From 4734b29ecd693f9615a163a0e3b0d04aacda305e Mon Sep 17 00:00:00 2001 From: "Robert C. Seacord" Date: Tue, 16 Aug 2016 09:20:36 -0400 Subject: [PATCH 01/20] Changes to upgrade bdb to 6.2.23 Closes #1255 --- build-aux/m4/bitcoin_find_bdb48.m4 | 30 +++++++++++++++--------------- configure.ac | 8 ++++---- depends/packages/bdb.mk | 12 ++++-------- 3 files changed, 23 insertions(+), 27 deletions(-) diff --git a/build-aux/m4/bitcoin_find_bdb48.m4 b/build-aux/m4/bitcoin_find_bdb48.m4 index 0bf558d2..bd5c2af4 100644 --- a/build-aux/m4/bitcoin_find_bdb48.m4 +++ b/build-aux/m4/bitcoin_find_bdb48.m4 @@ -1,11 +1,11 @@ -AC_DEFUN([BITCOIN_FIND_BDB48],[ +AC_DEFUN([BITCOIN_FIND_BDB62],[ AC_MSG_CHECKING([for Berkeley DB C++ headers]) BDB_CPPFLAGS= BDB_LIBS= bdbpath=X - bdb48path=X + bdb62path=X bdbdirlist= - for _vn in 4.8 48 4 5 ''; do + for _vn in 6.2 62 6 ''; do for _pfx in b lib ''; do bdbdirlist="$bdbdirlist ${_pfx}db${_vn}" done @@ -15,8 +15,8 @@ AC_DEFUN([BITCOIN_FIND_BDB48],[ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <${searchpath}db_cxx.h> ]],[[ - #if !((DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR >= 8) || DB_VERSION_MAJOR > 4) - #error "failed to find bdb 4.8+" + #if !((DB_VERSION_MAJOR == 6 && DB_VERSION_MINOR >= 2) || DB_VERSION_MAJOR > 6) + #error "failed to find bdb 6.2+" #endif ]])],[ if test "x$bdbpath" = "xX"; then @@ -28,32 +28,32 @@ AC_DEFUN([BITCOIN_FIND_BDB48],[ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <${searchpath}db_cxx.h> ]],[[ - #if !(DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR == 8) - #error "failed to find bdb 4.8" + #if !(DB_VERSION_MAJOR == 6 && DB_VERSION_MINOR == 2) + #error "failed to find bdb 6.2" #endif ]])],[ - bdb48path="${searchpath}" + bdb62path="${searchpath}" break ],[]) done if test "x$bdbpath" = "xX"; then AC_MSG_RESULT([no]) AC_MSG_ERROR([libdb_cxx headers missing, Bitcoin Core requires this library for wallet functionality (--disable-wallet to disable wallet functionality)]) - elif test "x$bdb48path" = "xX"; then + elif test "x$bdb62path" = "xX"; then BITCOIN_SUBDIR_TO_INCLUDE(BDB_CPPFLAGS,[${bdbpath}],db_cxx) - AC_ARG_WITH([incompatible-bdb],[AS_HELP_STRING([--with-incompatible-bdb], [allow using a bdb version other than 4.8])],[ - AC_MSG_WARN([Found Berkeley DB other than 4.8; wallets opened by this build will not be portable!]) + AC_ARG_WITH([incompatible-bdb],[AS_HELP_STRING([--with-incompatible-bdb], [allow using a bdb version other than 6.2])],[ + AC_MSG_WARN([Found Berkeley DB other than 6.2; wallets opened by this build will not be portable!]) ],[ - AC_MSG_ERROR([Found Berkeley DB other than 4.8, required for portable wallets (--with-incompatible-bdb to ignore or --disable-wallet to disable wallet functionality)]) + AC_MSG_ERROR([Found Berkeley DB other than 6.2, required for portable wallets (--with-incompatible-bdb to ignore or --disable-wallet to disable wallet functionality)]) ]) else - BITCOIN_SUBDIR_TO_INCLUDE(BDB_CPPFLAGS,[${bdb48path}],db_cxx) - bdbpath="${bdb48path}" + BITCOIN_SUBDIR_TO_INCLUDE(BDB_CPPFLAGS,[${bdb62path}],db_cxx) + bdbpath="${bdb62path}" fi AC_SUBST(BDB_CPPFLAGS) # TODO: Ideally this could find the library version and make sure it matches the headers being used - for searchlib in db_cxx-4.8 db_cxx; do + for searchlib in db_cxx-6.2 db_cxx; do AC_CHECK_LIB([$searchlib],[main],[ BDB_LIBS="-l${searchlib}" break diff --git a/configure.ac b/configure.ac index 3ce022e5..6521fc8d 100644 --- a/configure.ac +++ b/configure.ac @@ -263,9 +263,9 @@ case $host in dnl add default macports paths CPPFLAGS="$CPPFLAGS -isystem /opt/local/include" LIBS="$LIBS -L/opt/local/lib" - if test -d /opt/local/include/db48; then - CPPFLAGS="$CPPFLAGS -I/opt/local/include/db48" - LIBS="$LIBS -L/opt/local/lib/db48" + if test -d /opt/local/include/db62; then + CPPFLAGS="$CPPFLAGS -I/opt/local/include/db62" + LIBS="$LIBS -L/opt/local/lib/db62" fi fi @@ -512,7 +512,7 @@ AC_SUBST(LIBMEMENV) if test x$enable_wallet != xno; then dnl Check for libdb_cxx only if wallet enabled - BITCOIN_FIND_BDB48 + BITCOIN_FIND_BDB62 fi dnl Check for libminiupnpc (optional) diff --git a/depends/packages/bdb.mk b/depends/packages/bdb.mk index 68841afd..df5df6bd 100644 --- a/depends/packages/bdb.mk +++ b/depends/packages/bdb.mk @@ -1,8 +1,8 @@ package=bdb -$(package)_version=4.8.30 +$(package)_version=6.2.23 $(package)_download_path=http://download.oracle.com/berkeley-db -$(package)_file_name=db-$($(package)_version).NC.tar.gz -$(package)_sha256_hash=12edc0df75bf9abd7f82f821795bcee50f42cb2e5f76a6a281b85732798364ef +$(package)_file_name=db-$($(package)_version).tar.gz +$(package)_sha256_hash=47612c8991aa9ac2f6be721267c8d3cdccf5ac83105df8e50809daea24e95dc7 $(package)_build_subdir=build_unix define $(package)_set_vars @@ -11,16 +11,12 @@ $(package)_config_opts_mingw32=--enable-mingw $(package)_config_opts_linux=--with-pic endef -define $(package)_preprocess_cmds - sed -i.old 's/__atomic_compare_exchange/__atomic_compare_exchange_db/' dbinc/atomic.h -endef - define $(package)_config_cmds ../dist/$($(package)_autoconf) endef define $(package)_build_cmds - $(MAKE) libdb_cxx-4.8.a libdb-4.8.a + $(MAKE) libdb_cxx-6.2.a libdb-6.2.a endef define $(package)_stage_cmds From 2d6d5fb311d8b9819f13f897755aeb6139587cdd Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Tue, 20 Sep 2016 18:11:39 +1200 Subject: [PATCH 02/20] Upgrade Boost to 1.62.0 Part of #944 Closes #1241 --- depends/packages/boost.mk | 6 +++--- src/wallet/db.cpp | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/depends/packages/boost.mk b/depends/packages/boost.mk index 621e669e..19903596 100644 --- a/depends/packages/boost.mk +++ b/depends/packages/boost.mk @@ -1,8 +1,8 @@ package=boost -$(package)_version=1_57_0 -$(package)_download_path=http://sourceforge.net/projects/boost/files/boost/1.57.0 +$(package)_version=1_62_0 +$(package)_download_path=http://sourceforge.net/projects/boost/files/boost/1.62.0 $(package)_file_name=$(package)_$($(package)_version).tar.bz2 -$(package)_sha256_hash=910c8c022a33ccec7f088bd65d4f14b466588dda94ba2124e78b8c57db264967 +$(package)_sha256_hash=36c96b0f6155c98404091d8ceb48319a28279ca0333fba1ad8611eb90afb2ca0 define $(package)_set_vars $(package)_config_opts_release=variant=release diff --git a/src/wallet/db.cpp b/src/wallet/db.cpp index e5bc653c..7fe2c9b8 100644 --- a/src/wallet/db.cpp +++ b/src/wallet/db.cpp @@ -43,7 +43,7 @@ void CDBEnv::EnvShutdown() if (ret != 0) LogPrintf("CDBEnv::EnvShutdown: Error %d shutting down database environment: %s\n", ret, DbEnv::strerror(ret)); if (!fMockDb) - DbEnv(0).remove(strPath.c_str(), 0); + DbEnv(u_int32_t{0}).remove(strPath.c_str(), 0); } void CDBEnv::Reset() From 44bdcabc383dbc60af7811c73f01a1b7ef851e5e Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Tue, 20 Sep 2016 18:15:14 +1200 Subject: [PATCH 03/20] Upgrade libgmp to 6.1.1 --- depends/packages/libgmp.mk | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/depends/packages/libgmp.mk b/depends/packages/libgmp.mk index aa9a89b6..cf3dfc0f 100644 --- a/depends/packages/libgmp.mk +++ b/depends/packages/libgmp.mk @@ -1,8 +1,8 @@ package=libgmp -$(package)_version=6.0.0a +$(package)_version=6.1.1 $(package)_download_path=https://gmplib.org/download/gmp/ -$(package)_file_name=gmp-6.0.0a.tar.bz2 -$(package)_sha256_hash=7f8e9a804b9c6d07164cf754207be838ece1219425d64e28cfa3e70d5c759aaf +$(package)_file_name=gmp-$($(package)_version).tar.bz2 +$(package)_sha256_hash=a8109865f2893f1373b0a8ed5ff7429de8db696fc451b1036bd7bdf95bbeffd6 $(package)_dependencies= $(package)_config_opts=--enable-cxx --disable-shared From 95efc7cccbf965e36c74bb9cd94f54d88388144f Mon Sep 17 00:00:00 2001 From: fanquake Date: Sat, 14 May 2016 16:38:44 +0800 Subject: [PATCH 04/20] [depends] OpenSSL 1.0.1k - update config_opts --- depends/packages/openssl.mk | 39 ++++++++++++++++++++++++++++++++++--- 1 file changed, 36 insertions(+), 3 deletions(-) diff --git a/depends/packages/openssl.mk b/depends/packages/openssl.mk index 403c2662..661d0c31 100644 --- a/depends/packages/openssl.mk +++ b/depends/packages/openssl.mk @@ -6,9 +6,42 @@ $(package)_sha256_hash=8f9faeaebad088e772f4ef5e38252d472be4d878c6b3a2718c10a4fce define $(package)_set_vars $(package)_config_env=AR="$($(package)_ar)" RANLIB="$($(package)_ranlib)" CC="$($(package)_cc)" -$(package)_config_opts=--prefix=$(host_prefix) --openssldir=$(host_prefix)/etc/openssl no-zlib no-shared no-dso -$(package)_config_opts+=no-krb5 no-camellia no-capieng no-cast no-cms no-dtls1 no-gost no-gmp no-heartbeats no-idea no-jpake no-md2 -$(package)_config_opts+=no-mdc2 no-rc5 no-rdrand no-rfc3779 no-rsax no-sctp no-seed no-sha0 no-static_engine no-whirlpool no-rc2 no-rc4 no-ssl2 no-ssl3 +$(package)_config_opts=--prefix=$(host_prefix) --openssldir=$(host_prefix)/etc/openssl +$(package)_config_opts+=no-camellia +$(package)_config_opts+=no-capieng +$(package)_config_opts+=no-cast +$(package)_config_opts+=no-comp +$(package)_config_opts+=no-dso +$(package)_config_opts+=no-dtls1 +$(package)_config_opts+=no-ec_nistp_64_gcc_128 +$(package)_config_opts+=no-gost +$(package)_config_opts+=no-gmp +$(package)_config_opts+=no-heartbeats +$(package)_config_opts+=no-idea +$(package)_config_opts+=no-jpake +$(package)_config_opts+=no-krb5 +$(package)_config_opts+=no-libunbound +$(package)_config_opts+=no-md2 +$(package)_config_opts+=no-mdc2 +$(package)_config_opts+=no-rc4 +$(package)_config_opts+=no-rc5 +$(package)_config_opts+=no-rdrand +$(package)_config_opts+=no-rfc3779 +$(package)_config_opts+=no-rsax +$(package)_config_opts+=no-sctp +$(package)_config_opts+=no-seed +$(package)_config_opts+=no-sha0 +$(package)_config_opts+=no-shared +$(package)_config_opts+=no-ssl-trace +$(package)_config_opts+=no-ssl2 +$(package)_config_opts+=no-ssl3 +$(package)_config_opts+=no-static_engine +$(package)_config_opts+=no-store +$(package)_config_opts+=no-unit-test +$(package)_config_opts+=no-weak-ssl-ciphers +$(package)_config_opts+=no-whirlpool +$(package)_config_opts+=no-zlib +$(package)_config_opts+=no-zlib-dynamic $(package)_config_opts+=$($(package)_cflags) $($(package)_cppflags) $(package)_config_opts+=-DPURIFY $(package)_config_opts_linux=-fPIC -Wa,--noexecstack From 51babcb95197c88b62e870fd6276ff342c132598 Mon Sep 17 00:00:00 2001 From: "Wladimir J. van der Laan" Date: Mon, 28 Sep 2015 16:06:38 +0200 Subject: [PATCH 05/20] build: remove libressl check Now that BIP66 passed, OpenSSL is no longer directly part of the consensus. What matters is that DER signatures are correctly parsed, and secp256k1 crypto is implemented correctly (as well as the other functions we use from OpenSSL, such as random number generation) This means that effectively, using LibreSSL is not a larger risk than using another version of OpenSSL. Remove the specific check for LibreSSL. Includes the still-relevant part of #6729: make sure CHECK_HEADER is called using the right CXXFLAGS, not CFLAGS (as AC_LANG is c++). Zcash Note: This includes a code removal from d9add719519e2019b1f353d8d6832dcfc88ee850 that was omitted from 5a3913361d0c045db69932ac5f152c4cf76e13cb during backporting of bitcoin/bitcoin#6501 to 0.11.