aboutsummaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2017-02-21util: Specific GetOSRandom for Linux/FreeBSD/OpenBSDWladimir J. van der Laan
These are available in sandboxes without access to files or devices. Also [they are safer and more straightforward](https://en.wikipedia.org/wiki/Entropy-supplying_system_calls) to use than `/dev/urandom` as reading from a file has quite a few edge cases: - Linux: `getrandom(buf, buflen, 0)`. [getrandom(2)](http://man7.org/linux/man-pages/man2/getrandom.2.html) was introduced in version 3.17 of the Linux kernel. - OpenBSD: `getentropy(buf, buflen)`. The [getentropy(2)](http://man.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man2/getentropy.2) function appeared in OpenBSD 5.6. - FreeBSD and NetBSD: `sysctl(KERN_ARND)`. Not sure when this was added but it has existed for quite a while. Alternatives: - Linux has sysctl `CTL_KERN` / `KERN_RANDOM` / `RANDOM_UUID` which gives 16 bytes of randomness. This may be available on older kernels, however [sysctl is deprecated on Linux](https://lwn.net/Articles/605392/) and even removed in some distros so we shouldn't use it. Add tests for `GetOSRand()`: - Test that no error happens (otherwise `RandFailure()` which aborts) - Test that all 32 bytes are overwritten (initialize with zeros, try multiple times) Discussion: - When to use these? Currently they are always used when available. Another option would be to use them only when `/dev/urandom` is not available. But this would mean these code paths receive less testing, and I'm not sure there is any reason to prefer `/dev/urandom`. Closes: #9676
2017-02-21Merge #9727: Remove fallbacks for boost_filesystem < v3Wladimir J. van der Laan
056aba2 Remove fallbacks for boost_filesystem < v3 (Wladimir J. van der Laan)
2017-02-21Fix segfault crash when shutdown the GUI in disablewallet modeJonas Schnelli
2017-02-21Merge #9798: Fix Issue #9775 (Check returned value of fopen)Wladimir J. van der Laan
40f11f8 Fix for issue #9775. Added check for open() returning a NULL pointer. (kirit93)
2017-02-20Fix for issue #9775. Added check for open() returning a NULL pointer.kirit93
2017-02-20Read/write mempool.dat as a binary.Pavel Janík
mempool.dat is a binary file and thus it should be read/written as such. Fixes #9810.
2017-02-20Merge #9726: netbase: Do not print an error on connection timeouts through proxyWladimir J. van der Laan
3ddfe29 netbase: Do not print an error on connection timeouts through proxy (Wladimir J. van der Laan) 13f6085 netbase: Make InterruptibleRecv return an error code instead of bool (Wladimir J. van der Laan)
2017-02-20Merge #9619: Bugfix: RPC/Mining: GBT should return 1 MB sizelimit before ↵Wladimir J. van der Laan
segwit activates 279f944 QA: Test GBT size/weight limit values (Luke Dashjr) 9fc7f0b Bugfix: RPC/Mining: GBT should return 1 MB sizelimit before segwit activates (Luke Dashjr)
2017-02-20Merge #9760: [wallet] Remove importmulti always-true checkWladimir J. van der Laan
ec1267f [wallet] Remove importmulti always-true check (Russell Yanofsky)
2017-02-20Merge #9724: Qt/Intro: Add explanation of IBD processWladimir J. van der Laan
f6d18f5 Qt/Intro: Explain a bit more what will happen first time (Luke Dashjr) 50c5657 Qt/Intro: Storage shouldn't grow significantly with pruning enabled (Luke Dashjr) 9adb694 Qt/Intro: Move sizeWarningLabel text into C++ code (Luke Dashjr)
2017-02-19Merge #9791: Avoid VLA in hash.hWladimir J. van der Laan
5c8fd50 Avoid VLA in hash.h (Pieter Wuille)
2017-02-18Merge #9696: [trivial] Fix recently introduced typos in commentsMarcoFalke
0c9b9b7 [trivial] Fix recently introduced typos in comments (practicalswift)
2017-02-17Avoid VLA in hash.hPieter Wuille
2017-02-17Merge #9786: boost: remove iostreams includesWladimir J. van der Laan
3301587 boost: remove iostreams includes (Cory Fields)
2017-02-17boost: remove iostreams includesCory Fields
They're unused and produce nasty deprecation warnings
2017-02-17Move BIP70_MAX_PAYMENTREQUEST_SIZE to headerPieter Wuille
2017-02-17Make KEY_SIZE a compile-time constantPieter Wuille
2017-02-17build: bump version to 0.14.99Wladimir J. van der Laan
Now that 0.14 branch has been split off, master is 0.14.99 (pre-0.15). Also clean out release notes.
