Merge #16035: 0.18.1: Backports

bcb27d7b0 .python-version: Bump to 3.5.6 (MarcoFalke)
af25a757e Add comments to Python ECDSA implementation (John Newbery)
715da91e9 Set AA_EnableHighDpiScaling attribute early (Hennadii Stepanov)
2800b3d5c gui: Fix open wallet menu initialization order (João Barbosa)
e78007fc1 Make and get the multisig redeemscript and destination in one function instead of two (Andrew Chow)
d9fc969e7 Pure python EC (Pieter Wuille)
23ba460c1 test: Add test that addmultisigaddress fails for watchonly addresses (MarcoFalke)
13b3bb564 test: Fixup creatmultisig documentation and whitespace (MarcoFalke)
79745d175 Replace remaining fprintf with tfm::format manually (MarcoFalke)
beb09f09b scripted-diff: Replace fprintf with tfm::format (MarcoFalke)
e29aa6e72 Exceptions should be caught by reference, not by value. (Kristaps Kaupe)
f88959ba7 tinyformat: Add doc to Bitcoin Core specific strprintf (MarcoFalke)
0023c9789 rpc: bugfix: Properly use iswitness in converttopsbt (MarcoFalke)
832eb4ff5 Bugfix: test/functional/rpc_psbt: Correct test description comment (Luke Dashjr)
966d8d084 Bugfix: test/functional/rpc_psbt: Remove check for specific error message that depends on uncertain assumptions (Luke Dashjr)
bb36ac82e rpc: Switch touched RPCs to IsValidNumArgs (MarcoFalke)
d24d0ec05 Add example 2nd arg to signrawtransactionwithkey (Chris Moore)
592016ba1 fixup: Fix prunning test (João Barbosa)
c80a498ae Fix RPC/pruneblockchain returned prune height (Jonas Schnelli)
b2398240f gui: Enable open wallet menu on setWalletController (João Barbosa)
d1f261150 Add test for GCC bug 90348 (Pieter Wuille)
d80c558e0 gui: Set progressDialog to nullptr (João Barbosa)
7ed1a6019 gui: Enable console line edit on setClientModel (João Barbosa)
b55cbe82d qt: fix opening bitcoin.conf via Preferences on macOS; see #15409 (shannon1916)
b6c1f9478 Disallow extended encoding for non-witness transactions (take 3) (MarcoFalke)
86031083c Add test for superfluous witness record in deserialization (Gregory Sanders)
5a58ddb6d Fix missing input template by making minimal tx (Gregory Sanders)
206f5ee87 Disallow extended encoding for non-witness transactions (Pieter Wuille)
3dbc7def0 Show loaded wallets as disabled in open menu instead of nothing (MeshCollider)
a635377b6 Install bitcoin-wallet manpage. (Daniel Kraft)
eb85ee62b Doc: remove text about txes always relayed from -whitelist (David A. Harding)
890a92eba doc: Mention blocksonly in reduce-traffic.md, unhide option (MarcoFalke)
3460555f4 test: Add test for p2p_blocksonly (MarcoFalke)
8f215c7a2 test: Format predicate source as multiline on error (MarcoFalke)
9c1a607a0 net: Rename ::fRelayTxes to ::g_relay_txes (MarcoFalke)
5935f0126 build with -fstack-reuse=none (MarcoFalke)

Pull request description:

Tree-SHA512: 5cd73a4319cb69c92b528239cf97c0ed5fcf2b9e8c7fe154e4679eeec95db433a0223d8dc574e4cdc96c1913cfdf160b10c42dcdbcb5bbc8fb743c07930ef9da

