from wallet to outputype module
Makes AddAndGetDestinationForScript use a generic CKeyStore rather than
the wallet, and makes it always add the script to the keystore, rather
than only adding related (redeem) scripts.
2018-07-10 00:06:19 +10:00
Anthony Towns
9a44db2e46 Add outputtype module
Moves OutputType into its own module
2018-07-09 22:21:15 +10:00