This change was suggested as Countermeasure 6 in
Eclipse Attacks on Bitcoin’s Peer-to-Peer Network, Ethan Heilman,
Alison Kendler, Aviv Zohar, Sharon Goldberg. ePrint Archive Report
2015/263. March 2015.
This change was suggested as Countermeasure 2 in
Eclipse Attacks on Bitcoin’s Peer-to-Peer Network, Ethan Heilman,
Alison Kendler, Aviv Zohar, Sharon Goldberg. ePrint Archive Report
2015/263. March 2015.
This change was suggested as Countermeasure 2 in
Eclipse Attacks on Bitcoin’s Peer-to-Peer Network, Ethan Heilman,
Alison Kendler, Aviv Zohar, Sharon Goldberg. ePrint Archive Report
2015/263. March 2015.
Give each address a single fixed location in the new and tried tables,
which become simple fixed-size arrays instead of sets and vectors.
This prevents attackers from having an advantages by inserting an
address multiple times.
This change was suggested as Countermeasure 1 in
Eclipse Attacks on Bitcoin’s Peer-to-Peer Network, Ethan Heilman,
Alison Kendler, Aviv Zohar, Sharon Goldberg. ePrint Archive Report
2015/263. March 2015.
It is also more efficient.
During startup, when adding pending wallet transactions, which spend outputs of
other pending wallet transactions, back to the memory pool, and when they are
added out of order, it appears as if they are orphans with missing inputs.
Those transactions are then rejected and flagged as "conflicting" (= not in the
memory pool, not in the block chain).
To prevent this, transactions are explicitly sorted.
1d9b378 qa/rpc-tests/wallet: Tests for sendmany (Luke Dashjr)
40a7573 rpcwallet/sendmany: Just take an array of addresses to subtract fees from, rather than an Object with all values being identical (Luke Dashjr)
292623a Subtract fee from amount (Cozz Lovan)
90a43c1 [Qt] Code-movement-only: Format confirmation message in sendcoinsdialog (Cozz Lovan)
Make sure that chainparams and logging is properly initialized. Doing
this for every test may be overkill, but this initialization is so
simple that that does not matter.
This should fix the travis issues.
. Closes the bug from commit e179eb3d9b
("bitcoin-qt -help" did not show any message)
. Move all the options in init.cpp (there were already some
options related to bitcoin-qt)
Help messages are formatted programmatically with FormatParagraph
in order not to break existing strings in Transifex.
The new format works even if the translation of the strings
modifies the lenght of the message.
Sqashed 6 commits in a single one.
Help messages correctly formatted for SVGA text mode (132 chars)
Help messages are formatted programmatically with FormatParagraph
in order not to break existing strings in Transifex.
The new format should work even if the translation of the strings
modifies the lenght of the message.
Fix - syntax error
Correct formatting for 79 chars
Correctly based on C++ functions
Removed spare spaces from option strings
Fix - syntax error
When re-indexing, there are a few cases where garbage data may be skipped in
the block files. In these cases, the indices are correctly written to the index
db, however the pointer to the next position for writing in the current block
file is calculated by adding the sizes of the valid blocks found.
As a result, when the re-index is finished, the index db is correct for all
existing blocks, but the next block will be written to an incorrect offset,
likely overwriting existing blocks.
Rather than using the sum of all valid blocks to determine the next write
position, use the end of the last block written to the file. Don't assume that
the current block is the last one in the file, since they may be read
out-of-order.
UNITTEST parameter are not used by any current tests, and the model
(modifyable parameters) is inconvenient when unit-testing. As
they are stored in a global structure eevery test
would have to (re)set up its own parameters.
For consistency it is also better to test with MAIN parameters.
6cb4a52 [Qt, Linux] honor current network when creating autostart link (Philip Kaufmann)
9673c35 [Qt, Win] honor current network when creating autostart link (Philip Kaufmann)
We've chosen to htons/ntohs explicitly on reading and writing
(I do not know why). But as READWRITE already does an endian swap
on big endian, this means the port number gets switched around,
which was what we were trying to avoid in the first place. So
to make this compatible, serialize it as FLATDATA.
- Detect endian instead of stopping configure on big-endian
- Add `byteswap.h` and `endian.h` header for compatibility with
Windows and other operating systems that don't come with them
- Update `crypto/common.h` functions to use compat
endian header
This was added a while ago for testing purposes, but was never intended to be
used. Remove it until upstream libsecp256k1 decides that verification is
stable/ready.
