Commit graph

8829 commits

Author SHA1 Message Date
Wladimir J. van der Laan
7cad849299 sanity: Move OS random to sanity check function
Move the OS random test to a sanity check function that is called every
time bitcoind is initialized.

Keep `src/test/random_tests.cpp` for the case that later random tests
are added, and keep a rudimentary test that just calls the sanity check.
2017-02-22 08:02:50 +01:00
Wladimir J. van der Laan
aa09ccbb74 squashme: comment that NUM_OS_RANDOM_BYTES should not be changed lightly 2017-02-22 07:38:42 +01:00
Wladimir J. van der Laan
224e6eb089 util: Specific GetOSRandom for Linux/FreeBSD/OpenBSD
These are available in sandboxes without access to files or
devices. Also [they are safer and more straightforward](https://en.wikipedia.org/wiki/Entropy-supplying_system_calls)
to use than `/dev/urandom` as reading from a file has quite a few edge
cases:

- Linux: `getrandom(buf, buflen, 0)`. [getrandom(2)](http://man7.org/linux/man-pages/man2/getrandom.2.html)
  was introduced in version 3.17 of the Linux kernel.
- OpenBSD: `getentropy(buf, buflen)`. The [getentropy(2)](http://man.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man2/getentropy.2)
  function appeared in OpenBSD 5.6.
- FreeBSD and NetBSD: `sysctl(KERN_ARND)`. Not sure when this was added
  but it has existed for quite a while.

Alternatives:

- Linux has sysctl `CTL_KERN` / `KERN_RANDOM` / `RANDOM_UUID`
  which gives 16 bytes of randomness. This may be available
  on older kernels, however [sysctl is deprecated on Linux](https://lwn.net/Articles/605392/)
  and even removed in some distros so we shouldn't use it.

Add tests for `GetOSRand()`:

- Test that no error happens (otherwise `RandFailure()` which aborts)
- Test that all 32 bytes are overwritten (initialize with zeros, try multiple times)

Discussion:

- When to use these? Currently they are always used when available.
  Another option would be to use them only when `/dev/urandom` is not
  available. But this would mean these code paths receive less testing,
  and I'm not sure there is any reason to prefer `/dev/urandom`.

Closes: #9676
2017-02-21 20:57:34 +01:00
Wladimir J. van der Laan
5f0556d032
Merge #9727: Remove fallbacks for boost_filesystem < v3
056aba2 Remove fallbacks for boost_filesystem < v3 (Wladimir J. van der Laan)
2017-02-21 17:08:37 +01:00
Jonas Schnelli
312c4f1057
Fix segfault crash when shutdown the GUI in disablewallet mode 2017-02-21 14:37:20 +01:00
Wladimir J. van der Laan
8ad31f9aa3
Merge #9798: Fix Issue #9775 (Check returned value of fopen)
40f11f8 Fix for issue #9775. Added check for open() returning a NULL pointer. (kirit93)
2017-02-21 14:32:58 +01:00
kirit93
40f11f8872 Fix for issue #9775. Added check for open() returning a NULL pointer. 2017-02-20 23:53:18 +05:30
Pavel Janík
171fc91f06 Read/write mempool.dat as a binary.
mempool.dat is a binary file and thus it should be read/written as such.