* in bitcoin/bitcoin#6703 --- configure.ac | 29 +++-------------------------- 1 file changed, 3 insertions(+), 26 deletions(-) diff --git a/configure.ac b/configure.ac index 6521fc8d..4a2aa8a6 100644 --- a/configure.ac +++ b/configure.ac @@ -722,35 +722,12 @@ AC_CHECK_LIB([snark],[main],LIBSNARK_LIBS=-lsnark, [AC_MSG_ERROR(libsnark missin LIBZCASH_LIBS="-lsnark -lgmp -lgmpxx -lboost_system-mt -lcrypto -lsodium -fopenmp" -AC_CHECK_LIB([crypto],[RAND_egd],[],[ - AC_ARG_WITH([libressl], - [AS_HELP_STRING([--with-libressl],[Build with system LibreSSL (default is no; DANGEROUS; NOT SUPPORTED)])], - [AC_MSG_WARN([Detected LibreSSL: This is NOT supported, and may break consensus compatibility!])], - [AC_MSG_ERROR([Detected LibreSSL: This is NOT supported, and may break consensus compatibility!])] - ) -]) - -CFLAGS_TEMP="$CFLAGS" +CXXFLAGS_TEMP="$CXXFLAGS" LIBS_TEMP="$LIBS" -CFLAGS="$CFLAGS $SSL_CFLAGS $CRYPTO_CFLAGS" +CXXFLAGS="$CXXFLAGS $SSL_CFLAGS $CRYPTO_CFLAGS" LIBS="$LIBS $SSL_LIBS $CRYPTO_LIBS $GMP_LIBS $GMPXX_LIBS" AC_CHECK_HEADER([openssl/ec.h],, AC_MSG_ERROR(OpenSSL ec header missing),) - -AC_MSG_CHECKING(for a supported OpenSSL version) -AC_LINK_IFELSE([AC_LANG_PROGRAM([[ - #include - ]], - [[RAND_egd(NULL);]])], - [AC_MSG_RESULT(yes)], - [ - AC_ARG_WITH([libressl], - [AS_HELP_STRING([--with-libressl],[Build with system LibreSSL (default is no; DANGEROUS; NOT SUPPORTED)])], - [AC_MSG_WARN([Detected LibreSSL: This is NOT supported, and may break consensus compatibility!])], - [AC_MSG_ERROR([Detected LibreSSL: This is NOT supported, and may break consensus compatibility!])] - )] -) - -CFLAGS="$CFLAGS_TEMP" +CXXFLAGS="$CXXFLAGS_TEMP" LIBS="$LIBS_TEMP" BITCOIN_QT_PATH_PROGS([PROTOC], [protoc],$protoc_bin_path) From fa318aa9fe636e30f213c0b9311cb4a8ba8d623b Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Wed, 21 Sep 2016 20:35:31 +1200 Subject: [PATCH 06/20] Upgrade OpenSSL to 1.1.0b Closes #1348 --- depends/packages/openssl.mk | 18 ++++-------- src/ecwrapper.cpp | 20 +++++++++---- src/test/bignum.h | 57 +++++++++++++++++++++---------------- src/wallet/crypter.cpp | 24 +++++++--------- 4 files changed, 62 insertions(+), 57 deletions(-) diff --git a/depends/packages/openssl.mk b/depends/packages/openssl.mk index 661d0c31..7d5a7c81 100644 --- a/depends/packages/openssl.mk +++ b/depends/packages/openssl.mk @@ -1,8 +1,8 @@ package=openssl -$(package)_version=1.0.1k +$(package)_version=1.1.0b $(package)_download_path=https://www.openssl.org/source $(package)_file_name=$(package)-$($(package)_version).tar.gz -$(package)_sha256_hash=8f9faeaebad088e772f4ef5e38252d472be4d878c6b3a2718c10a4fcebe7a41c +$(package)_sha256_hash=a45de072bf9be4dea437230aaf036000f0e68c6a665931c57e76b5b036cef6f7 define $(package)_set_vars $(package)_config_env=AR="$($(package)_ar)" RANLIB="$($(package)_ranlib)" CC="$($(package)_cc)" @@ -10,33 +10,25 @@ $(package)_config_opts=--prefix=$(host_prefix) --openssldir=$(host_prefix)/etc/o $(package)_config_opts+=no-camellia $(package)_config_opts+=no-capieng $(package)_config_opts+=no-cast +$(package)_config_opts+=no-cms $(package)_config_opts+=no-comp $(package)_config_opts+=no-dso $(package)_config_opts+=no-dtls1 $(package)_config_opts+=no-ec_nistp_64_gcc_128 $(package)_config_opts+=no-gost -$(package)_config_opts+=no-gmp $(package)_config_opts+=no-heartbeats $(package)_config_opts+=no-idea -$(package)_config_opts+=no-jpake -$(package)_config_opts+=no-krb5 -$(package)_config_opts+=no-libunbound $(package)_config_opts+=no-md2 $(package)_config_opts+=no-mdc2 $(package)_config_opts+=no-rc4 $(package)_config_opts+=no-rc5 $(package)_config_opts+=no-rdrand $(package)_config_opts+=no-rfc3779 -$(package)_config_opts+=no-rsax $(package)_config_opts+=no-sctp $(package)_config_opts+=no-seed -$(package)_config_opts+=no-sha0 $(package)_config_opts+=no-shared $(package)_config_opts+=no-ssl-trace -$(package)_config_opts+=no-ssl2 $(package)_config_opts+=no-ssl3 -$(package)_config_opts+=no-static_engine -$(package)_config_opts+=no-store $(package)_config_opts+=no-unit-test $(package)_config_opts+=no-weak-ssl-ciphers $(package)_config_opts+=no-whirlpool @@ -58,7 +50,7 @@ endef define $(package)_preprocess_cmds sed -i.old "/define DATE/d" util/mkbuildinf.pl && \ - sed -i.old "s|engines apps test|engines|" Makefile.org + sed -i.old "s|\"engines\", \"apps\", \"test\"|\"engines\"|" Configure endef define $(package)_config_cmds @@ -70,7 +62,7 @@ define $(package)_build_cmds endef define $(package)_stage_cmds - $(MAKE) INSTALL_PREFIX=$($(package)_staging_dir) -j1 install_sw + $(MAKE) DESTDIR=$($(package)_staging_dir) -j1 install_sw endef define $(package)_postprocess_cmds diff --git a/src/ecwrapper.cpp b/src/ecwrapper.cpp index f94bc954..73e8a839 100644 --- a/src/ecwrapper.cpp +++ b/src/ecwrapper.cpp @@ -8,7 +8,6 @@ #include "uint256.h" #include -#include #include namespace { @@ -62,6 +61,9 @@ int ECDSA_SIG_recover_key_GFp(EC_KEY *eckey, ECDSA_SIG *ecsig, const unsigned ch int n = 0; int i = recid / 2; + const BIGNUM *sig_r, *sig_s; + ECDSA_SIG_get0(ecsig, &sig_r, &sig_s); + const EC_GROUP *group = EC_KEY_get0_group(eckey); if ((ctx = BN_CTX_new()) == NULL) { ret = -1; goto err; } BN_CTX_start(ctx); @@ -70,7 +72,7 @@ int ECDSA_SIG_recover_key_GFp(EC_KEY *eckey, ECDSA_SIG *ecsig, const unsigned ch x = BN_CTX_get(ctx); if (!BN_copy(x, order)) { ret=-1; goto err; } if (!BN_mul_word(x, i)) { ret=-1; goto err; } - if (!BN_add(x, x, ecsig->r)) { ret=-1; goto err; } + if (!BN_add(x, x, sig_r)) { ret=-1; goto err; } field = BN_CTX_get(ctx); if (!EC_GROUP_get_curve_GFp(group, field, NULL, NULL, ctx)) { ret=-2; goto err; } if (BN_cmp(x, field) >= 0) { ret=0; goto err; } @@ -91,9 +93,9 @@ int ECDSA_SIG_recover_key_GFp(EC_KEY *eckey, ECDSA_SIG *ecsig, const unsigned ch if (!BN_zero(zero)) { ret=-1; goto err; } if (!BN_mod_sub(e, zero, e, order, ctx)) { ret=-1; goto err; } rr = BN_CTX_get(ctx); - if (!BN_mod_inverse(rr, ecsig->r, order, ctx)) { ret=-1; goto err; } + if (!BN_mod_inverse(rr, sig_r, order, ctx)) { ret=-1; goto err; } sor = BN_CTX_get(ctx); - if (!BN_mod_mul(sor, ecsig->s, rr, order, ctx)) { ret=-1; goto err; } + if (!BN_mod_mul(sor, sig_s, rr, order, ctx)) { ret=-1; goto err; } eor = BN_CTX_get(ctx); if (!BN_mod_mul(eor, e, rr, order, ctx)) { ret=-1; goto err; } if (!EC_POINT_mul(group, Q, eor, R, sor, ctx)) { ret=-2; goto err; } @@ -177,8 +179,14 @@ bool CECKey::Recover(const uint256 &hash, const unsigned char *p64, int rec) if (rec<0 || rec>=3) return false; ECDSA_SIG *sig = ECDSA_SIG_new(); - BN_bin2bn(&p64[0], 32, sig->r); - BN_bin2bn(&p64[32], 32, sig->s); + BIGNUM *sig_r, *sig_s; + if (!(sig_r = BN_bin2bn(&p64[0], 32, nullptr)) || + !(sig_s = BN_bin2bn(&p64[32], 32, nullptr)) || + !ECDSA_SIG_set0(sig, sig_r, sig_s)) { + BN_free(sig_r); + BN_free(sig_s); + return false; + } bool ret = ECDSA_SIG_recover_key_GFp(pkey, sig, (unsigned char*)&hash, sizeof(hash), rec, 0) == 1; ECDSA_SIG_free(sig); return ret; diff --git a/src/test/bignum.h b/src/test/bignum.h index e7aeee9d..94307985 100644 --- a/src/test/bignum.h +++ b/src/test/bignum.h @@ -23,48 +23,49 @@ public: /** C++ wrapper for BIGNUM (OpenSSL bignum) */ -class CBigNum : public BIGNUM +class CBigNum { + BIGNUM* bn; public: CBigNum() { - BN_init(this); + bn = BN_new(); } CBigNum(const CBigNum& b) { - BN_init(this); - if (!BN_copy(this, &b)) + bn = BN_new(); + if (!BN_copy(bn, b.bn)) { - BN_clear_free(this); + BN_clear_free(bn); throw bignum_error("CBigNum::CBigNum(const CBigNum&): BN_copy failed"); } } CBigNum& operator=(const CBigNum& b) { - if (!BN_copy(this, &b)) + if (!BN_copy(bn, b.bn)) throw bignum_error("CBigNum::operator=: BN_copy failed"); return (*this); } ~CBigNum() { - BN_clear_free(this); + BN_clear_free(bn); } - CBigNum(long long n) { BN_init(this); setint64(n); } + CBigNum(long long n) { bn = BN_new(); setint64(n); } explicit CBigNum(const std::vector& vch) { - BN_init(this); + bn = BN_new(); setvch(vch); } int getint() const { - BN_ULONG n = BN_get_word(this); - if (!BN_is_negative(this)) + BN_ULONG n = BN_get_word(bn); + if (!BN_is_negative(bn)) return (n > (BN_ULONG)std::numeric_limits::max() ? std::numeric_limits::max() : n); else return (n > (BN_ULONG)std::numeric_limits::max() ? std::numeric_limits::min() : -(int)n); @@ -112,7 +113,7 @@ public: pch[1] = (nSize >> 16) & 0xff; pch[2] = (nSize >> 8) & 0xff; pch[3] = (nSize) & 0xff; - BN_mpi2bn(pch, p - pch, this); + BN_mpi2bn(pch, p - pch, bn); } void setvch(const std::vector& vch) @@ -127,22 +128,30 @@ public: vch2[3] = (nSize >> 0) & 0xff; // swap data to big endian reverse_copy(vch.begin(), vch.end(), vch2.begin() + 4); - BN_mpi2bn(&vch2[0], vch2.size(), this); + BN_mpi2bn(&vch2[0], vch2.size(), bn); } std::vector getvch() const { - unsigned int nSize = BN_bn2mpi(this, NULL); + unsigned int nSize = BN_bn2mpi(bn, NULL); if (nSize <= 4) return std::vector(); std::vector vch(nSize); - BN_bn2mpi(this, &vch[0]); + BN_bn2mpi(bn, &vch[0]); vch.erase(vch.begin(), vch.begin() + 4); reverse(vch.begin(), vch.end()); return vch; } + friend inline const CBigNum operator+(const CBigNum& a, const CBigNum& b); friend inline const CBigNum operator-(const CBigNum& a, const CBigNum& b); + friend inline const CBigNum operator-(const CBigNum& a); + friend inline bool operator==(const CBigNum& a, const CBigNum& b); + friend inline bool operator!=(const CBigNum& a, const CBigNum& b); + friend inline bool operator<=(const CBigNum& a, const CBigNum& b); + friend inline bool operator>=(const CBigNum& a, const CBigNum& b); + friend inline bool operator<(const CBigNum& a, const CBigNum& b); + friend inline bool operator>(const CBigNum& a, const CBigNum& b); }; @@ -150,7 +159,7 @@ public: inline const CBigNum operator+(const CBigNum& a, const CBigNum& b) { CBigNum r; - if (!BN_add(&r, &a, &b)) + if (!BN_add(r.bn, a.bn, b.bn)) throw bignum_error("CBigNum::operator+: BN_add failed"); return r; } @@ -158,7 +167,7 @@ inline const CBigNum operator+(const CBigNum& a, const CBigNum& b) inline const CBigNum operator-(const CBigNum& a, const CBigNum& b) { CBigNum r; - if (!BN_sub(&r, &a, &b)) + if (!BN_sub(r.bn, a.bn, b.bn)) throw bignum_error("CBigNum::operator-: BN_sub failed"); return r; } @@ -166,15 +175,15 @@ inline const CBigNum operator-(const CBigNum& a, const CBigNum& b) inline const CBigNum operator-(const CBigNum& a) { CBigNum r(a); - BN_set_negative(&r, !BN_is_negative(&r)); + BN_set_negative(r.bn, !BN_is_negative(r.bn)); return r; } -inline bool operator==(const CBigNum& a, const CBigNum& b) { return (BN_cmp(&a, &b) == 0); } -inline bool operator!=(const CBigNum& a, const CBigNum& b) { return (BN_cmp(&a, &b) != 0); } -inline bool operator<=(const CBigNum& a, const CBigNum& b) { return (BN_cmp(&a, &b) <= 0); } -inline bool operator>=(const CBigNum& a, const CBigNum& b) { return (BN_cmp(&a, &b) >= 0); } -inline bool operator<(const CBigNum& a, const CBigNum& b) { return (BN_cmp(&a, &b) < 0); } -inline bool operator>(const CBigNum& a, const CBigNum& b) { return (BN_cmp(&a, &b) > 0); } +inline bool operator==(const CBigNum& a, const CBigNum& b) { return (BN_cmp(a.bn, b.bn) == 0); } +inline bool operator!