These dialogs will be something that people occasionally open, not keep
open during their session, so just popping it up in a sensible place
is good enough. Remembering only creates potential issues, like spawning
it outside the current screen area.
On Ubuntu this causes the dialogs to be positioned in the
middle of the main dialog, so I didn't add code for that. YMMV.
Inspired by github pull #5777 by @L-Cranston-Shadow
Code to avoid calling Perfmon too often is only needed when perfmon is actually going to get called.
This is not intended to make any functional difference in the addition of entropy to the random pool.
Backwards-compatibility for libstdc++ is not limited to straightforward abi
changes. Symbol visibility also needs to be taken into consideration, and
that really can't be addressed simply.
Instead, just static-link libstdc++ for backwards-compat.
Split GetNextWorkRequired() into two functions to allow the difficulty calculations to
be tested without requiring a full blockchain.
Add unit tests to cover basic difficulty calculation, plus each of the min/max actual
time, and maximum difficulty target conditions.
This makes it easier for us to replace it if desired, since it's now only in
one spot. Also, it avoids the openssl include from allocators.h, which
essentially forced openssl to be included from every compilation unit.
The fix to NegateSignatureS caused a test which had been failing
in IsValidSignatureEncoding to then fail in IsLowDERSignature.
Add new test so the original check remains exercised.
NegateSignatureS is called with a signature without a hashtype, so
do not save the last byte and append it after S negation.
Updates the two tests which were affected by this bug.
Normally bitcoin core does not display any network originated strings without
sanitizing or hex encoding. This wasn't done for strcommand in many places.
This could be used to play havoc with a terminal displaying the logs,
especially with printtoconsole in use.
Thanks to Evil-Knievel for reporting this issue.
The only time when a client sends a "getaddr" message is when he
esatblishes an Outbound connection (see ProcessMessage() in
src/main.cpp). Another bitcoin client is expected to receive a
"getaddr" message only on Inbound connection. Ignoring "gettaddr"
requests on Outbound connections can resolve potential privacy issues
(and as was said such request normally do not happen anyway).
- rework the function to not log errors but use throw JSONRPCError
- remove a check for IsLocked() that is done in sendtoaddress and
sendfrom RPC calls already
- cache GetBalance() return value, because it's possibly used twice
Bitcoin amounts are stored as uint64 in the protobuf messages (see
paymentrequest.proto), but CAmount is defined as int64_t. Because
of that we need to verify that single and accumulated amounts are
in a valid range and no variable overflow has happened.
- fixes#5624 (#5622)
Thanks @SergioDemianLerner for reporting that issue and also supplying us
with a possible solution.
- add static verifyAmount() function to PaymentServer and move the logging
on error into the function
- also add a unit test to paymentservertests.cpp
c++11 (libc++'s stdlib implementation anyway) doesn't allow for map types to be
forward-declared. for example:
class foo;
std::map<int, foo> bar; // error, foo has not been defined.
class foo{};
Since CWallet and CWalletTx are inter-dependent, but only std::map<*,CWalletTx>
is used, forward-declare CWallet instead and define CWalletTx first.
Despite the mangled git diff, this change only amounts to moving ~320 lines in
a single chunk.
Instead, create a separate function that applies the undo operation of a
CTxInUndo object onto a CCoinsViewCache. This method is used from
DisconnectBlock.
This fixes a potential race condition in the CCheckQueueControl constructor,
which was looking directly at data in CCheckQueue without acquiring its lock.
Remove the now-unnecessary friendship for CCheckQueueControl
Note that this will also require translation changes in Transifex for the key
"A fee higher than %1 is considered an insanely high fee." which is now
"A fee higher than %1 is considered an absurdly high fee."
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
Rebased by @laanwj:
- update for RPC methods added since 84d13ee: setmocktime,
invalidateblock, reconsiderblock. Only the first, setmocktime, required a change,
the other two are thread safe.
The main thread spends time waiting for the DetectShutdownThread.
So why not just run this waiting loop function in the main thread?
One thread-stack less saves 4MB of virtual memory on 32-bit, and 8MB on
64-bit.
The default font changed again.