Fixes #9810.
2017-02-20 18:14:06 +01:00
Wladimir J. van der Laan
7639d38f14
Merge #9726: netbase: Do not print an error on connection timeouts through proxy
3ddfe29 netbase: Do not print an error on connection timeouts through proxy (Wladimir J. van der Laan)
13f6085 netbase: Make InterruptibleRecv return an error code instead of bool (Wladimir J. van der Laan)
2017-02-20 17:49:51 +01:00
Wladimir J. van der Laan
aa791e2911
Merge #9619: Bugfix: RPC/Mining: GBT should return 1 MB sizelimit before segwit activates
279f944 QA: Test GBT size/weight limit values (Luke Dashjr)
9fc7f0b Bugfix: RPC/Mining: GBT should return 1 MB sizelimit before segwit activates (Luke Dashjr)
2017-02-20 17:32:02 +01:00
Wladimir J. van der Laan
2dad02232a
Merge #9760: [wallet] Remove importmulti always-true check
ec1267f [wallet] Remove importmulti always-true check (Russell Yanofsky)
2017-02-20 17:30:07 +01:00
Wladimir J. van der Laan
1a9fd5cb9d
Merge #9724: Qt/Intro: Add explanation of IBD process
f6d18f5 Qt/Intro: Explain a bit more what will happen first time (Luke Dashjr)
50c5657 Qt/Intro: Storage shouldn't grow significantly with pruning enabled (Luke Dashjr)
9adb694 Qt/Intro: Move sizeWarningLabel text into C++ code (Luke Dashjr)
2017-02-20 17:26:15 +01:00
Wladimir J. van der Laan
1f9e904f45
Merge #9791: Avoid VLA in hash.h
5c8fd50 Avoid VLA in hash.h (Pieter Wuille)
2017-02-19 13:28:30 +01:00
MarcoFalke
aa5fa642b0
Merge #9696: [trivial] Fix recently introduced typos in comments
0c9b9b7 [trivial] Fix recently introduced typos in comments (practicalswift)
2017-02-18 12:13:09 +01:00
Pieter Wuille
5c8fd50811 Avoid VLA in hash.h 2017-02-17 15:28:28 -08:00
Wladimir J. van der Laan
12f46fa7d8
Merge #9786: boost: remove iostreams includes
3301587 boost: remove iostreams includes (Cory Fields)
2017-02-17 21:48:37 +01:00
Cory Fields
3301587dc5 boost: remove iostreams includes
They're unused and produce nasty deprecation warnings
2017-02-17 15:06:09 -05:00
Pieter Wuille
c801c82e25 Move BIP70_MAX_PAYMENTREQUEST_SIZE to header 2017-02-17 11:54:32 -08:00
Pieter Wuille
914fad155d Make KEY_SIZE a compile-time constant 2017-02-17 11:42:22 -08:00
Wladimir J. van der Laan
f87e8f5392
build: bump version to 0.14.99
Now that 0.14 branch has been split off, master is 0.14.99 (pre-0.15).

Also clean out release notes.
2017-02-17 17:27:18 +01:00
Russell Yanofsky
ec1267f13b [wallet] Remove importmulti always-true check
Remove "nLowestTimestamp <= chainActive.Tip()->GetBlockTimeMax()" check from
importmulti, which is always true because nLowestTimestamp is set to the
minimum of the most recent block time and all the imported key timestamps,
which is necessarily lower than the maximum block time.
2017-02-17 07:00:41 -05:00
Wladimir J. van der Laan
9828f9a996
Merge #9761: Use 2 hour grace period for key timestamps in importmulti rescans
e662af3 Use 2 hour grace period for key timestamps in importmulti rescans (Russell Yanofsky)
38d3e9e [qa] Extend import-rescan.py to test imports on pruned nodes. (Russell Yanofsky)
c28583d [qa] Extend import-rescan.py to test specific key timestamps (Russell Yanofsky)
8be0866 [qa] Simplify import-rescan.py (Russell Yanofsky)
2017-02-17 12:53:41 +01:00
Wladimir J. van der Laan
ad168ef4e3
Merge #9778: Add two hour buffer to manual pruning
91fb506 Add two hour buffer to manual pruning (Alex Morcos)
2017-02-17 12:51:08 +01:00
Wladimir J. van der Laan
3c02b95740
Merge #9779: Update nMinimumChainWork and defaultAssumeValid.
3f78e46 Update nMinimumChainWork and defaultAssumeValid. (Gregory Maxwell)
2017-02-17 12:41:49 +01:00
Wladimir J. van der Laan
8dee822177
Merge #9777: Handle unusual maxsigcachesize gracefully
55c403b Ensure `-maxsigcachesize` is in valid range (John Newbery)
2017-02-17 09:05:48 +01:00
John Newbery
55c403b8fe Ensure -maxsigcachesize is in valid range
- If the -maxsigcachesize parameter is set to zero, setup a minimum sized
sigcache (2 elements) rather than segfaulting.
- Handle maxsigcachesize being negative
- Handle maxsigcachesize being too large
2017-02-17 09:04:37 +01:00
Alex Morcos
91fb506e0a Add two hour buffer to manual pruning 2017-02-16 17:47:56 -05:00
Gregory Maxwell
3f78e460ba Update nMinimumChainWork and defaultAssumeValid. 2017-02-16 19:31:03 +00:00
Russell Yanofsky
e662af3583 Use 2 hour grace period for key timestamps in importmulti rescans
Gregory Maxwell <greg@xiph.org> pointed out the lack of grace period in
https://github.com/bitcoin/bitcoin/pull/9490#issue-199407998.

