| Age | Commit message (Collapse) | Author |
|---|
|
high-level fuzzing of the P2P layer.
9220a0fdd0f3dc2c8dd7cbeefac7d11106451b51 tests: Add one specialized ProcessMessage(...) fuzzing binary per message type for optimal results when using coverage-guided fuzzing (practicalswift)
fd1dae10b4a549ba9292d837235d59bd9eebbed3 tests: Add fuzzing harness for ProcessMessage(...) (practicalswift)
Pull request description:
Add fuzzing harness for `ProcessMessage(...)`. Enables high-level fuzzing of the P2P layer.
All code paths reachable from this fuzzer can be assumed to be reachable for an untrusted peer.
Seeded from thin air (an empty corpus) this fuzzer reaches roughly 20 000 lines of code.
To test this PR:
```
$ make distclean
$ ./autogen.sh
$ CC=clang CXX=clang++ ./configure --enable-fuzz \
--with-sanitizers=address,fuzzer,undefined
$ make
$ src/test/fuzz/process_message
…
```
Worth noting about this fuzzing harness:
* To achieve a reasonable number of executions per seconds the state of the fuzzer is unfortunately not entirely reset between `test_one_input` calls. The set-up (`FuzzingSetup` ctor) and tear-down (`~FuzzingSetup`) work is simply too costly to be run on every iteration. There is a trade-off to handle here between a.) achieving high executions/second and b.) giving the fuzzer a totally blank slate for each call. Please let me know if you have any suggestion on how to improve this situation while maintaining >1000 executions/second.
* To achieve optimal results when using coverage-guided fuzzing I've chosen to create one specialised fuzzing binary per message type (`process_message_addr`, `process_message_block`, `process_message_blocktxn `, etc.) and one general fuzzing binary (`process_message`) which handles all messages types. The latter general fuzzer can be seeded with inputs generated by the former specialised fuzzers.
Happy fuzzing friends!
ACKs for top commit:
MarcoFalke:
ACK 9220a0fdd0 🏊
Tree-SHA512: c314ef12b0db17b53cbf3abfb9ecc10ce420fb45b17c1db0b34cabe7c30e453947b3ae462020b0c9f30e2c67a7ef1df68826238687dc2479cd816f0addb530e5
|
|
4444edc2e6671d3f73de3725447130f73ecf0375 ci: Enable all functional tests in valgrind (MarcoFalke)
Pull request description:
The travis timeout for our repo has been bumped to 2h, so we can run all tests in valgrind now
ACKs for top commit:
practicalswift:
ACK 4444edc2e6671d3f73de3725447130f73ecf0375 -- regarding the three disabled cases (`feature_abortnode`, `feature_block` and `rpc_bind`): not a big deal since MSan will take care of those once #18288 is merged. More is more :)
Tree-SHA512: ea2f798112911b6d1f3d88cfcdf0a7cdb698687248343703d6fe55da144542c961c15d888bffb41672c10aa76765615cb7c7ff93d468bfad3c51f962f24e7abb
|
|
type for optimal results when using coverage-guided fuzzing
|
|
|
|
|
|
f1b45031148105754c23af08c891387e71c3c2c3 bumpfee test: exit loop at proper time with new fee value being compared (Gregory Sanders)
2e4edc68f903cf7873027440ff551f3f6121dbe6 Add some test logging to wallet_bumpfee.py (Gregory Sanders)
Pull request description:
In the loop we accidentally used `origfee` which is not the value to check, and also allowed the loop to exit too early since the new fee must be strictly greater than `0.0005`.
Also converted/added a bunch of logging from comments.
Resolves https://github.com/bitcoin/bitcoin/issues/17716
ACKs for top commit:
MarcoFalke:
ACK f1b45031148105754c23af08c891387e71c3c2c3 🏈
Tree-SHA512: eb73297fc82b09b9ec08d85ba3f0bec662119d0ff63ccf5d978a7bad6a674b5915f5ed021ec42f72a732c9ee7af43212d1de87361f50a970df7755caec96f6d8
|
|
|
|
|
|
ffff9dcdc3cbe427739cc19cc7a53f032474fa2a test: Explain why test logging should be used (MarcoFalke)
Pull request description:
Background is that some tests don't have any `self.log` call at all. Thus there are no "anchor points" and those tests are hard to debug because the logs can't easily be parsed by a human.