2017-02-17[wallet] Remove importmulti always-true checkRussell Yanofsky
Remove "nLowestTimestamp <= chainActive.Tip()->GetBlockTimeMax()" check from importmulti, which is always true because nLowestTimestamp is set to the minimum of the most recent block time and all the imported key timestamps, which is necessarily lower than the maximum block time.
2017-02-17Merge #9761: Use 2 hour grace period for key timestamps in importmulti rescansWladimir J. van der Laan
e662af3 Use 2 hour grace period for key timestamps in importmulti rescans (Russell Yanofsky) 38d3e9e [qa] Extend import-rescan.py to test imports on pruned nodes. (Russell Yanofsky) c28583d [qa] Extend import-rescan.py to test specific key timestamps (Russell Yanofsky) 8be0866 [qa] Simplify import-rescan.py (Russell Yanofsky)
2017-02-17Merge #9778: Add two hour buffer to manual pruningWladimir J. van der Laan
91fb506 Add two hour buffer to manual pruning (Alex Morcos)
2017-02-17Merge #9779: Update nMinimumChainWork and defaultAssumeValid.Wladimir J. van der Laan
3f78e46 Update nMinimumChainWork and defaultAssumeValid. (Gregory Maxwell)
2017-02-17Merge #9777: Handle unusual maxsigcachesize gracefullyWladimir J. van der Laan
55c403b Ensure `-maxsigcachesize` is in valid range (John Newbery)
2017-02-17Ensure `-maxsigcachesize` is in valid rangeJohn Newbery
- If the -maxsigcachesize parameter is set to zero, setup a minimum sized sigcache (2 elements) rather than segfaulting. - Handle maxsigcachesize being negative - Handle maxsigcachesize being too large
2017-02-16Add two hour buffer to manual pruningAlex Morcos
2017-02-16Update nMinimumChainWork and defaultAssumeValid.Gregory Maxwell
2017-02-16Use 2 hour grace period for key timestamps in importmulti rescansRussell Yanofsky
Gregory Maxwell <greg@xiph.org> pointed out the lack of grace period in https://github.com/bitcoin/bitcoin/pull/9490#issue-199407998. The importwallet RPC which uses key timestamps in a similar way already has a 2 hour grace period.
2017-02-16Merge #9763: [Trivial] Update comments referencing main.cppWladimir J. van der Laan
00e623d [Trivial] Update comments referencing main.cpp (CryptAxe)
2017-02-16[Trivial] Update comments referencing main.cppCryptAxe
2017-02-16Merge #9771: Add missing cs_wallet lock that triggers new lock held assertionWladimir J. van der Laan
07afcd6 Add missing cs_wallet lock that triggers new lock held assertion (Russell Yanofsky)
2017-02-16Merge #9764: wallet: Prevent "overrides a member function but is not marked ↵Wladimir J. van der Laan
'override'" warnings 6c5427d wallet: Prevent "overrides a member function but is not marked 'override'" warnings (Wladimir J. van der Laan)
2017-02-16Merge #9765: Harden against mistakes handling invalid blocksWladimir J. van der Laan
ba803ef Harden against mistakes handling invalid blocks (Suhas Daftuar)
2017-02-15Add missing cs_wallet lock that triggers new lock held assertionRussell Yanofsky
A new AssertLockHeld(cs_wallet) call was added in commit a58370e "Dedup nTimeFirstKey update logic" (part of PR #9108). The lock held assertion will fail when loading prexisting wallets files from before the #9108 merge that have watch-only keys.
2017-02-15Merge #9756: Return error when importmulti called with invalid address.Wladimir J. van der Laan
9acf25c Return error when importmulti called with invalid address. (Russell Yanofsky)
2017-02-15Merge #9758: Selectively suppress deprecation warningsWladimir J. van der Laan
4b6cccc Selectively suppress deprecation warnings (Jonas Schnelli)
2017-02-15Harden against mistakes handling invalid blocksSuhas Daftuar
Fixes a bug in AcceptBlock() in invoking CheckBlock() with incorrect arguments, and restores a call to CheckBlock() from ProcessNewBlock() as belt-and-suspenders. Updates the (overspecified) tests to match behavior.
2017-02-15wallet: Prevent "overrides a member function but is not marked 'override'" ↵Wladimir J. van der Laan
warnings Because it is used inconsistently at least version 5.4.0 of g++ to complains about methods that don't use override. There is two ways to go about this: remove override from the methods having it, or add it to the methods missing it. I chose the second.