The importwallet RPC which uses key timestamps in a similar way already has a 2
hour grace period.
2017-02-16 09:05:55 -05:00
Wladimir J. van der Laan
8743320d6c
Merge #9763: [Trivial] Update comments referencing main.cpp
00e623d [Trivial] Update comments referencing main.cpp (CryptAxe)
2017-02-16 14:01:14 +01:00
CryptAxe
00e623d0b8 [Trivial] Update comments referencing main.cpp 2017-02-16 13:52:38 +01:00
Wladimir J. van der Laan
e43a58514d
Merge #9771: Add missing cs_wallet lock that triggers new lock held assertion
07afcd6 Add missing cs_wallet lock that triggers new lock held assertion (Russell Yanofsky)
2017-02-16 10:30:33 +01:00
Wladimir J. van der Laan
f8af89a918
Merge #9764: wallet: Prevent "overrides a member function but is not marked 'override'" warnings
6c5427d wallet: Prevent "overrides a member function but is not marked 'override'" warnings (Wladimir J. van der Laan)
2017-02-16 10:24:24 +01:00
Wladimir J. van der Laan
1e92e041dd
Merge #9765: Harden against mistakes handling invalid blocks
ba803ef Harden against mistakes handling invalid blocks (Suhas Daftuar)
2017-02-16 10:23:41 +01:00
Russell Yanofsky
07afcd6379 Add missing cs_wallet lock that triggers new lock held assertion
A new AssertLockHeld(cs_wallet) call was added in commit a58370e
"Dedup nTimeFirstKey update logic" (part of PR #9108).

The lock held assertion will fail when loading prexisting wallets files from
before the #9108 merge that have watch-only keys.
2017-02-15 17:01:30 -05:00
Wladimir J. van der Laan
7a93af8340
Merge #9756: Return error when importmulti called with invalid address.
9acf25c Return error when importmulti called with invalid address. (Russell Yanofsky)
2017-02-15 16:29:16 +01:00
Wladimir J. van der Laan
476cc47da0
Merge #9758: Selectively suppress deprecation warnings
4b6cccc Selectively suppress deprecation warnings (Jonas Schnelli)
2017-02-15 15:08:59 +01:00
Suhas Daftuar
ba803efb68 Harden against mistakes handling invalid blocks
Fixes a bug in AcceptBlock() in invoking CheckBlock() with incorrect
arguments, and restores a call to CheckBlock() from ProcessNewBlock()
as belt-and-suspenders.