ACKs for top commit:
jonatack:
ACK ffff9dcdc3cbe427739cc19cc7a53f032474fa2a
instagibbs:
ACK https://github.com/bitcoin/bitcoin/pull/18305/commits/ffff9dcdc3cbe427739cc19cc7a53f032474fa2a
fanquake:
re-ACK ffff9dcdc3cbe427739cc19cc7a53f032474fa2a
Tree-SHA512: 08d962e85c4892c2a0c58feb5dc697c680a9d68e41a79417da6fcd415e0c5c735c4533a985cf225bb89deb5ca717d9bedf990657958079185804caa512b10f5a
|
|
|
|
ad345909b2465a65ee023b389fae342088e2f187 doc: remove Boost Chrono from install docs (fanquake)
e21fa542b189263ad3a4342d048905d68c3a3507 test: remove Boost Chrono installation from CI (fanquake)
bd37f2bc26158f85ef1ab73b9ca1fc0da8ea562a build: remove Boost Chrono detection from build system (fanquake)
1d0a87e712a6253ef3f9b06a9611fd8e113401d2 build: remove chrono package from depends Boost (fanquake)
Pull request description:
We no longer use Boost Chrono.
ACKs for top commit:
practicalswift:
ACK ad345909b2465a65ee023b389fae342088e2f187
MarcoFalke:
ACK ad345909b2465a65ee023b389fae342088e2f187
kallewoof:
ACK ad345909b2465a65ee023b389fae342088e2f187
Tree-SHA512: d987ab5461c76c982318c65ec8d625094356716b79fd3a462beea75f07db0f82608ace13ec4c4b0233f352508715a4505ac2b4ed1c1e9d9d78f0da936b80f0f3
|
|
cbf2d75d8f49b7b1e32acb5373b312b484f3fa6a qa: Add getdescriptorinfo functional test (João Barbosa)
Pull request description:
The `getdescriptorinfo` RPC was added in #15368, this PR adds some tests.
Top commit has no ACKs.
Tree-SHA512: 5bf3fb5842b975089821c7ac52202ecb23df255f655862646eb532e38e335ff963f8973bcf5b8bba386183281dc9bfe7279ba1cf25fd518c9a45fb45a9243e4d
|
|
|
|
e37f53648e3acc6aea75adafec4de2bdbd8cb293 Make lifetime correctness easier to see (avoid reference lifetime extension) (practicalswift)
e7ddbd98937412b2e8b7a3dfacdcacfcbb1d9148 tests: Add fuzzing harness for CScriptNum operations (practicalswift)
65a52a002475056183ea8ee1a42b78aec7d68583 tests: Add fuzzing harness for CScript operations (practicalswift)
eb7c50ca1f4eafed4bb9a20d3012776545a6a433 tests: Add common Consume* fuzzing functions (practicalswift)
Pull request description:
Add fuzzing harness for `CScript` and `CScriptNum` operations.
Test this PR using:
```
$ make distclean
$ ./autogen.sh
$ CC=clang CXX=clang++ ./configure --enable-fuzz \
--with-sanitizers=address,fuzzer,undefined
$ make
$ src/test/fuzz/script_ops
…
$ src/test/fuzz/scriptnum_ops
…
```
ACKs for top commit:
MarcoFalke:
ACK e37f53648e3acc6aea75adafec4de2bdbd8cb293 🦂
Tree-SHA512: 5165d918ffe3f1e3e85ab0e61d8b05934f682d324cf63ce188da5890899df2b5727aba9ed10c0437260ecff8055250e60c79d81d764bc740a7652d543a7c5fa3
|
|
|
|
|
|
d484279a46fe2cd5e133b6c18a1e00f802084772 test: add logging to wallet_listsinceblock.py (Jon Atack)
Pull request description:
This is the first commit from #17535.
