aboutsummaryrefslogtreecommitdiff
path: root/src/script.cpp
AgeCommit message (Collapse)Author
2013-11-10Cleanup code using forward declarations.Brandon Dahler
Use misc methods of avoiding unnecesary header includes. Replace int typedefs with int##_t from stdint.h. Replace PRI64[xdu] with PRI[xdu]64 from inttypes.h. Normalize QT_VERSION ifs where possible. Resolve some indirect dependencies as direct ones. Remove extern declarations from .cpp files.
2013-10-24Relay OP_RETURN TxOut as standard transaction typePeter Todd
Also fix decoderawtransaction to not show reqSigs or addresses for nulldata txouts. (Previous version also left reqSigs uninitialized mistakenly)
2013-10-21Merge pull request #2738 from jgarzik/op_returnGavin Andresen
Relay OP_RETURN data TxOut as standard transaction type.
2013-10-20Merge pull request #3119Pieter Wuille
db0e8cc Bump Year Number to 2013 (super3)
2013-10-20Bump Year Number to 2013super3
2013-10-02Relay OP_RETURN data TxOut as standard transaction typeJeff Garzik
2013-09-28Inline signature serializerPieter Wuille
Instead of building a full copy of a CTransaction being signed, and then modifying bits and pieces until its fits the form necessary for computing the signature hash, use a wrapper serializer that only serializes the necessary bits on-the-fly. This makes it easier to see which data is actually being hash, reduces load on the heap, and also marginally improves performances (around 3-4us/sigcheck here). The performance improvements are much larger for large transactions, though. The old implementation of SignatureHash is moved to a unit tests, to test whether the old and new algorithm result in the same value for randomly-constructed transactions.
2013-09-18Replace printf with LogPrintf / LogPrintGavin Andresen
2013-08-25Merge pull request #2938 from petertodd/op-reserved-weirdnessGavin Andresen
Document and test OP_RESERVED weirdness
2013-08-25Document and test OP_RESERVED weirdnessPeter Todd
Seems it was forgotten about when IsPushOnly() and the unittests were written. A particular oddity is that OP_RESERVED doesn't count towards the >201 opcode limit unlike every other named opcode.
2013-08-24Merge pull request #2618 from fcicq/solaris-supportJeff Garzik
Partial solaris support
2013-08-16Only create signatures with even S, and verification mode to check.Pieter Wuille
To fix a minor malleability found by Sergio Lerner (reported here: https://bitcointalk.org/index.php?topic=8392.msg1245898#msg1245898) The problem is that if (R,S) is a valid ECDSA signature for a given message and public key, (R,-S) is also valid. Modulo N (the order of the secp256k1 curve), this means that both (R,S) and (R,N-S) are valid. Given that N is odd, S and N-S have a different lowest bit. We solve the problem by forcing signatures to have an even S value, excluding one of the alternatives. This commit just changes the signing code to always produce even S values, and adds a verification mode to check it. This code is not enabled anywhere yet. Existing tests in key_tests.cpp verify that the produced signatures are still valid.
2013-07-31Remove #define loop from util.hGavin Andresen
Replace the loop macro with while (true). The #define caused problems for Qt.
2013-07-17Fix boost uint type bug by reordering the includesfcicq
2013-06-22Add ExtractAffectedKeys to scriptPieter Wuille
This function finds all keys affected by a particular output script, supporting everything ExtractDestinations supports (pay-to-pubkey, pay-to-pubkeyhash, multisig) and recurses into subscripts (P2SH).
2013-06-05Removed script.cpp's dependence on main.hEric Lombrozo
2013-05-30Make signature cache store CPubKeysPieter Wuille
2013-05-30CSecret/CKey -> CKey/CPubKey split/refactorPieter Wuille
2013-05-30Make CPubKey statically allocatedPieter Wuille
2013-05-02Remove implementation of disabled opcodesGavin Andresen
So we stop getting pull requests (like #2604) fixing problems with disabled Script opcodes. A hard fork would be required to re-enable these, and if we ever did that we'd require extensive review and testing.
2013-01-23Merge pull request #2114 from sipa/strictstrictGavin Andresen
Make IsCanonicalScript() check the hash type more thoroughly
2013-01-18Replace 520 constant with MAX_SCRIPT_ELEMENT_SIZEMatt Corallo
2013-01-08Remove contention on signature cache during block validationPieter Wuille
Since block validation happens in parallel, multiple threads may be accessing the signature cache simultaneously. To prevent contention: * Turn the signature cache lock into a shared mutex * Make reading from the cache only acquire a shared lock * Let block validations not store their results in the cache
2013-01-08Move VerifySignature to mainPieter Wuille
2012-12-22Make IsCanonicalScript() check the hash type more thoroughlyPieter Wuille
0 and 128 were previously accepted as standard hash type. Note that this function is not active in the current verification code.
2012-11-21Add assert and comment for subtle pay-to-script-hash logicGavin Andresen
2012-11-15Introduce script verification flagsPieter Wuille
These flags select features to be enabled/disabled during script evaluation/checking, instead of several booleans passed along. Currently these flags are defined: * SCRIPT_VERIFY_P2SH: enable BIP16-style subscript evaluation * SCRIPT_VERIFY_STRICTENC: enforce strict adherence to pubkey/sig encoding standards.