=(const CBigNum& a, const CBigNum& b) { return (BN_cmp(a.bn, b.bn) != 0); } +inline bool operator<=(const CBigNum& a, const CBigNum& b) { return (BN_cmp(a.bn, b.bn) <= 0); } +inline bool operator>=(const CBigNum& a, const CBigNum& b) { return (BN_cmp(a.bn, b.bn) >= 0); } +inline bool operator<(const CBigNum& a, const CBigNum& b) { return (BN_cmp(a.bn, b.bn) < 0); } +inline bool operator>(const CBigNum& a, const CBigNum& b) { return (BN_cmp(a.bn, b.bn) > 0); } #endif // BITCOIN_TEST_BIGNUM_H diff --git a/src/wallet/crypter.cpp b/src/wallet/crypter.cpp index 0b0fb562..7c57550b 100644 --- a/src/wallet/crypter.cpp +++ b/src/wallet/crypter.cpp @@ -58,15 +58,13 @@ bool CCrypter::Encrypt(const CKeyingMaterial& vchPlaintext, std::vector (nCLen); - EVP_CIPHER_CTX ctx; - bool fOk = true; - EVP_CIPHER_CTX_init(&ctx); - if (fOk) fOk = EVP_EncryptInit_ex(&ctx, EVP_aes_256_cbc(), NULL, chKey, chIV) != 0; - if (fOk) fOk = EVP_EncryptUpdate(&ctx, &vchCiphertext[0], &nCLen, &vchPlaintext[0], nLen) != 0; - if (fOk) fOk = EVP_EncryptFinal_ex(&ctx, (&vchCiphertext[0]) + nCLen, &nFLen) != 0; - EVP_CIPHER_CTX_cleanup(&ctx); + EVP_CIPHER_CTX* ctx = EVP_CIPHER_CTX_new(); + if (fOk) fOk = EVP_EncryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, chKey, chIV) != 0; + if (fOk) fOk = EVP_EncryptUpdate(ctx, &vchCiphertext[0], &nCLen, &vchPlaintext[0], nLen) != 0; + if (fOk) fOk = EVP_EncryptFinal_ex(ctx, (&vchCiphertext[0]) + nCLen, &nFLen) != 0; + EVP_CIPHER_CTX_free(ctx); if (!fOk) return false; @@ -85,15 +83,13 @@ bool CCrypter::Decrypt(const std::vector& vchCiphertext, CKeyingM vchPlaintext = CKeyingMaterial(nPLen); - EVP_CIPHER_CTX ctx; - bool fOk = true; - EVP_CIPHER_CTX_init(&ctx); - if (fOk) fOk = EVP_DecryptInit_ex(&ctx, EVP_aes_256_cbc(), NULL, chKey, chIV) != 0; - if (fOk) fOk = EVP_DecryptUpdate(&ctx, &vchPlaintext[0], &nPLen, &vchCiphertext[0], nLen) != 0; - if (fOk) fOk = EVP_DecryptFinal_ex(&ctx, (&vchPlaintext[0]) + nPLen, &nFLen) != 0; - EVP_CIPHER_CTX_cleanup(&ctx); + EVP_CIPHER_CTX* ctx = EVP_CIPHER_CTX_new(); + if (fOk) fOk = EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, chKey, chIV) != 0; + if (fOk) fOk = EVP_DecryptUpdate(ctx, &vchPlaintext[0], &nPLen, &vchCiphertext[0], nLen) != 0; + if (fOk) fOk = EVP_DecryptFinal_ex(ctx, (&vchPlaintext[0]) + nPLen, &nFLen) != 0; + EVP_CIPHER_CTX_free(ctx); if (!fOk) return false; From 7bbf5f5ab2c7fe76aba0eda6acf4577d1120ac57 Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Thu, 22 Sep 2016 12:30:28 +1200 Subject: [PATCH 07/20] Upgrade miniupnpc to 2.0 --- depends/packages/miniupnpc.mk | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/depends/packages/miniupnpc.mk b/depends/packages/miniupnpc.mk index 77bae10c..90870ca1 100644 --- a/depends/packages/miniupnpc.mk +++ b/depends/packages/miniupnpc.mk @@ -1,8 +1,8 @@ package=miniupnpc -$(package)_version=1.9.20151008 +$(package)_version=2.0 $(package)_download_path=http://miniupnp.free.fr/files $(package)_file_name=$(package)-$($(package)_version).tar.gz -$(package)_sha256_hash=e444ac3b587ce82709c4d0cfca1fe71f44f9fc433e9f946b12b9e1bfe667a633 +$(package)_sha256_hash=d434ceb8986efbe199c5ca53f90ed53eab290b1e6d0530b717eb6fa49d61f93b define $(package)_set_vars $(package)_build_opts=CC="$($(package)_cc)" From 19c3917ce98c9f305eebc19c66390c7e7ead647e Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Thu, 22 Sep 2016 13:27:40 +1200 Subject: [PATCH 08/20] Upgrade ccache to 3.3.1 --- depends/packages/native_ccache.mk | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/depends/packages/native_ccache.mk b/depends/packages/native_ccache.mk index 3226e89a..b63c18b9 100644 --- a/depends/packages/native_ccache.mk +++ b/depends/packages/native_ccache.mk @@ -1,8 +1,8 @@ package=native_ccache -$(package)_version=3.1.9 -$(package)_download_path=http://samba.org/ftp/ccache +$(package)_version=3.3.1 +$(package)_download_path=https://www.samba.org/ftp/ccache $(package)_file_name=ccache-$($(package)_version).tar.bz2 -$(package)_sha256_hash=04d3e2e438ac8d4cc4b110b68cdd61bd59226c6588739a4a386869467f5ced7c +$(package)_sha256_hash=cb6e4bafbb19ba0a2ec43386b123a5f92a20e1e3384c071d5d13e0cb3c84bf73 define $(package)_set_vars $(package)_config_opts= From 3fe431db1bfc77d1ebf56ce5672cebde70c3af2f Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Thu, 29 Sep 2016 13:59:29 +1300 Subject: [PATCH 09/20] Release process: check dependencies for updates --- doc/release-process.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/doc/release-process.md b/doc/release-process.md index a5836cf3..550709b7 100644 --- a/doc/release-process.md +++ b/doc/release-process.md @@ -2,6 +2,19 @@ Release Process ==================== Meta: There should always be a single release engineer to disambiguate responsibility. +## Pre-release + +Check all of the following: + +- All dependencies have been updated as appropriate: + - BDB + - Boost + - ccache + - libgmp + - libsodium + - miniupnpc + - OpenSSL + ## A. Define the release version as: $ ZCASH_RELEASE=${UPSTREAM_VERSION}.z${ZCASH_RELEASE_COUNTER} From 21fb88a34804ba031142af89d2e4df66752b12d3 Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Thu, 29 Sep 2016 14:15:55 +1300 Subject: [PATCH 10/20] Fix auto_ptr deprecation warning in Boost --- depends/packages/boost.mk | 4 ++- .../patches/boost/deprecated_auto_ptr.patch | 30 +++++++++++++++++++ 2 files changed, 33 insertions(+), 1 deletion(-) create mode 100644 depends/patches/boost/deprecated_auto_ptr.patch diff --git a/depends/packages/boost.mk b/depends/packages/boost.mk index 19903596..ee0095d4 100644 --- a/depends/packages/boost.mk +++ b/depends/packages/boost.mk @@ -3,6 +3,7 @@ $(package)_version=1_62_0 $(package)_download_path=http://sourceforge.net/projects/boost/files/boost/1.62.0 $(package)_file_name=$(package)_$($(package)_version).tar.bz2 $(package)_sha256_hash=36c96b0f6155c98404091d8ceb48319a28279ca0333fba1ad8611eb90afb2ca0 +$(package)_patches=deprecated_auto_ptr.patch define $(package)_set_vars $(package)_config_opts_release=variant=release @@ -25,7 +26,8 @@ $(package)_cxxflags_linux=-fPIC endef define $(package)_preprocess_cmds - echo "using $(boost_toolset_$(host_os)) : : $($(package)_cxx) : \"$($(package)_cxxflags) $($(package)_cppflags)\" \"$($(package)_ldflags)\" \"$(boost_archiver_$(host_os))\" \"$(host_STRIP)\" \"$(host_RANLIB)\" \"$(host_WINDRES)\" : ;" > user-config.jam + echo "using $(boost_toolset_$(host_os)) : : $($(package)_cxx) : \"$($(package)_cxxflags) $($(package)_cppflags)\" \"$($(package)_ldflags)\" \"$(boost_archiver_$(host_os))\" \"$(host_STRIP)\" \"$(host_RANLIB)\" \"$(host_WINDRES)\" : ;" > user-config.jam && \ + patch -p1 < $($(package)_patch_dir)/deprecated_auto_ptr.patch endef define $(package)_config_cmds diff --git a/depends/patches/boost/deprecated_auto_ptr.patch b/depends/patches/boost/deprecated_auto_ptr.patch new file mode 100644 index 00000000..5ec38e27 --- /dev/null +++ b/depends/patches/boost/deprecated_auto_ptr.patch @@ -0,0 +1,30 @@ +--- boost_1_62_0-orig/boost/spirit/home/classic/core/non_terminal/impl/grammar.ipp 2016-09-29 14:03:47.317997658 +1300 ++++ boost_1_62_0/boost/spirit/home/classic/core/non_terminal/impl/grammar.ipp 2016-09-29 14:07:41.308726372 +1300 +@@ -13,10 +13,16 @@ + + #if !defined(BOOST_SPIRIT_SINGLE_GRAMMAR_INSTANCE) + #include ++#include + #include + #include + #include // for std::auto_ptr + #include ++ ++#if defined( BOOST_SP_DISABLE_DEPRECATED ) ++#pragma GCC diagnostic push ++#pragma GCC diagnostic ignored "-Wdeprecated-declarations" ++#endif + #endif + + #ifdef BOOST_SPIRIT_THREADSAFE +@@ -370,4 +376,10 @@ + + }} // namespace boost::spirit + ++#if !defined(BOOST_SPIRIT_SINGLE_GRAMMAR_INSTANCE) ++#if defined( BOOST_SP_DISABLE_DEPRECATED ) ++#pragma GCC diagnostic pop ++#endif ++#endif ++ + #endif From 4dddc096d45b25913ed6b15a3162cc4ffc796dc9 Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Thu, 29 Sep 2016 14:28:38 +1300 Subject: [PATCH 11/20] Replace auto_ptr with unique_ptr --- src/miner.cpp | 4 ++-- src/rpcmining.cpp | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/miner.cpp b/src/miner.cpp index a27210b6..ae61d32f 100644 --- a/src/miner.cpp +++ b/src/miner.cpp @@ -100,7 +100,7 @@ CBlockTemplate* CreateNewBlock(const CScript& scriptPubKeyIn) { const CChainParams& chainparams = Params(); // Create new block - auto_ptr pblocktemplate(new CBlockTemplate()); + unique_ptr pblocktemplate(new CBlockTemplate()); if(!pblocktemplate.get()) return NULL; CBlock *pblock = &pblocktemplate->block; // pointer for convenience @@ -488,7 +488,7 @@ void static BitcoinMiner(CWallet *pwallet) unsigned int nTransactionsUpdatedLast = mempool.GetTransactionsUpdated(); CBlockIndex* pindexPrev = chainActive.Tip(); - auto_ptr pblocktemplate(CreateNewBlockWithKey(reservekey)); + unique_ptr pblocktemplate(CreateNewBlockWithKey(reservekey)); if (!pblocktemplate.get()) { LogPrintf("Error in ZcashMiner: Keypool ran out, please call keypoolrefill before restarting the mining thread\n"); diff --git a/src/rpcmining.cpp b/src/rpcmining.cpp index fb6b0a56..d8f2a9b2 100644 --- a/src/rpcmining.cpp +++ b/src/rpcmining.cpp @@ -154,7 +154,7 @@ Value generate(const Array& params, bool fHelp) unsigned int k = Params().EquihashK(); while (nHeight < nHeightEnd) { - auto_ptr pblocktemplate(CreateNewBlockWithKey(reservekey)); + unique_ptr pblocktemplate(CreateNewBlockWithKey(reservekey)); if (!pblocktemplate.get()) throw JSONRPCError(RPC_INTERNAL_ERROR, "Wallet keypool empty"); CBlock *pblock = &pblocktemplate->block; From df2bca8fbc8ad20d0314d44b0630d3bdee3a4418 Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Thu, 29 Sep 2016 14:33:00 +1300 Subject: [PATCH 12/20] Re-enable disabled compiler warnings Reverts: - be1bae14e8a769966b833026ed47a43f5250a4b9 - ec3bd70b6d6ef8be901a5523a401e333c52e7bbe Closes #944 --- zcutil/build.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/zcutil/build.sh b/zcutil/build.sh index e9162f30..e259c02c 100755 --- a/zcutil/build.sh +++ b/zcutil/build.sh @@ -37,5 +37,5 @@ PREFIX="$(pwd)/depends/x86_64-unknown-linux-gnu/" make "$@" -C ./depends/ V=1 NO_QT=1 ./autogen.sh -./configure --prefix="${PREFIX}" --with-gui=no "$HARDENING_ARG" "$LCOV_ARG" CXXFLAGS='-fwrapv -fno-strict-aliasing -Wno-deprecated-declarations -Wno-placement-new -Wno-terminate -Werror -g' +./configure --prefix="${PREFIX}" --with-gui=no "$HARDENING_ARG" "$LCOV_ARG" CXXFLAGS='-fwrapv -fno-strict-aliasing -Werror -g' make "$@" V=1 From 629c8743a7666ecf0511ea214fa9361d4cc94cd9 Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Thu, 29 Sep 2016 15:53:41 +1300 Subject: [PATCH 13/20] Disable nearly everything in OpenSSL Flags obtained from: https://gist.github.com/steakknife/8247726#gistcomment-1739713 Some flags not enabled because they aren't supported in OpenSSL 1.1.0b. Flags not enabled because they break compilation: - no-deprecated - no-dh - no-ec --- depends/packages/openssl.mk | 46 ++++++++++++++++++++++++++++++++++++- 1 file changed, 45 insertions(+), 1 deletion(-) diff --git a/depends/packages/openssl.mk b/depends/packages/openssl.mk index 7d5a7c81..4129fafd 100644 --- a/depends/packages/openssl.mk +++ b/depends/packages/openssl.mk @@ -7,28 +7,72 @@ $(package)_sha256_hash=a45de072bf9be4dea437230aaf036000f0e68c6a665931c57e76b5b03 define $(package)_set_vars $(package)_config_env=AR="$($(package)_ar)" RANLIB="$($(package)_ranlib)" CC="$($(package)_cc)" $(package)_config_opts=--prefix=$(host_prefix) --openssldir=$(host_prefix)/etc/openssl +$(package)_config_opts+=no-afalgeng +$(package)_config_opts+=no-asm +$(package)_config_opts+=no-async +$(package)_config_opts+=no-autoalginit +$(package)_config_opts+=no-autoerrinit +$(package)_config_opts+=no-bf +$(package)_config_opts+=no-blake2 $(package)_config_opts+=no-camellia $(package)_config_opts+=no-capieng $(package)_config_opts+=no-cast +$(package)_config_opts+=no-chacha +$(package)_config_opts+=no-cmac $(package)_config_opts+=no-cms $(package)_config_opts+=no-comp +$(package)_config_opts+=no-crypto-mdebug +$(package)_config_opts+=no-crypto-mdebug-backtrace +$(package)_config_opts+=no-ct +$(package)_config_opts+=no-des +$(package)_config_opts+=no-dgram +$(package)_config_opts+=no-dsa $(package)_config_opts+=no-dso +$(package)_config_opts+=no-dtls $(package)_config_opts+=no-dtls1 +$(package)_config_opts+=no-dtls1-method +$(package)_config_opts+=no-dynamic-engine +$(package)_config_opts+=no-ec2m $(package)_config_opts+=no-ec_nistp_64_gcc_128 +$(package)_config_opts+=no-egd +$(package)_config_opts+=no-engine +$(package)_config_opts+=no-err $(package)_config_opts+=no-gost $(package)_config_opts+=no-heartbeats $(package)_config_opts+=no-idea $(package)_config_opts+=no-md2 +$(package)_config_opts+=no-md4 $(package)_config_opts+=no-mdc2 +$(package)_config_opts+=no-multiblock +$(package)_config_opts+=no-nextprotoneg +$(package)_config_opts+=no-ocb +$(package)_config_opts+=no-ocsp +$(package)_config_opts+=no-poly1305 +$(package)_config_opts+=no-posix-io +$(package)_config_opts+=no-psk +$(package)_config_opts+=no-rc2 $(package)_config_opts+=no-rc4 $(package)_config_opts+=no-rc5 $(package)_config_opts+=no-rdrand $(package)_config_opts+=no-rfc3779 +$(package)_config_opts+=no-rmd160 +$(package)_config_opts+=no-scrypt $(package)_config_opts+=no-sctp $(package)_config_opts+=no-seed $(package)_config_opts+=no-shared -$(package)_config_opts+=no-ssl-trace +$(package)_config_opts+=no-sock +$(package)_config_opts+=no-srp +$(package)_config_opts+=no-srtp +$(package)_config_opts+=no-ssl $(package)_config_opts+=no-ssl3 +$(package)_config_opts+=no-ssl3-method +$(package)_config_opts+=no-ssl-trace +$(package)_config_opts+=no-stdio +$(package)_config_opts+=no-tls +$(package)_config_opts+=no-tls1 +$(package)_config_opts+=no-tls1-method +$(package)_config_opts+=no-ts +$(package)_config_opts+=no-ui $(package)_config_opts+=no-unit-test $(package)_config_opts+=no-weak-ssl-ciphers $(package)_config_opts+=no-whirlpool From 4c2b2541c37bfe165e1d33c483cf6d154666213c Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Thu, 29 Sep 2016 16:15:08 +1300 Subject: [PATCH 14/20] Add libsnark to pre-release dependency checks --- doc/release-process.md | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/release-process.md b/doc/release-process.md index 550709b7..2e50b276 100644 --- a/doc/release-process.md +++ b/doc/release-process.md @@ -11,6 +11,7 @@ Check all of the following: - Boost - ccache - libgmp + - libsnark (upstream of our fork) - libsodium - miniupnpc - OpenSSL From 017abaf6948aa3b0d1d0cabcfa6a529694a8cafa Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Thu, 29 Sep 2016 16:25:12 +1300 Subject: [PATCH 15/20] Assert that new OpenSSL allocators succeed --- src/ecwrapper.cpp | 8 +++++--- src/test/bignum.h | 6 +++++- src/wallet/crypter.cpp | 2 ++ 3 files changed, 12 insertions(+), 4 deletions(-) diff --git a/src/ecwrapper.cpp b/src/ecwrapper.cpp index 73e8a839..fcc7fb65 100644 --- a/src/ecwrapper.cpp +++ b/src/ecwrapper.cpp @@ -178,11 +178,13 @@ bool CECKey::Recover(const uint256 &hash, const unsigned char *p64, int rec) { if (rec<0 || rec>=3) return false; - ECDSA_SIG *sig = ECDSA_SIG_new(); - BIGNUM *sig_r, *sig_s; - if (!(sig_r = BN_bin2bn(&p64[0], 32, nullptr)) || + ECDSA_SIG *sig = nullptr; + BIGNUM *sig_r = nullptr, *sig_s = nullptr; + if (!(sig = ECDSA_SIG_new()) || + !(sig_r = BN_bin2bn(&p64[0], 32, nullptr)) || !(sig_s = BN_bin2bn(&p64[32], 32, nullptr)) || !ECDSA_SIG_set0(sig, sig_r, sig_s)) { + ECDSA_SIG_free(sig); BN_free(sig_r); BN_free(sig_s); return false; diff --git a/src/test/bignum.h b/src/test/bignum.h index 94307985..a7fb1895 100644 --- a/src/test/bignum.h +++ b/src/test/bignum.h @@ -7,6 +7,7 @@ #define BITCOIN_TEST_BIGNUM_H #include +#include #include #include #include @@ -30,11 +31,13 @@ public: CBigNum() { bn = BN_new(); + assert(bn); } CBigNum(const CBigNum& b) { bn = BN_new(); + assert(bn); if (!BN_copy(bn, b.bn)) { BN_clear_free(bn); @@ -54,11 +57,12 @@ public: BN_clear_free(bn); } - CBigNum(long long n) { bn = BN_new(); setint64(n); } + CBigNum(long long n) { bn = BN_new(); assert(bn); setint64(n); } explicit CBigNum(const std::vector& vch) { bn = BN_new(); + assert(bn); setvch(vch); } diff --git a/src/wallet/crypter.cpp b/src/wallet/crypter.cpp index 7c57550b..71242258 100644 --- a/src/wallet/crypter.cpp +++ b/src/wallet/crypter.cpp @@ -61,6 +61,7 @@ bool CCrypter::Encrypt(const CKeyingMaterial& vchPlaintext, std::vector& vchCiphertext, CKeyingM bool fOk = true; EVP_CIPHER_CTX* ctx = EVP_CIPHER_CTX_new(); + assert(ctx); if (fOk) fOk = EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, chKey, chIV) != 0; if (fOk) fOk = EVP_DecryptUpdate(ctx, &vchPlaintext[0], &nPLen, &vchCiphertext[0], nLen) != 0; if (fOk) fOk = EVP_DecryptFinal_ex(ctx, (&vchPlaintext[0]) + nPLen, &nFLen) != 0; From be9e7ce722c035d7094d6f449e51ccb7423e0ec5 Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Fri, 30 Sep 2016 14:11:27 +1300 Subject: [PATCH 16/20] Remove no-autoalginit and no-autoerrinit OpenSSL flags These flags are potentially risky, because they require that the app explicitly initialize stuff