1 files changed, 60 insertions, 12 deletions

diff --git a/test/functional/p2p_segwit.py b/test/functional/p2p_segwit.py
index 8f8e89cf15..62b12507ed 100755
--- a/test/functional/p2p_segwit.py
+++ b/test/functional/p2p_segwit.py
@@ -10,7 +10,7 @@ import struct
 import time
 
 from test_framework.blocktools import create_block, create_coinbase, add_witness_commitment, get_witness_script, WITNESS_COMMITMENT_HEADER
-from test_framework.key import CECKey, CPubKey
+from test_framework.key import ECKey
 from test_framework.messages import (
     BIP125_SEQUENCE_NUMBER,
     CBlock,
@@ -37,6 +37,7 @@ from test_framework.messages import (
     ser_vector,
     sha256,
     uint256_from_str,
+    FromHex,
 )
 from test_framework.mininode import (
     P2PInterface,
@@ -81,6 +82,7 @@ from test_framework.util import (
     hex_str_to_bytes,
     sync_blocks,
     sync_mempools,
+    assert_raises_rpc_error,
 )
 
 # The versionbit bit used to signal activation of SegWit
@@ -104,7 +106,7 @@ def get_p2pkh_script(pubkeyhash):
 def sign_p2pk_witness_input(script, tx_to, in_idx, hashtype, value, key):
     """Add signature for a P2PK witness program."""
     tx_hash = SegwitVersion1SignatureHash(script, tx_to, in_idx, hashtype, value)
-    signature = key.sign(tx_hash) + chr(hashtype).encode('latin-1')
+    signature = key.sign_ecdsa(tx_hash) + chr(hashtype).encode('latin-1')
     tx_to.wit.vtxinwit[in_idx].scriptWitness.stack = [signature, script]
     tx_to.rehash()
 
@@ -273,6 +275,7 @@ class SegWitTest(BitcoinTestFramework):
         self.test_non_standard_witness()
         self.test_upgrade_after_activation()
         self.test_witness_sigops()
+        self.test_superfluous_witness()
 
     # Individual tests
 
@@ -1483,10 +1486,9 @@ class SegWitTest(BitcoinTestFramework):
 
         # Segwit transactions using uncompressed pubkeys are not accepted
         # under default policy, but should still pass consensus.
-        key = CECKey()
-        key.set_secretbytes(b"9")
-        key.set_compressed(False)
-        pubkey = CPubKey(key.get_pubkey())
+        key = ECKey()
+        key.generate(False)
+        pubkey = key.get_pubkey().get_bytes()
         assert_equal(len(pubkey), 65)  # This should be an uncompressed pubkey
 
         utxo = self.utxo.pop(0)
@@ -1516,7 +1518,7 @@ class SegWitTest(BitcoinTestFramework):
         tx2.vout.append(CTxOut(tx.vout[0].nValue - 1000, script_wsh))
         script = get_p2pkh_script(pubkeyhash)
         sig_hash = SegwitVersion1SignatureHash(script, tx2, 0, SIGHASH_ALL, tx.vout[0].nValue)
-        signature = key.sign(sig_hash) + b'\x01'  # 0x1 is SIGHASH_ALL
+        signature = key.sign_ecdsa(sig_hash) + b'\x01'  # 0x1 is SIGHASH_ALL
         tx2.wit.vtxinwit.append(CTxInWitness())
         tx2.wit.vtxinwit[0].scriptWitness.stack = [signature, pubkey]
         tx2.rehash()
@@ -1570,7 +1572,7 @@ class SegWitTest(BitcoinTestFramework):
         tx5.vin.append(CTxIn(COutPoint(tx4.sha256, 0), b""))
         tx5.vout.append(CTxOut(tx4.vout[0].nValue - 1000, CScript([OP_TRUE])))
         (sig_hash, err) = SignatureHash(script_pubkey, tx5, 0, SIGHASH_ALL)
-        signature = key.sign(sig_hash) + b'\x01'  # 0x1 is SIGHASH_ALL
+        signature = key.sign_ecdsa(sig_hash) + b'\x01'  # 0x1 is SIGHASH_ALL
         tx5.vin[0].scriptSig = CScript([signature, pubkey])
         tx5.rehash()
         # Should pass policy and consensus.
@@ -1583,9 +1585,9 @@ class SegWitTest(BitcoinTestFramework):
     @subtest
     def test_signature_version_1(self):
 
