Age | Commit message (Collapse) | Author |
|
These are available in sandboxes without access to files or
devices. Also [they are safer and more straightforward](https://en.wikipedia.org/wiki/Entropy-supplying_system_calls)
to use than `/dev/urandom` as reading from a file has quite a few edge
cases:
- Linux: `getrandom(buf, buflen, 0)`. [getrandom(2)](http://man7.org/linux/man-pages/man2/getrandom.2.html)
was introduced in version 3.17 of the Linux kernel.
- OpenBSD: `getentropy(buf, buflen)`. The [getentropy(2)](http://man.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man2/getentropy.2)
function appeared in OpenBSD 5.6.
- FreeBSD and NetBSD: `sysctl(KERN_ARND)`. Not sure when this was added
but it has existed for quite a while.
Alternatives:
- Linux has sysctl `CTL_KERN` / `KERN_RANDOM` / `RANDOM_UUID`
which gives 16 bytes of randomness. This may be available
on older kernels, however [sysctl is deprecated on Linux](https://lwn.net/Articles/605392/)
and even removed in some distros so we shouldn't use it.
Add tests for `GetOSRand()`:
- Test that no error happens (otherwise `RandFailure()` which aborts)
- Test that all 32 bytes are overwritten (initialize with zeros, try multiple times)
Discussion:
- When to use these? Currently they are always used when available.
Another option would be to use them only when `/dev/urandom` is not
available. But this would mean these code paths receive less testing,
and I'm not sure there is any reason to prefer `/dev/urandom`.
Closes: #9676
|
|
056aba2 Remove fallbacks for boost_filesystem < v3 (Wladimir J. van der Laan)
|
|
|
|
40f11f8 Fix for issue #9775. Added check for open() returning a NULL pointer. (kirit93)
|
|
|
|
mempool.dat is a binary file and thus it should be read/written as such.
Fixes #9810.
|
|
3ddfe29 netbase: Do not print an error on connection timeouts through proxy (Wladimir J. van der Laan)
13f6085 netbase: Make InterruptibleRecv return an error code instead of bool (Wladimir J. van der Laan)
|
|
segwit activates
279f944 QA: Test GBT size/weight limit values (Luke Dashjr)
9fc7f0b Bugfix: RPC/Mining: GBT should return 1 MB sizelimit before segwit activates (Luke Dashjr)
|
|
ec1267f [wallet] Remove importmulti always-true check (Russell Yanofsky)
|
|
f6d18f5 Qt/Intro: Explain a bit more what will happen first time (Luke Dashjr)
50c5657 Qt/Intro: Storage shouldn't grow significantly with pruning enabled (Luke Dashjr)
9adb694 Qt/Intro: Move sizeWarningLabel text into C++ code (Luke Dashjr)
|
|
5c8fd50 Avoid VLA in hash.h (Pieter Wuille)
|
|
0c9b9b7 [trivial] Fix recently introduced typos in comments (practicalswift)
|
|
|
|
3301587 boost: remove iostreams includes (Cory Fields)
|
|
They're unused and produce nasty deprecation warnings
|
|
|
|
|
|
Now that 0.14 branch has been split off, master is 0.14.99 (pre-0.15).
Also clean out release notes.
|
|
Remove "nLowestTimestamp <= chainActive.Tip()->GetBlockTimeMax()" check from
importmulti, which is always true because nLowestTimestamp is set to the
minimum of the most recent block time and all the imported key timestamps,
which is necessarily lower than the maximum block time.
|
|
e662af3 Use 2 hour grace period for key timestamps in importmulti rescans (Russell Yanofsky)
38d3e9e [qa] Extend import-rescan.py to test imports on pruned nodes. (Russell Yanofsky)
c28583d [qa] Extend import-rescan.py to test specific key timestamps (Russell Yanofsky)
8be0866 [qa] Simplify import-rescan.py (Russell Yanofsky)
|
|
91fb506 Add two hour buffer to manual pruning (Alex Morcos)
|
|
3f78e46 Update nMinimumChainWork and defaultAssumeValid. (Gregory Maxwell)
|
|
55c403b Ensure `-maxsigcachesize` is in valid range (John Newbery)
|
|
- If the -maxsigcachesize parameter is set to zero, setup a minimum sized
sigcache (2 elements) rather than segfaulting.
- Handle maxsigcachesize being negative
- Handle maxsigcachesize being too large
|
|
|
|
|
|
Gregory Maxwell <greg@xiph.org> pointed out the lack of grace period in
https://github.com/bitcoin/bitcoin/pull/9490#issue-199407998.