Top commit has no ACKs.
Tree-SHA512: bb4f527a41bca3ffbf69e910311ce7f85dcc7a2be41350b3c653a27f4044f392b7e528f330e9691f497212469f6b16ce263230bb7a919548dd4e3e21cc72142f
|
|
|
|
of exporting the private keys
d2774c09cfcc6c5c967d40bb094eabc8c0bdb6bf Clear any input_errors for an input after it is signed (Andrew Chow)
dc174881ad8498a6905ba282a48077bc5c8037a7 Replace GetSigningProvider with GetSolvingProvider (Andrew Chow)
6a9c429084b40356aa36aa67992da35f61c2f6a2 Move direct calls to MessageSign into new SignMessage functions in CWallet and ScriptPubKeyMan (Andrew Chow)
82a30fade70a2a95c2bbeac4aa06dafda600479d Move key and script filling and signing from CWallet::FillPSBT to ScriptPubKeyMan::FillPSBT (Andrew Chow)
3d70dd99f9f74eef70b19ff6f6f850adc0d5ef8f Move FillPSBT to be a member of CWallet (Andrew Chow)
a4af324d15c1ee43c2abd11a304ae18c7ee82eb0 Use CWallet::SignTransaction in CreateTransaction and signrawtransactionwithwallet (Andrew Chow)
f37de927442d3f024926a66c436d59e391c8696a Implement CWallet::SignTransaction using ScriptPubKeyMan::SignTransaction (Andrew Chow)
d999dd588cab0ff479bc7bee8c9fc33880265ec6 Add SignTransaction function to ScriptPubKeyMan and LegacyScriptPubKeyMan (Andrew Chow)
2c52b59d0a44a86d94fee4e437978d822862c542 Refactor rawtransaction's SignTransaction into generic SignTransaction function (Andrew Chow)
Pull request description:
Following #17261, the way to sign transactions, PSBTs, and messages was to use `GetSigningProvider()` and get a `SigningProvider` containing the private keys. However this may not be feasible for future `ScriptPubKeyMan`s, such as for hardware wallets. Instead of exporting a `SigningProvider` containing private keys, we need to pass these things into the `ScriptPubKeyMan` (via `CWallet`) so that they can do whatever is needed internally to sign them. This is largely a refactor as the logic of processing transactions, PSBTs, and messages for is moved into `LegacyScriptPubKeyMan` and `CWallet` instead of being handled by the caller (e.g. `signrawtransaction`).
To help with this, I've refactored the 3(!) implementations of a `SignTransaction()` function into one generic one. This function will be called by `signrawtransactionwithkey` and `LegacyScriptPubKeyMan::SignTransaction()`. `CWallet::CreateTransaction()` is changed to call `CWallet::SignTransaction()` which in turn, calls `LegacyScriptPubKeyMan::SignTransaction()`. Other `ScriptPubKeyMan`s may implement `SignTransaction()` differently.
`FillPSBT()` is moved to be a member function of `CWallet` and the `psbtwallet.cpp/h` files removed. It is further split so that `CWallet` handles filling the UTXOs while the `ScriptPubKeyMan` handles adding keys, derivation paths, scripts, and signatures. In the end `LegacyScriptPubKeyMan::FillPSBT` still calls `SignPSBTInput`, but the `SigningProvider` is internal to `LegacyScriptPubKeyMan`. Other `ScriptPubKeyMan`s may do something different.
A new `SignMessage()` function is added to both `CWallet` and `ScriptPubKeyMan`. Instead of having the caller (i.e. `signmessage` or the sign message dialog) get the private key, hash the message, and sign, `ScriptPubKeyMan` will now handle that (`CWallet` passes through to the `ScriptPubKeyMan`s as it does for many functions). This signing code is thus consolidated into `LegacyScriptPubKeyMan::SignMessage()`, though other `ScriptPubKeyMan`s may implement it differently. Additionally, a `SigningError` enum is introduced for the different errors that we expect to see from `SignMessage()`.
