diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/Makefile.am | 2 | ||||
-rw-r--r-- | src/allocators.h | 10 | ||||
-rw-r--r-- | src/base58.cpp | 2 | ||||
-rw-r--r-- | src/chainparams.h | 2 | ||||
-rw-r--r-- | src/crypter.cpp | 4 | ||||
-rw-r--r-- | src/crypter.h | 4 | ||||
-rw-r--r-- | src/db.cpp | 2 | ||||
-rw-r--r-- | src/pow.cpp | 8 | ||||
-rw-r--r-- | src/qt/paymentrequestplus.cpp | 1 | ||||
-rw-r--r-- | src/qt/paymentrequestplus.h | 2 | ||||
-rw-r--r-- | src/qt/paymentserver.cpp | 1 | ||||
-rw-r--r-- | src/random.cpp | 13 | ||||
-rw-r--r-- | src/rpcmining.cpp | 2 | ||||
-rw-r--r-- | src/rpcmisc.cpp | 2 | ||||
-rw-r--r-- | src/streams.h | 1 | ||||
-rw-r--r-- | src/support/cleanse.cpp | 13 | ||||
-rw-r--r-- | src/support/cleanse.h | 13 | ||||
-rw-r--r-- | src/test/data/script_invalid.json | 8 | ||||
-rw-r--r-- | src/test/data/script_valid.json | 8 | ||||
-rw-r--r-- | src/test/script_tests.cpp | 8 | ||||
-rw-r--r-- | src/util.cpp | 7 |
21 files changed, 77 insertions, 36 deletions
diff --git a/src/Makefile.am b/src/Makefile.am index 009c3c5196..7644f6b325 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -123,6 +123,7 @@ BITCOIN_CORE_H = \ script/standard.h \ serialize.h \ streams.h \ + support/cleanse.h \ sync.h \ threadsafety.h \ timedata.h \ @@ -268,6 +269,7 @@ libbitcoin_util_a_SOURCES = \ compat/strnlen.cpp \ random.cpp \ rpcprotocol.cpp \ + support/cleanse.cpp \ sync.cpp \ uint256.cpp \ util.cpp \ diff --git a/src/allocators.h b/src/allocators.h index 6a131c3517..8ffe015b9e 100644 --- a/src/allocators.h +++ b/src/allocators.h @@ -6,6 +6,8 @@ #ifndef BITCOIN_ALLOCATORS_H #define BITCOIN_ALLOCATORS_H +#include "support/cleanse.h" + #include <map> #include <string> #include <string.h> @@ -14,8 +16,6 @@ #include <boost/thread/mutex.hpp> #include <boost/thread/once.hpp> -#include <openssl/crypto.h> // for OPENSSL_cleanse() - /** * Thread-safe class to keep track of locked (ie, non-swappable) memory pages. * @@ -174,7 +174,7 @@ void LockObject(const T& t) template <typename T> void UnlockObject(const T& t) { - OPENSSL_cleanse((void*)(&t), sizeof(T)); + memory_cleanse((void*)(&t), sizeof(T)); LockedPageManager::Instance().UnlockRange((void*)(&t), sizeof(T)); } @@ -217,7 +217,7 @@ struct secure_allocator : public std::allocator<T> { void deallocate(T* p, std::size_t n) { if (p != NULL) { - OPENSSL_cleanse(p, sizeof(T) * n); + memory_cleanse(p, sizeof(T) * n); LockedPageManager::Instance().UnlockRange(p, sizeof(T) * n); } std::allocator<T>::deallocate(p, n); @@ -254,7 +254,7 @@ struct zero_after_free_allocator : public std::allocator<T> { void deallocate(T* p, std::size_t n) { if (p != NULL) - OPENSSL_cleanse(p, sizeof(T) * n); + memory_cleanse(p, sizeof(T) * n); std::allocator<T>::deallocate(p, n); } }; diff --git a/src/base58.cpp b/src/base58.cpp index 980d3cbf42..c809185056 100644 --- a/src/base58.cpp +++ b/src/base58.cpp @@ -172,7 +172,7 @@ bool CBase58Data::SetString(const char* psz, unsigned int nVersionBytes) vchData.resize(vchTemp.size() - nVersionBytes); if (!vchData.empty()) memcpy(&vchData[0], &vchTemp[nVersionBytes], vchData.size()); - OPENSSL_cleanse(&vchTemp[0], vchData.size()); + memory_cleanse(&vchTemp[0], vchData.size()); return true; } diff --git a/src/chainparams.h b/src/chainparams.h index f52bf4e55f..86b84df667 100644 --- a/src/chainparams.h +++ b/src/chainparams.h @@ -68,7 +68,7 @@ public: bool RequireStandard() const { return fRequireStandard; } int64_t TargetTimespan() const { return nTargetTimespan; } int64_t TargetSpacing() const { return nTargetSpacing; } - int64_t Interval() const { return nTargetTimespan / nTargetSpacing; } + int64_t DifficultyAdjustmentInterval() const { return nTargetTimespan / nTargetSpacing; } /** Make miner stop after a block is found. In RPC, don't return until nGenProcLimit blocks are generated */ bool MineBlocksOnDemand() const { return fMineBlocksOnDemand; } /** In the future use NetworkIDString() for RPC fields */ diff --git a/src/crypter.cpp b/src/crypter.cpp index 75d84dbf13..c7f7e21679 100644 --- a/src/crypter.cpp +++ b/src/crypter.cpp @@ -26,8 +26,8 @@ bool CCrypter::SetKeyFromPassphrase(const SecureString& strKeyData, const std::v if (i != (int)WALLET_CRYPTO_KEY_SIZE) { - OPENSSL_cleanse(chKey, sizeof(chKey)); - OPENSSL_cleanse(chIV, sizeof(chIV)); + memory_cleanse(chKey, sizeof(chKey)); + memory_cleanse(chIV, sizeof(chIV)); return false; } diff --git a/src/crypter.h b/src/crypter.h index cbaf1562f0..8a91498e2e 100644 --- a/src/crypter.h +++ b/src/crypter.h @@ -82,8 +82,8 @@ public: void CleanKey() { - OPENSSL_cleanse(chKey, sizeof(chKey)); - OPENSSL_cleanse(chIV, sizeof(chIV)); + memory_cleanse(chKey, sizeof(chKey)); + memory_cleanse(chIV, sizeof(chIV)); fKeySet = false; } diff --git a/src/db.cpp b/src/db.cpp index a7f885135b..3246e4b67a 100644 --- a/src/db.cpp +++ b/src/db.cpp @@ -21,8 +21,6 @@ #include <boost/thread.hpp> #include <boost/version.hpp> -#include <openssl/rand.h> - using namespace std; diff --git a/src/pow.cpp b/src/pow.cpp index e49f0d104c..6dd5c4c12c 100644 --- a/src/pow.cpp +++ b/src/pow.cpp @@ -20,8 +20,8 @@ unsigned int GetNextWorkRequired(const CBlockIndex* pindexLast, const CBlockHead if (pindexLast == NULL) return nProofOfWorkLimit; - // Only change once per interval - if ((pindexLast->nHeight+1) % Params().Interval() != 0) + // Only change once per difficulty adjustment interval + if ((pindexLast->nHeight+1) % Params().DifficultyAdjustmentInterval() != 0) { if (Params().AllowMinDifficultyBlocks()) { @@ -34,7 +34,7 @@ unsigned int GetNextWorkRequired(const CBlockIndex* pindexLast, const CBlockHead { // Return the last non-special-min-difficulty-rules-block const CBlockIndex* pindex = pindexLast; - while (pindex->pprev && pindex->nHeight % Params().Interval() != 0 && pindex->nBits == nProofOfWorkLimit) + while (pindex->pprev && pindex->nHeight % Params().DifficultyAdjustmentInterval() != 0 && pindex->nBits == nProofOfWorkLimit) pindex = pindex->pprev; return pindex->nBits; } @@ -44,7 +44,7 @@ unsigned int GetNextWorkRequired(const CBlockIndex* pindexLast, const CBlockHead // Go back by what we want to be 14 days worth of blocks const CBlockIndex* pindexFirst = pindexLast; - for (int i = 0; pindexFirst && i < Params().Interval()-1; i++) + for (int i = 0; pindexFirst && i < Params().DifficultyAdjustmentInterval()-1; i++) pindexFirst = pindexFirst->pprev; assert(pindexFirst); diff --git a/src/qt/paymentrequestplus.cpp b/src/qt/paymentrequestplus.cpp index 4c1e898020..b69461ad9e 100644 --- a/src/qt/paymentrequestplus.cpp +++ b/src/qt/paymentrequestplus.cpp @@ -13,7 +13,6 @@ #include <stdexcept> -#include <openssl/x509.h> #include <openssl/x509_vfy.h> #include <QDateTime> diff --git a/src/qt/paymentrequestplus.h b/src/qt/paymentrequestplus.h index fbc3a09265..61f8a3415d 100644 --- a/src/qt/paymentrequestplus.h +++ b/src/qt/paymentrequestplus.h @@ -9,6 +9,8 @@ #include "base58.h" +#include <openssl/x509.h> + #include <QByteArray> #include <QList> #include <QString> diff --git a/src/qt/paymentserver.cpp b/src/qt/paymentserver.cpp index 9aab944f6b..96ceeb18a4 100644 --- a/src/qt/paymentserver.cpp +++ b/src/qt/paymentserver.cpp @@ -16,7 +16,6 @@ #include <cstdlib> -#include <openssl/x509.h> #include <openssl/x509_vfy.h> #include <QApplication> diff --git a/src/random.cpp b/src/random.cpp index 663456e962..0ba0de908d 100644 --- a/src/random.cpp +++ b/src/random.cpp @@ -5,6 +5,7 @@ #include "random.h" +#include "support/cleanse.h" #ifdef WIN32 #include "compat.h" // for Windows API #endif @@ -18,7 +19,6 @@ #include <sys/time.h> #endif -#include <openssl/crypto.h> #include <openssl/err.h> #include <openssl/rand.h> @@ -40,22 +40,23 @@ void RandAddSeed() // Seed with CPU performance counter int64_t nCounter = GetPerformanceCounter(); RAND_add(&nCounter, sizeof(nCounter), 1.5); - OPENSSL_cleanse((void*)&nCounter, sizeof(nCounter)); + memory_cleanse((void*)&nCounter, sizeof(nCounter)); } void RandAddSeedPerfmon() { RandAddSeed(); +#ifdef WIN32 + // Don't need this on Linux, OpenSSL automatically uses /dev/urandom + // Seed with the entire set of perfmon data + // This can take up to 2 seconds, so only do it every 10 minutes static int64_t nLastPerfmon; if (GetTime() < nLastPerfmon + 10 * 60) return; nLastPerfmon = GetTime(); -#ifdef WIN32 - // Don't need this on Linux, OpenSSL automatically uses /dev/urandom - // Seed with the entire set of perfmon data std::vector<unsigned char> vData(250000, 0); long ret = 0; unsigned long nSize = 0; @@ -70,7 +71,7 @@ void RandAddSeedPerfmon() RegCloseKey(HKEY_PERFORMANCE_DATA); if (ret == ERROR_SUCCESS) { RAND_add(begin_ptr(vData), nSize, nSize / 100.0); - OPENSSL_cleanse(begin_ptr(vData), nSize); + memory_cleanse(begin_ptr(vData), nSize); LogPrint("rand", "%s: %lu bytes\n", __func__, nSize); } else { static bool warned = false; // Warn only once diff --git a/src/rpcmining.cpp b/src/rpcmining.cpp index e3ae5cff42..165a9df697 100644 --- a/src/rpcmining.cpp +++ b/src/rpcmining.cpp @@ -44,7 +44,7 @@ Value GetNetworkHashPS(int lookup, int height) { // If lookup is -1, then use blocks since last difficulty change. if (lookup <= 0) - lookup = pb->nHeight % Params().Interval() + 1; + lookup = pb->nHeight % Params().DifficultyAdjustmentInterval() + 1; // If lookup is larger than chain, then set it to chain length. if (lookup > pb->nHeight) diff --git a/src/rpcmisc.cpp