Updates the (overspecified) tests to match behavior.
2017-02-15 08:17:57 -05:00
Wladimir J. van der Laan
6c5427d24c wallet: Prevent "overrides a member function but is not marked 'override'" warnings
Because it is used inconsistently at least version 5.4.0 of g++ to
complains about methods that don't use override. There is two ways to go
about this: remove override from the methods having it, or add it to the
methods missing it. I chose the second.
2017-02-15 11:31:28 +01:00
Wladimir J. van der Laan
d8e8b06bd0
Merge #9108: Use importmulti timestamp when importing watch only keys (on top of #9682)
a80f98b Use importmulti timestamp when importing watch only keys (Russell Yanofsky)
a58370e Dedup nTimeFirstKey update logic (Russell Yanofsky)
2017-02-15 11:13:48 +01:00
Wladimir J. van der Laan
4c69d683f2
Merge #9553: Use z = std::max(x - y, 0) instead of z = x - y; if (z < 0) z = 0;
a47da4b Use z = std::max(x - y, 0); instead of z = x - y; if (z < 0) z = 0; (practicalswift)
2017-02-15 09:27:47 +01:00
practicalswift
0c9b9b7d64 [trivial] Fix recently introduced typos in comments 2017-02-14 20:19:40 +01:00
Jonas Schnelli
a441db01b5
Merge #9755: Bugfix: Qt/Options: Restore persistent "restart required" notice
0b4f273 Bugfix: Qt/Options: Restore persistent "restart required" notice (Luke Dashjr)
2017-02-14 15:57:02 +01:00
Wladimir J. van der Laan
e87ce95fbd
Merge #9720: net: fix banning and disallow sending messages before receiving verack
d943491 qa: add a test to detect leaky p2p messages (Cory Fields)
8650bbb qa: Expose on-connection to mininode listeners (Matt Corallo)
5b5e4f8 qa: mininode learns when a socket connects, not its first action (Matt Corallo)
cbfc5a6 net: require a verack before responding to anything else (Cory Fields)
8502e7a net: parse reject earlier (Cory Fields)
c45b9fb net: correctly ban before the handshake is complete (Cory Fields)
2017-02-14 14:42:29 +01:00
Wladimir J. van der Laan
b08656e343
Merge #9715: Disconnect peers which we do not receive VERACKs from within 60 sec
66f861a Add a test for P2P inactivity timeouts (Matt Corallo)
b436f92 qa: Expose on-connection to mininode listeners (Matt Corallo)
8aaba7a qa: mininode learns when a socket connects, not its first action (Matt Corallo)
2cbd119 Disconnect peers which we do not receive VERACKs from within 60 sec (Matt Corallo)
2017-02-14 14:35:15 +01:00
Wladimir J. van der Laan
edc9e63c57
Merge #9682: Require timestamps for importmulti keys
266a811 Use MTP for importmulti "now" timestamps (Russell Yanofsky)
3cf9917 Add test to check new importmulti "now" value (Russell Yanofsky)
442887f Require timestamps for importmulti keys (Russell Yanofsky)
2017-02-14 14:32:22 +01:00
Jonas Schnelli
4b6ccccc16
Selectively suppress deprecation warnings 2017-02-14 13:50:57 +01:00
Wladimir J. van der Laan
ec66d06e6e
Merge #9735: devtools: Handle Qt formatting characters edge-case in update-translations.py
7179e7c qt: Periodic translations update (Wladimir J. van der Laan)
5e903a5 devtools: Handle Qt formatting characters edge-case in update-translations.py (Wladimir J. van der Laan)
2017-02-14 12:21:34 +01:00
Cory Fields
cbfc5a6728 net: require a verack before responding to anything else
7a8c251901 made this logic hard to follow. After that change, messages would
not be sent to a peer via SendMessages() before the handshake was complete, but
messages could still be sent as a response to an incoming message.

For example, if a peer had not yet sent a verack, we wouldn't notify it about
new blocks, but we would respond to a PING with a PONG.

This change makes the behavior straightforward: until we've received a verack,
never send any message other than version/verack/reject.

The behavior until a VERACK is received has always been undefined, this change
just tightens our policy.

This also makes testing much easier, because we can now connect but not send
version/verack, and anything sent to us is an error.
2017-02-13 18:55:35 -05:00
Cory Fields
8502e7acbe net: parse reject earlier
Prior to this change, all messages were ignored until a VERSION message was
received, as well as possibly incurring a ban score.

Since REJECT messages can be sent at any time (including as a response to a bad
VERSION message), make sure to always parse them.

Moving this parsing up keeps it from being caught in the
if (pfrom->nVersion == 0) check below.
2017-02-13 18:55:35 -05:00