Lastly, `GetSigningProvider()` is renamed to `GetPublicSigningProvider()`. It will now only provide pubkeys, key origins, and scripts. `LegacySigningProvider` has it's `GetKey` and `HaveKey` functions changed to only return false. Future implementations should return `HidingSigningProvider`s where private keys are hidden.
Other things like `dumpprivkey` and `dumpwallet` are not changed because they directly need and access the `LegacyScriptPubKeyMan` so are not relevant to future changes.
ACKs for top commit:
instagibbs:
reACK https://github.com/bitcoin/bitcoin/pull/18115/commits/d2774c09cfcc6c5c967d40bb094eabc8c0bdb6bf
Sjors:
re-utACK d2774c09cfcc6c5c967d40bb094eabc8c0bdb6bf
meshcollider:
re-utACK d2774c09cfcc6c5c967d40bb094eabc8c0bdb6bf
Tree-SHA512: 89c83e7e7e9315e283fae145a2264648a9d7f7ace8f3281cb3f44f0b013c988d67ba4fa9726e50c643c0ed921bdd269adaec984840d11acf4a681f3e8a582cc1
|
|
46a1ee7732550956a5db35f9a5cb87530b6cff43 doc: Add historical release notes for 0.19.1 (Wladimir J. van der Laan)
Pull request description:
Top commit has no ACKs.
Tree-SHA512: 9ff578fbaec5694d63256d65cbe7e9d0ba99ac50803c8192f9b5e90a614dc89778bdb17b03f5f7725397f820e085e7d704deb1d6a58b18cd4e4fc91ea413b6ae
|
|
|
|
|
|
related functions (netaddress.h)
6590395f6047cbfbe29f491d816c25c9a28d23a2 tests: Remove FUZZERS_MISSING_CORPORA (practicalswift)
815c7a679316e34b2072a45949ad4ecb1ae1c7fb tests: Add basic fuzzing harness for CNetAddr/CService/CSubNet related functions (netaddress.h) (practicalswift)
Pull request description:
Add basic fuzzing harness for `CNetAddr`/`CService`/`CSubNet` related functions (`netaddress.h`).
To test this PR:
```
$ make distclean
$ ./autogen.sh
$ CC=clang CXX=clang++ ./configure --enable-fuzz \
--with-sanitizers=address,fuzzer,undefined
$ make
$ src/test/fuzz/netaddress
…
```
Top commit has no ACKs.
Tree-SHA512: 69dc0e391d56d5e9cdb818ac0ac4b69445d0195f714442a06cf662998e38b6e0bbaa635dce78df37ba797feed633e94abba4764b946c1716d392756e7809112d
|
|
|
|
|
|
fab0e5ba7f2777b86f1487234ed7cc4be9f72ea8 fuzz: Add assert(script == decompressed_script) (MarcoFalke)
Pull request description:
Presumably an oversight in https://github.com/bitcoin/bitcoin/pull/17926#discussion_r389262151
ACKs for top commit:
practicalswift:
Tested ACK fab0e5ba7f2777b86f1487234ed7cc4be9f72ea8
Tree-SHA512: 6dcec06169df497a540fd6ebbcd89f5db22257241b2bbe756de868742f9bc324b80d38dbababfa07e5f3a830aaae9fc6d168dcc2ca5d75da437bdf4dc4e0f370
|
|
functions (netaddress.h)
|
|
Make sure that there are no errors set for an input after it is signed.