The real fix is to compile qt against a >= 10.8 sdk, but this is simple enough
to backport to 0.10 to avoid having to do that there.
Note: NSAppKitVersionNumber is a double and there's no official value for
NSAppKitVersionNumber10_10. Since == isn't reliable for doubles, use Apple's
guidelines for testing versions here:
https://developer.apple.com/library/mac/releasenotes/AppKit/RN-AppKit/
Chinese and Japanese fonts have been hard-coded as well, otherwise they fail to
show up at all.
This avoids a regression for issues like #334 where high speed
repeated connections eventually run the HTTP client out of
sockets because all of theirs end up in time_wait.
Maybe the trade-off here is suboptimal, but if both choices will
fail then we prefer fewer changes until the root cause is solved.
- now logs if -rootcertificates="" was used to disable payment request
authentication via X.509 certificates
- also logs which file is used as trusted root cert, if -rootcertificates
is set
1dd8ee7 improve tests for #5655 (Jonas Schnelli)
56c1093 fix tests for #5655 (Wladimir J. van der Laan)
16a5c18 Add a -rpckeepalive and disable RPC use of HTTP persistent connections. (Gregory Maxwell)
- this is based on #4122 (which can be closed)
Currently a payment request is only checked for expiration upon receipt.
It should be checked again immediately before sending coins to prevent
the user from paying to an expired invoice which would then require a
customer service interaction.
- add static verifyExpired() function to PaymentServer to be able to use
the same validation code in GUI and unit-testing code
- extend unit tests to use that function and also add an unit test which
overflows, because payment requests allow expires as uint64, whereas we
use int64_t for verification of expired payment requests
It turns out that some miners have been staying with old versions of
Bitcoin Core because their software behaves poorly with persistent
connections and the Bitcoin Core thread and connection limits.
What happens is that underlying HTTP libraries leave connections open
invisibly to their users and then the user runs into the default four
thread limit. This looks like Bitcoin Core is unresponsive to RPC.
There are many things that should be improved in Bitcoin Core's behavior
here, e.g. supporting more concurrent connections, not tying up threads
for idle connections, disconnecting kept-alive connections when limits
are reached, etc. All are fairly big, risky changes.
Disabling keep-alive is a simple workaround. It's often not easy to turn
off the keep-alive support in the client where it may be buried in some
platform library.
If you are one of the few who really needs persistent connections you
probably know that you want them and can find a switch; while if you
don't and the misbehavior is hitting you it is hard to discover the
source of your problems is keepalive related. Given that it is best
to default to off until they're handled better.
- verify that payment request network matches client network
- add static verifyNetwork() function to PaymentServer to be able to use
the same validation code in GUI and unit-testing code
- add a second PaymentRequest Test CA certificate to paymentrequestdata.h
(serial number f0:da:97:e4:38:d7:64:16) as caCert2_BASE64
- rename existing Test CA certificate to caCert1_BASE64
- rename existing payment request data to know they belong to
caCert1_BASE64
- update comments to reflect the changes and add a missing comment to one
of the payment requests
b468e81 Qt: Clarify sign/verify dialog text to specifically state that these messages only prove one receives with the address in question, and makes no claim to sender of transactions (Luke Dashjr)
This harmonizes the block fetch timeout with the existing ping timeout
and eliminates a guaranteed eventual failure from congestion collapse
for a network operating right at its limit.
It's unlikely that we wouldn't suffer other failures if we were really
anywhere near the network's limit, and a complete avoidance of congestion
collapse risk requires (I think) an exponential back-off. So this isn't
a major concern, but I think it's also useful for reducing the complexity
of understanding out timeouts.
- it is helpful to be able to test and verify payment request processing
by allowing self signed root certificates (e.g. generated by Gavins
"certificate authority in a box")
- This option is just shown in the UI options, if -help-debug is enabled.
- before it was possible to use the steps to change e.g. amouns of
authenticated or unauthenticated payment requests (AmountSpinBox is
already set to read-only here) - this is now fixed
- also move the reimplemented stepEnabled() function to the
protected section of our class, where it belongs (see Qt doc)
New versions of OpenSSL will reject non-canonical DER signatures. However,
it'll happily decode them. Decode then re-encode before verification in order
to ensure that it is properly consumed.