2017-02-15Merge #9108: Use importmulti timestamp when importing watch only keys (on ↵Wladimir J. van der Laan
top of #9682) a80f98b Use importmulti timestamp when importing watch only keys (Russell Yanofsky) a58370e Dedup nTimeFirstKey update logic (Russell Yanofsky)
2017-02-15Merge #9553: Use z = std::max(x - y, 0) instead of z = x - y; if (z < 0) z = 0;Wladimir J. van der Laan
a47da4b Use z = std::max(x - y, 0); instead of z = x - y; if (z < 0) z = 0; (practicalswift)
2017-02-14[trivial] Fix recently introduced typos in commentspracticalswift
2017-02-14Merge #9755: Bugfix: Qt/Options: Restore persistent "restart required" noticeJonas Schnelli
0b4f273 Bugfix: Qt/Options: Restore persistent "restart required" notice (Luke Dashjr)
2017-02-14Merge #9720: net: fix banning and disallow sending messages before receiving ↵Wladimir J. van der Laan
verack d943491 qa: add a test to detect leaky p2p messages (Cory Fields) 8650bbb qa: Expose on-connection to mininode listeners (Matt Corallo) 5b5e4f8 qa: mininode learns when a socket connects, not its first action (Matt Corallo) cbfc5a6 net: require a verack before responding to anything else (Cory Fields) 8502e7a net: parse reject earlier (Cory Fields) c45b9fb net: correctly ban before the handshake is complete (Cory Fields)
2017-02-14Merge #9715: Disconnect peers which we do not receive VERACKs from within 60 secWladimir J. van der Laan
66f861a Add a test for P2P inactivity timeouts (Matt Corallo) b436f92 qa: Expose on-connection to mininode listeners (Matt Corallo) 8aaba7a qa: mininode learns when a socket connects, not its first action (Matt Corallo) 2cbd119 Disconnect peers which we do not receive VERACKs from within 60 sec (Matt Corallo)
2017-02-14Merge #9682: Require timestamps for importmulti keysWladimir J. van der Laan
266a811 Use MTP for importmulti "now" timestamps (Russell Yanofsky) 3cf9917 Add test to check new importmulti "now" value (Russell Yanofsky) 442887f Require timestamps for importmulti keys (Russell Yanofsky)
2017-02-14Selectively suppress deprecation warningsJonas Schnelli
2017-02-14Merge #9735: devtools: Handle Qt formatting characters edge-case in ↵Wladimir J. van der Laan
update-translations.py 7179e7c qt: Periodic translations update (Wladimir J. van der Laan) 5e903a5 devtools: Handle Qt formatting characters edge-case in update-translations.py (Wladimir J. van der Laan)
2017-02-13net: require a verack before responding to anything elseCory Fields
7a8c251901 made this logic hard to follow. After that change, messages would not be sent to a peer via SendMessages() before the handshake was complete, but messages could still be sent as a response to an incoming message. For example, if a peer had not yet sent a verack, we wouldn't notify it about new blocks, but we would respond to a PING with a PONG. This change makes the behavior straightforward: until we've received a verack, never send any message other than version/verack/reject. The behavior until a VERACK is received has always been undefined, this change just tightens our policy. This also makes testing much easier, because we can now connect but not send version/verack, and anything sent to us is an error.
2017-02-13net: parse reject earlierCory Fields
Prior to this change, all messages were ignored until a VERSION message was received, as well as possibly incurring a ban score. Since REJECT messages can be sent at any time (including as a response to a bad VERSION message), make sure to always parse them. Moving this parsing up keeps it from being caught in the if (pfrom->nVersion == 0) check below.
2017-02-13net: correctly ban before the handshake is completeCory Fields
7a8c251901 made a change to avoid getting into SendMessages() until the version handshake (VERSION + VERACK) is complete. That was done to avoid leaking out messages to nodes who could connect, but never bothered sending us their version/verack. Unfortunately, the ban tally and possible disconnect are done as part of SendMessages(). So after 7a8c251901, if a peer managed to do something bannable before completing the handshake (say send 100 non-version messages before their version), they wouldn't actually end up getting disconnected/banned. That's fixed here by checking the banscore as part of ProcessMessages() in addition to SendMessages().
2017-02-13Return error when importmulti called with invalid address.Russell Yanofsky
Lack of error checking noticed by Alex Morcos <morcos@chaincode.com>