This is useful for when there are multiple ScriptPubKeyMans. Some may
fail to sign, but one may be able to sign, and after it does, we don't
want there to be any more errors there.
|
|
Not all ScriptPubKeyMans will be able to provide private keys,
but pubkeys and scripts should be. So only provide public-only
SigningProviders, i.e. ones that can help with Solving.
|
|
and ScriptPubKeyMan
Instead of getting a SigningProvider and then going to MessageSign,
have ScriptPubKeyMan handle the message signing internally.
|
|
ScriptPubKeyMan::FillPSBT
Instead of fetching a SigningProvider from ScriptPubKeyMan in order
to fill and sign the keys and scripts for a PSBT, just pass that
PSBT to a new FillPSBT function that does all that for us.
|
|
|
|
fuzzing for all harnesses in master
bf0664181965787829935d5f9704640cff5cfc66 tests: Reset FUZZERS_MISSING_CORPORA to enable regression fuzzing for more harnesses (practicalswift)
Pull request description:
Update `FUZZERS_MISSING_CORPORA` to enable regression fuzzing for all harnesses in `master`.
Note that this PR is expected to fail in Travis until https://github.com/bitcoin-core/qa-assets/pull/4 is merged :)
Top commit has no ACKs.
Tree-SHA512: 6b4d23726ca99c7ab9454087f0354e35d307e7e16b90741cdf7838265a07a631cf54d9533b4f1bf9a0fd900c5ed909756a35cab738284bf39b09ab1c2ed54368
|
|
harnesses
|
|
value on failure
a652ba6293ef8d144935dc882b5f0003c987fa22 rpc/wallet: initialize nFeeRequired to avoid using garbage value on failure (Karl-Johan Alm)
Pull request description:
Initialize the `nFeeRequired` variable to avoid using an uninitialized value for errors happening before it is set to 0.
Note: this originally fixed `nFeeRet` in `wallet.cpp`.
ACKs for top commit:
promag:
ACK a652ba6293ef8d144935dc882b5f0003c987fa22.
Sjors:
utACK a652ba6293ef8d144935dc882b5f0003c987fa22
practicalswift:
ACK a652ba6293ef8d144935dc882b5f0003c987fa22 -- patch looks correct
meshcollider:
utACK a652ba6293ef8d144935dc882b5f0003c987fa22
Tree-SHA512: 0d12f1ffd0851ed5ce6d109d2c87f55e8b1d57da297e684feeabb57229200c4078f029c55ca5aa5712bd18e26dda3ce538443dfe68a7a6d504428068f81fded0
|
|
|
|
signrawtransactionwithwallet
Instead of duplicating signing code, just use the function we already
have.
|
|
|
|
|
|
|
|
|
|
in existing fuzzing harnesses.
52fed696d251dc38211eb2fa7f144b6a989dd479 tests: Fuzz additional functions in the script fuzzing harness (practicalswift)
5fc10f3cb5991684f10c589fa5ccf2d694ffa32a tests: Fuzz additional functions in the transaction fuzzing harness (practicalswift)
1d324ce92229f3557f6bb38a63873dea1677240e tests: Fuzz additional functions in the integer fuzzing harness (practicalswift)
4fe4de6364b05d2abde196b486b6e3f254d18026 tests: Fuzz additional functions in the hex fuzzing harness (practicalswift)
c7ea12d098ee292b78274671b698202c6551b075 tests: Add key_io fuzzing harness (practicalswift)
Pull request description:
Add `key_io` fuzzing harness.
Fuzz additional functions in the `hex` fuzzing harness.
Fuzz additional functions in the `integer` fuzzing harness.
Fuzz additional functions in the `script` fuzzing harness.
Fuzz additional functions in the `transaction` fuzzing harness.
**How to test this PR**
```
$ make distclean
$ ./autogen.sh
$ CC=clang CXX=clang++ ./configure --enable-fuzz \
--with-sanitizers=address,fuzzer,undefined
$ make
$ src/test/fuzz/key_io
…
```
ACKs for top commit:
MarcoFalke:
ACK 52fed696d251dc38211eb2fa7f144b6a989dd479 🛫
Tree-SHA512: a57ab66c18d260c2e39d987cab9fa576f7a5520dc1ea7fd607d64d8e005e16558312ddb4c9f4d4f3147dc6194d8ae0b0fb86ed5e58ba6aef5383ea726463df97
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