Makes it possible to compactly provide a delibrately invalid signature
for use with CHECK(MULTI)SIG. For instance with BIP19 if m != n invalid
signatures need to be provided in the scriptSig; prior to this change
those invalid signatures would need to be large DER-encoded signatures.
Note that we may want to further expand on this change in the future by
saying that only OP_0 is a "valid" invalid signature; BIP19 even with
this change is inherently malleable as the invalid signatures can be any
validly encoded DER signature.
2ecd294 Bugfix: configure: Correctly detect "nothing to build" condition (Luke Dashjr)
b7a4ecc Bugfix: Only check for boost when building code that requires it (Luke Dashjr)
a19eeac Bugfix: configure: Check for openssl/ec.h (Luke Dashjr)
fe925e2 Use EXTRA_LIBRARIES instead of noinst_LIBRARIES so we can avoid building unused code (Cory Fields)
This will disconnect peers that do not transfer a block in 10 minutes, plus
5 minutes for every previously queued block with validated headers
(accomodating downstream bandwidth down to a few kilobytes per second - below
that the node would have trouble staying synchronized anyway).
on rare occasions, rand() was returning duped values, causing duplicate
transactions.
BuildMerkleTree happily used these, but CPartialMerkleTree caught them and
returned a null merkle root.
Rather than taking changes with rand(), use the loop counter to guarantee
unique values.
At sipa's request, also remove the remaining uses of rand().
856e862 namespace: drop most boost namespaces and a few header cleanups (Cory Fields)
9b1ab86 namespace: drop boost::assign altogether here (Cory Fields)
a324199 namespace: remove boost namespace pollution (Cory Fields)
50cc6ab Merge pull request #178
941e221 Add tests for handling of the nonce function in signing.
10c81ff Merge pull request #177
7688e34 Add magnitude limits to secp256k1_fe_verify to ensure that it's own tests function correctly.
4ee4f7a Merge pull request #176
70ae0d2 Use secp256k1_fe_equal_var in secp256k1_fe_sqrt_var.
7767b4d Merge pull request #175
9ab9335 Add a reference consistency test to ge_tests.
60571c6 Rework group tests
d26e26f Avoid constructing an invalid signature with probability 1:2^256.
b450c34 Merge pull request #163
d57cae9 Merge pull request #154
49ee0db Add _normalizes_to_zero_var variant
eed599d Add _fe_normalizes_to_zero method
d7174ed Weak normalization for secp256k1_fe_equal
0295f0a weak normalization
bbd5ba7 Use rfc6979 as default nonce generation function
b37fbc2 Implement SHA256 / HMAC-SHA256 / RFC6979.
c6e7f4e [API BREAK] Use a nonce-generation function instead of a nonce
cf0c48b Merge pull request #169
603c33b Make signing fail if a too small buffer is passed.
6d16606 Merge pull request #168
7277fd7 Remove GMP field implementation
e99c4c4 Merge pull request #123
13278f6 Add explanation about how inversion can be avoided
ce7eb6f Optimize verification: avoid field inverse
a098f78 Merge pull request #160
38acd01 Merge pull request #165
6a59012 Make git ignore bench_recover when configured with benchmark enabled
1ba4a60 Configure options reorganization
3c0f246 Merge pull request #157
808dd9b Merge pull request #156
8dc75e9 Merge pull request #158
28ade27 build: nuke bashisms
5190079 build: use subdir-objects for automake
8336040 build: disable benchmark by default
git-subtree-dir: src/secp256k1
git-subtree-split: 50cc6ab0625efda6dddf1dc86c1e2671f069b0d8
Instead of using a fixed-width font in a label, which virtually
guarentees a horizontal scrollbar, use a proper text-document
that can re-layout based on user input.
Remove initialization from vector (as this is only used in the tests).
Also implement SetHex and GetHex in terms of uint256, to avoid
duplicate code as well as avoid endianness issues (as they
work in term of bytes).
- Methods that access the guts of arith_uint256 are removed,
as these are incompatible between endians. Use uint256 instead
- Serialization is no longer needed as arith_uint256's are never
read or written
- GetHash is never used on arith_uint256
If uint256() constructor takes a string, uint256(0) will become
dangerous when uint256 does not take integers anymore (it will go
through std::string(const char*) making a NULL string, and the explicit
keyword is no help).
SignatureHash and its test function SignatureHashOld
return uint256(1) as a special error signaling value.
Return a local static constant with the same value instead.