b/src/rpcmisc.cpp index 8d260b1cc9..2eda4d3355 100644 --- a/src/rpcmisc.cpp +++ b/src/rpcmisc.cpp @@ -228,6 +228,8 @@ CScript _createmultisig_redeemScript(const Array& params) throw runtime_error( strprintf("not enough keys supplied " "(got %u keys, but need at least %d to redeem)", keys.size(), nRequired)); + if (keys.size() > 16) + throw runtime_error("Number of addresses involved in the multisignature address creation > 16\nReduce the number"); std::vector<CPubKey> pubkeys; pubkeys.resize(keys.size()); for (unsigned int i = 0; i < keys.size(); i++) diff --git a/src/streams.h b/src/streams.h index bd8568b1af..9999c2341f 100644 --- a/src/streams.h +++ b/src/streams.h @@ -16,6 +16,7 @@ #include <map> #include <set> #include <stdint.h> +#include <stdio.h> #include <string> #include <string.h> #include <utility> diff --git a/src/support/cleanse.cpp b/src/support/cleanse.cpp new file mode 100644 index 0000000000..a2141b2449 --- /dev/null +++ b/src/support/cleanse.cpp @@ -0,0 +1,13 @@ +// Copyright (c) 2009-2010 Satoshi Nakamoto +// Copyright (c) 2009-2015 The Bitcoin Core developers +// Distributed under the MIT software license, see the accompanying +// file COPYING or http://www.opensource.org/licenses/mit-license.php. + +#include "cleanse.h" + +#include <openssl/crypto.h> + +void memory_cleanse(void *ptr, size_t len) +{ + OPENSSL_cleanse(ptr, len); +} diff --git a/src/support/cleanse.h b/src/support/cleanse.h new file mode 100644 index 0000000000..3e02aa8fd1 --- /dev/null +++ b/src/support/cleanse.h @@ -0,0 +1,13 @@ +// Copyright (c) 2009-2010 Satoshi Nakamoto +// Copyright (c) 2009-2015 The Bitcoin Core developers +// Distributed under the MIT software license, see the accompanying +// file COPYING or http://www.opensource.org/licenses/mit-license.php. + +#ifndef BITCOIN_SUPPORT_CLEANSE_H +#define BITCOIN_SUPPORT_CLEANSE_H + +#include <stdlib.h> + +void memory_cleanse(void *ptr, size_t len); + +#endif // BITCOIN_SUPPORT_CLEANSE_H diff --git a/src/test/data/script_invalid.json b/src/test/data/script_invalid.json index a67c157aff..3c52547a64 100644 --- a/src/test/data/script_invalid.json +++ b/src/test/data/script_invalid.json @@ -696,7 +696,13 @@ "BIP66 example 11, with DERSIG" ], [ - "0x49 0x304502203e4516da7253cf068effec6b95c41221c0cf3a8e6ccb8cbf1725b562e9afde2c022100ab1e3da73d67e32045a20e0b999e049978ea8d6ee5480d485fcf2ce0d03b2ef05101", + "0x48 0x304402203e4516da7253cf068effec6b95c41221c0cf3a8e6ccb8cbf1725b562e9afde2c022054e1c258c2981cdfba5df1f46661fb6541c44f77ca0092f3600331abfffb12510101", + "0x21 0x03363d90d447b00c9c99ceac05b6262ee053441c7e55552ffe526bad8f83ff4640 CHECKSIG", + "DERSIG", + "P2PK with multi-byte hashtype, with DERSIG" +], +[ + "0x48 0x304502203e4516da7253cf068effec6b95c41221c0cf3a8e6ccb8cbf1725b562e9afde2c022100ab1e3da73d67e32045a20e0b999e049978ea8d6ee5480d485fcf2ce0d03b2ef001", "0x21 0x03363d90d447b00c9c99ceac05b6262ee053441c7e55552ffe526bad8f83ff4640 CHECKSIG", "LOW_S", "P2PK with high S" diff --git a/src/test/data/script_valid.json b/src/test/data/script_valid.json index fb81fcb1f5..34e2c8d61a 100644 --- a/src/test/data/script_valid.json +++ b/src/test/data/script_valid.json @@ -814,7 +814,13 @@ "BIP66 example 12, with DERSIG" ], [ - "0x49 0x304502203e4516da7253cf068effec6b95c41221c0cf3a8e6ccb8cbf1725b562e9afde2c022100ab1e3da73d67e32045a20e0b999e049978ea8d6ee5480d485fcf2ce0d03b2ef05101", + "0x48 0x304402203e4516da7253cf068effec6b95c41221c0cf3a8e6ccb8cbf1725b562e9afde2c022054e1c258c2981cdfba5df1f46661fb6541c44f77ca0092f3600331abfffb12510101", + "0x21 0x03363d90d447b00c9c99ceac05b6262ee053441c7e55552ffe526bad8f83ff4640 CHECKSIG", + "", + "P2PK with multi-byte hashtype, without DERSIG" +], +[ + "0x48 0x304502203e4516da7253cf068effec6b95c41221c0cf3a8e6ccb8cbf1725b562e9afde2c022100ab1e3da73d67e32045a20e0b999e049978ea8d6ee5480d485fcf2ce0d03b2ef001", "0x21 0x03363d90d447b00c9c99ceac05b6262ee053441c7e55552ffe526bad8f83ff4640 CHECKSIG", "", "P2PK with high S but no LOW_S" diff --git a/src/test/script_tests.cpp b/src/test/script_tests.cpp index 6092afd782..e410b59710 100644 --- a/src/test/script_tests.cpp +++ b/src/test/script_tests.cpp @@ -107,7 +107,6 @@ void static NegateSignatureS(std::vector<unsigned char>& vchSig) { std::vector<unsigned char> r, s; r = std::vector<unsigned char>(vchSig.begin() + 4, vchSig.begin() + 4 + vchSig[3]); s = std::vector<unsigned char>(vchSig.begin() + 6 + vchSig[3], vchSig.begin() + 6 + vchSig[3] + vchSig[5 + vchSig[3]]); - unsigned char hashtype = vchSig.back(); // Really ugly to implement mod-n negation here, but it would be feature creep to expose such functionality from libsecp256k1. static const unsigned char order[33] = { @@ -141,7 +140,6 @@ void static NegateSignatureS(std::vector<unsigned char>& vchSig) { vchSig.push_back(0x02); vchSig.push_back(s.size()); vchSig.insert(vchSig.end(), s.begin(), s.end()); - vchSig.push_back(hashtype); } namespace @@ -478,6 +476,12 @@ BOOST_AUTO_TEST_CASE(script_build) good.push_back(TestBuilder(CScript() << OP_2 << ToByteVector(keys.pubkey1C) << ToByteVector(keys.pubkey2C) << OP_2 << OP_CHECKMULTISIG << OP_NOT, "BIP66 example 12, with DERSIG", SCRIPT_VERIFY_DERSIG ).Num(0).PushSig(keys.key1, SIGHASH_ALL, 33, 32).EditPush(1, "45022100", "440220").Num(0)); + good.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG, + "P2PK with multi-byte hashtype, without DERSIG", 0 + ).PushSig(keys.key2, SIGHASH_ALL).EditPush(70, "01", "0101")); + bad.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG, + "P2PK with multi-byte hashtype, with DERSIG", SCRIPT_VERIFY_DERSIG + ).PushSig(keys.key2, SIGHASH_ALL).EditPush(70, "01", "0101")); good.push_back(TestBuilder(CScript() << ToByteVector(keys.pubkey2C) << OP_CHECKSIG, "P2PK with high S but no LOW_S", 0 diff --git a/src/util.cpp b/src/util.cpp index 0d0f7e5f91..361b3631f5 100644 --- a/src/util.cpp +++ b/src/util.cpp @@ -698,13 +698,8 @@ void RenameThread(const char* name) // removed. pthread_set_name_np(pthread_self(), name); -#elif defined(MAC_OSX) && defined(__MAC_OS_X_VERSION_MAX_ALLOWED) - -// pthread_setname_np is XCode 10.6-and-later -#if __MAC_OS_X_VERSION_MAX_ALLOWED >= 1060 +#elif defined(MAC_OSX) pthread_setname_np(name); -#endif - #else // Prevent warnings for unused parameters... (void)name; |