-        key = CECKey()
-        key.set_secretbytes(b"9")
-        pubkey = CPubKey(key.get_pubkey())
+        key = ECKey()
+        key.generate()
+        pubkey = key.get_pubkey().get_bytes()
 
         witness_program = CScript([pubkey, CScriptOp(OP_CHECKSIG)])
         witness_hash = sha256(witness_program)
@@ -1720,7 +1722,7 @@ class SegWitTest(BitcoinTestFramework):
 
         script = get_p2pkh_script(pubkeyhash)
         sig_hash = SegwitVersion1SignatureHash(script, tx2, 0, SIGHASH_ALL, tx.vout[0].nValue)
-        signature = key.sign(sig_hash) + b'\x01'  # 0x1 is SIGHASH_ALL
+        signature = key.sign_ecdsa(sig_hash) + b'\x01'  # 0x1 is SIGHASH_ALL
 
         # Check that we can't have a scriptSig
         tx2.vin[0].scriptSig = CScript([signature, pubkey])
@@ -2039,5 +2041,51 @@ class SegWitTest(BitcoinTestFramework):
 
         # TODO: test p2sh sigop counting
 
+    def test_superfluous_witness(self):
+        # Serialization of tx that puts witness flag to 3 always
+        def serialize_with_bogus_witness(tx):
+            flags = 3
+            r = b""
+            r += struct.pack("<i", tx.nVersion)
+            if flags:
+                dummy = []
+                r += ser_vector(dummy)
+                r += struct.pack("<B", flags)
+            r += ser_vector(tx.vin)
+            r += ser_vector(tx.vout)
+            if flags & 1:
+                if (len(tx.wit.vtxinwit) != len(tx.vin)):
+                    # vtxinwit must have the same length as vin
+                    tx.wit.vtxinwit = tx.wit.vtxinwit[:len(tx.vin)]
+                    for i in range(len(tx.wit.vtxinwit), len(tx.vin)):
+                        tx.wit.vtxinwit.append(CTxInWitness())
+                r += tx.wit.serialize()
+            r += struct.pack("<I", tx.nLockTime)
+            return r
+
+        class msg_bogus_tx(msg_tx):
+            def serialize(self):
+                return serialize_with_bogus_witness(self.tx)
+
+        self.nodes[0].sendtoaddress(self.nodes[0].getnewaddress(address_type='bech32'), 5)
+        self.nodes[0].generate(1)
+        unspent = next(u for u in self.nodes[0].listunspent() if u['spendable'] and u['address'].startswith('bcrt'))
+
+        raw = self.nodes[0].createrawtransaction([{"txid": unspent['txid'], "vout": unspent['vout']}], {self.nodes[0].getnewaddress(): 1})
+        tx = FromHex(CTransaction(), raw)
+        assert_raises_rpc_error(-22, "TX decode failed", self.nodes[0].decoderawtransaction, serialize_with_bogus_witness(tx).hex())
+        with self.nodes[0].assert_debug_log(['Superfluous witness record']):
+            self.nodes[0].p2p.send_message(msg_bogus_tx(tx))
+            self.nodes[0].p2p.sync_with_ping()
+        raw = self.nodes[0].signrawtransactionwithwallet(raw)
+        assert raw['complete']
+        raw = raw['hex']
+        tx = FromHex(CTransaction(), raw)
+        assert_raises_rpc_error(-22, "TX decode failed", self.nodes[0].decoderawtransaction, serialize_with_bogus_witness(tx).hex())
+        with self.nodes[0].assert_debug_log(['Unknown transaction optional data']):
+            self.nodes[0].p2p.send_message(msg_bogus_tx(tx))
+            self.nodes[0].p2p.sync_with_ping()
+
+
 if __name__ == '__main__':
     SegWitTest().main()