2012-10-20Merge pull request #1936 from sipa/morehashwriterPieter Wuille
Use CHashWriter also in SignatureHash(), and for message signing
2012-10-20UltraprunePieter Wuille
This switches bitcoin's transaction/block verification logic to use a "coin database", which contains all unredeemed transaction output scripts, amounts and heights. The name ultraprune comes from the fact that instead of a full transaction index, we only (need to) keep an index with unspent outputs. For now, the blocks themselves are kept as usual, although they are only necessary for serving, rescanning and reorganizing. The basic datastructures are CCoins (representing the coins of a single transaction), and CCoinsView (representing a state of the coins database). There are several implementations for CCoinsView. A dummy, one backed by the coins database (coins.dat), one backed by the memory pool, and one that adds a cache on top of it. FetchInputs, ConnectInputs, ConnectBlock, DisconnectBlock, ... now operate on a generic CCoinsView. The block switching logic now builds a single cached CCoinsView with changes to be committed to the database before any changes are made. This means no uncommitted changes are ever read from the database, and should ease the transition to another database layer which does not support transactions (but does support atomic writes), like LevelDB. For the getrawtransaction() RPC call, access to a txid-to-disk index would be preferable. As this index is not necessary or even useful for any other part of the implementation, it is not provided. Instead, getrawtransaction() uses the coin database to find the block height, and then scans that block to find the requested transaction. This is slow, but should suffice for debug purposes.
2012-10-20Compact serialization for scriptsPieter Wuille
Special serializers for script which detect common cases and encode them much more efficiently. 3 special cases are defined: * Pay to pubkey hash (encoded as 21 bytes) * Pay to script hash (encoded as 21 bytes) * Pay to pubkey starting with 0x02, 0x03 or 0x04 (encoded as 33 bytes) Other scripts up to 121 bytes require 1 byte + script length. Above that, scripts up to 16505 bytes require 2 bytes + script length.
2012-10-20Merge pull request #1742 from sipa/canonicalJeff Garzik
Check for canonical public keys and signatures
2012-10-19Use CHashWriter also in SignatureHash(), and for message signingPieter Wuille
2012-09-25Documented bug in sign-extension behavior of opcodes OP_AND, OP_OR, and OP_XOR.Mark Friedenbach
Due to a bug in the implementation of MakeSameSize(), using OP_AND, OP_OR, or OP_XOR with signed values of unequal size will result in the sign-value becoming part of the smaller integer, with nonsensical results. This patch documents the unexpected behavior and provides the basis of a solution should decision be made to fix the bug in the future.
2012-09-21Check for canonical public keys and signaturesPieter Wuille
Only enabled inside tests for now.
2012-08-24Avoid leaving return types or function attributes on their own lines.Gregory Maxwell
2012-08-01Bugfix: Correct English grammar regarding "'s"Luke Dashjr
2012-08-01Bugfix: Fix a variety of misspellingsLuke Dashjr
2012-07-05Use unsigned ints to fix signed/unsigned warningsGavin Andresen
2012-07-05Implement raw transaction RPC callsGavin Andresen
Implement listunspent / getrawtransaction / createrawtransaction / signrawtransaction, to support creation and signing-on-multiple-device multisignature transactions.
2012-07-05Refactor: SignSignature/VerifyScriptGavin Andresen
Minor refactor to support signrawtx signing/verifying transactions when it might only have the previous transaction's txid and txOut.
2012-05-24Refactor: split CKeyID/CScriptID/CTxDestination from CBitcoinAddressPieter Wuille
This introduces internal types: * CKeyID: reference (hash160) of a key * CScriptID: reference (hash160) of a script * CTxDestination: a boost::variant of the former two CBitcoinAddress is retrofitted to be a Base58 encoding of a CTxDestination. This allows all internal code to only use the internal types, and only have RPC and GUI depend on the base58 code. Furthermore, the header dependencies are a lot saner now. base58.h is at the top (right below rpc and gui) instead of at the bottom. For the rest: wallet -> script -> keystore -> key. Only keystore still requires a forward declaration of CScript. Solving that would require splitting script into two layers.
2012-05-24Encapsulate public keys in CPubKeyPieter Wuille
2012-05-22Move signature cache from CKey::Verify to CheckSig in script.cppGavin Andresen
More than doubles the speed of verifying already-cached signatures that use compressed pubkeys: Before: ~200 microseconds After: ~80 microseconds (no caching at all: ~3,300 microseconds per signature) Also encapsulates the signature cache code in a class and fixes a signed/unsigned comparison warning.
2012-05-18Update License in File HeadersFordy
I originally created a pull to replace the "COPYING" in crypter.cpp and crypter.h, but it turned out that COPYING was actually the correct file.
2012-05-01EvalScript(): cast to avoid signed/unsigned warningJeff Garzik
2012-04-26Undo part of c2e8c8ac to fix issue#1148Gavin Andresen
2012-04-23Add casts for unavoidable signed/unsigned comparisonsJeff Garzik
At these code sites, it is preferable to cast rather than change a variable's type.
2012-04-23SigOp and orphan-tx constants and counts are always unsigned.Jeff Garzik
Fixes several sign-comparison warnings.
2012-04-22Prefer 'unsigned int' for loop index variables tested against ::size()Jeff Garzik
C++ STL ::size() generally returns unsigned, which implies that "int idx" style of loop variable will generate a signed-vs-unsigned comparison warning when testing the loop exit condition "idx < blah.size()" Update areas of the bitcoin code where loop variables may be more properly and correctly defined as unsigned.
2012-04-17Further reduce header dependenciesPieter Wuille
This commit removes the dependency of serialize.h on PROTOCOL_VERSION, and makes this parameter required instead of implicit. This is much saner, as it makes the places where changing a version number can have an influence obvious.