The importwallet RPC which uses key timestamps in a similar way already has a 2
hour grace period.
|
|
00e623d [Trivial] Update comments referencing main.cpp (CryptAxe)
|
|
|
|
07afcd6 Add missing cs_wallet lock that triggers new lock held assertion (Russell Yanofsky)
|
|
'override'" warnings
6c5427d wallet: Prevent "overrides a member function but is not marked 'override'" warnings (Wladimir J. van der Laan)
|
|
ba803ef Harden against mistakes handling invalid blocks (Suhas Daftuar)
|
|
A new AssertLockHeld(cs_wallet) call was added in commit a58370e
"Dedup nTimeFirstKey update logic" (part of PR #9108).
The lock held assertion will fail when loading prexisting wallets files from
before the #9108 merge that have watch-only keys.
|
|
9acf25c Return error when importmulti called with invalid address. (Russell Yanofsky)
|
|
4b6cccc Selectively suppress deprecation warnings (Jonas Schnelli)
|
|
Fixes a bug in AcceptBlock() in invoking CheckBlock() with incorrect
arguments, and restores a call to CheckBlock() from ProcessNewBlock()
as belt-and-suspenders.
Updates the (overspecified) tests to match behavior.
|
|
warnings
Because it is used inconsistently at least version 5.4.0 of g++ to
complains about methods that don't use override. There is two ways to go
about this: remove override from the methods having it, or add it to the
methods missing it. I chose the second.
|
|
top of #9682)
a80f98b Use importmulti timestamp when importing watch only keys (Russell Yanofsky)
a58370e Dedup nTimeFirstKey update logic (Russell Yanofsky)
|
|
a47da4b Use z = std::max(x - y, 0); instead of z = x - y; if (z < 0) z = 0; (practicalswift)
|
|
|
|
0b4f273 Bugfix: Qt/Options: Restore persistent "restart required" notice (Luke Dashjr)
|
|
verack
d943491 qa: add a test to detect leaky p2p messages (Cory Fields)
8650bbb qa: Expose on-connection to mininode listeners (Matt Corallo)
5b5e4f8 qa: mininode learns when a socket connects, not its first action (Matt Corallo)
cbfc5a6 net: require a verack before responding to anything else (Cory Fields)
8502e7a net: parse reject earlier (Cory Fields)
c45b9fb net: correctly ban before the handshake is complete (Cory Fields)
|
|
66f861a Add a test for P2P inactivity timeouts (Matt Corallo)
b436f92 qa: Expose on-connection to mininode listeners (Matt Corallo)
8aaba7a qa: mininode learns when a socket connects, not its first action (Matt Corallo)
2cbd119 Disconnect peers which we do not receive VERACKs from within 60 sec (Matt Corallo)
|
|
266a811 Use MTP for importmulti "now" timestamps (Russell Yanofsky)
3cf9917 Add test to check new importmulti "now" value (Russell Yanofsky)
442887f Require timestamps for importmulti keys (Russell Yanofsky)
|
|
|
|
update-translations.py
7179e7c qt: Periodic translations update (Wladimir J. van der Laan)
5e903a5 devtools: Handle Qt formatting characters edge-case in update-translations.py (Wladimir J. van der Laan)
|
|
7a8c251901 made this logic hard to follow. After that change, messages would
not be sent to a peer via SendMessages() before the handshake was complete, but
messages could still be sent as a response to an incoming message.
For example, if a peer had not yet sent a verack, we wouldn't notify it about
new blocks, but we would respond to a PING with a PONG.
This change makes the behavior straightforward: until we've received a verack,
never send any message other than version/verack/reject.
The behavior until a VERACK is received has always been undefined, this change
just tightens our policy.
This also makes testing much easier, because we can now connect but not send
version/verack, and anything sent to us is an error.
|
|
Prior to this change, all messages were ignored until a VERSION message was
received, as well as possibly incurring a ban score.
Since REJECT messages can be sent at any time (including as a response to a bad
VERSION message), make sure to always parse them.
Moving this parsing up keeps it from being caught in the
if (pfrom->nVersion == 0) check below.
|
|
7a8c251901 made a change to avoid getting into SendMessages() until the
version handshake (VERSION + VERACK) is complete. That was done to avoid
leaking out messages to nodes who could connect, but never bothered sending
us their version/verack.
Unfortunately, the ban tally and possible disconnect are done as part of
SendMessages(). So after 7a8c251901, if a peer managed to do something
bannable before completing the handshake (say send 100 non-version messages
before their version), they wouldn't actually end up getting
disconnected/banned. That's fixed here by checking the banscore as part of
ProcessMessages() in addition to SendMessages().
|
|
Lack of error checking noticed by Alex Morcos <morcos@chaincode.com>
|