that it wouldn't otherwise need to initialize, and we don't have time for the necessary review. --- depends/packages/openssl.mk | 2 -- 1 file changed, 2 deletions(-) diff --git a/depends/packages/openssl.mk b/depends/packages/openssl.mk index 4129fafd..63d242d6 100644 --- a/depends/packages/openssl.mk +++ b/depends/packages/openssl.mk @@ -10,8 +10,6 @@ $(package)_config_opts=--prefix=$(host_prefix) --openssldir=$(host_prefix)/etc/o $(package)_config_opts+=no-afalgeng $(package)_config_opts+=no-asm $(package)_config_opts+=no-async -$(package)_config_opts+=no-autoalginit -$(package)_config_opts+=no-autoerrinit $(package)_config_opts+=no-bf $(package)_config_opts+=no-blake2 $(package)_config_opts+=no-camellia From f463df0e5767c4c0d7d59a75a674f244a8802291 Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Fri, 30 Sep 2016 14:17:14 +1300 Subject: [PATCH 17/20] Use asserts to check allocation errors in CECKey::Recover --- src/ecwrapper.cpp | 16 +++++----------- 1 file changed, 5 insertions(+), 11 deletions(-) diff --git a/src/ecwrapper.cpp b/src/ecwrapper.cpp index fcc7fb65..0c260bd8 100644 --- a/src/ecwrapper.cpp +++ b/src/ecwrapper.cpp @@ -178,17 +178,11 @@ bool CECKey::Recover(const uint256 &hash, const unsigned char *p64, int rec) { if (rec<0 || rec>=3) return false; - ECDSA_SIG *sig = nullptr; - BIGNUM *sig_r = nullptr, *sig_s = nullptr; - if (!(sig = ECDSA_SIG_new()) || - !(sig_r = BN_bin2bn(&p64[0], 32, nullptr)) || - !(sig_s = BN_bin2bn(&p64[32], 32, nullptr)) || - !ECDSA_SIG_set0(sig, sig_r, sig_s)) { - ECDSA_SIG_free(sig); - BN_free(sig_r); - BN_free(sig_s); - return false; - } + ECDSA_SIG *sig = ECDSA_SIG_new(); + BIGNUM *sig_r = BN_bin2bn(&p64[0], 32, nullptr); + BIGNUM *sig_s = BN_bin2bn(&p64[32], 32, nullptr); + assert(sig && sig_r && sig_s); + assert(ECDSA_SIG_set0(sig, sig_r, sig_s)); bool ret = ECDSA_SIG_recover_key_GFp(pkey, sig, (unsigned char*)&hash, sizeof(hash), rec, 0) == 1; ECDSA_SIG_free(sig); return ret; From 84f797b2c58e43d8c88e553d2c871d1df447cc11 Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Fri, 30 Sep 2016 18:54:16 +1300 Subject: [PATCH 18/20] Ensure correctness if asserts are compiled out --- src/ecwrapper.cpp | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/ecwrapper.cpp b/src/ecwrapper.cpp index 0c260bd8..ae274880 100644 --- a/src/ecwrapper.cpp +++ b/src/ecwrapper.cpp @@ -182,8 +182,9 @@ bool CECKey::Recover(const uint256 &hash, const unsigned char *p64, int rec) BIGNUM *sig_r = BN_bin2bn(&p64[0], 32, nullptr); BIGNUM *sig_s = BN_bin2bn(&p64[32], 32, nullptr); assert(sig && sig_r && sig_s); - assert(ECDSA_SIG_set0(sig, sig_r, sig_s)); - bool ret = ECDSA_SIG_recover_key_GFp(pkey, sig, (unsigned char*)&hash, sizeof(hash), rec, 0) == 1; + bool ret = ECDSA_SIG_set0(sig, sig_r, sig_s); + assert(ret); + ret = ECDSA_SIG_recover_key_GFp(pkey, sig, (unsigned char*)&hash, sizeof(hash), rec, 0) == 1; ECDSA_SIG_free(sig); return ret; } From 63bc8c9a17557c7c6dc4e50ea25c957e6ec2da81 Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Sat, 1 Oct 2016 23:02:32 +1300 Subject: [PATCH 19/20] Downgrade bdb to 5.3.28 bdb 6.X was released under the AGPL, which is incompatible with MIT-licensed software (the result must be licensed under AGPL). bdb 5.X uses the same license as bdb 4.8, and thus retains the same compatibility as in upstream Bitcoin. Thanks to Luke-Jr for raising this issue. --- build-aux/m4/bitcoin_find_bdb48.m4 | 30 +++++++++++++++--------------- configure.ac | 8 ++++---- depends/packages/bdb.mk | 6 +++--- 3 files changed, 22 insertions(+), 22 deletions(-) diff --git a/build-aux/m4/bitcoin_find_bdb48.m4 b/build-aux/m4/bitcoin_find_bdb48.m4 index bd5c2af4..20a59527 100644 --- a/build-aux/m4/bitcoin_find_bdb48.m4 +++ b/build-aux/m4/bitcoin_find_bdb48.m4 @@ -1,11 +1,11 @@ -AC_DEFUN([BITCOIN_FIND_BDB62],[ +AC_DEFUN([BITCOIN_FIND_BDB53],[ AC_MSG_CHECKING([for Berkeley DB C++ headers]) BDB_CPPFLAGS= BDB_LIBS= bdbpath=X - bdb62path=X + bdb53path=X bdbdirlist= - for _vn in 6.2 62 6 ''; do + for _vn in 5.3 53 5 ''; do for _pfx in b lib ''; do bdbdirlist="$bdbdirlist ${_pfx}db${_vn}" done @@ -15,8 +15,8 @@ AC_DEFUN([BITCOIN_FIND_BDB62],[ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <${searchpath}db_cxx.h> ]],[[ - #if !((DB_VERSION_MAJOR == 6 && DB_VERSION_MINOR >= 2) || DB_VERSION_MAJOR > 6) - #error "failed to find bdb 6.2+" + #if !((DB_VERSION_MAJOR == 5 && DB_VERSION_MINOR >= 3) || DB_VERSION_MAJOR > 5) + #error "failed to find bdb 5.3+" #endif ]])],[ if test "x$bdbpath" = "xX"; then @@ -28,32 +28,32 @@ AC_DEFUN([BITCOIN_FIND_BDB62],[ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <${searchpath}db_cxx.h> ]],[[ - #if !(DB_VERSION_MAJOR == 6 && DB_VERSION_MINOR == 2) - #error "failed to find bdb 6.2" + #if !(DB_VERSION_MAJOR == 5 && DB_VERSION_MINOR == 3) + #error "failed to find bdb 5.3" #endif ]])],[ - bdb62path="${searchpath}" + bdb53path="${searchpath}" break ],[]) done if test "x$bdbpath" = "xX"; then AC_MSG_RESULT([no]) AC_MSG_ERROR([libdb_cxx headers missing, Bitcoin Core requires this library for wallet functionality (--disable-wallet to disable wallet functionality)]) - elif test "x$bdb62path" = "xX"; then + elif test "x$bdb53path" = "xX"; then BITCOIN_SUBDIR_TO_INCLUDE(BDB_CPPFLAGS,[${bdbpath}],db_cxx) - AC_ARG_WITH([incompatible-bdb],[AS_HELP_STRING([--with-incompatible-bdb], [allow using a bdb version other than 6.2])],[ - AC_MSG_WARN([Found Berkeley DB other than 6.2; wallets opened by this build will not be portable!]) + AC_ARG_WITH([incompatible-bdb],[AS_HELP_STRING([--with-incompatible-bdb], [allow using a bdb version other than 5.3])],[ + AC_MSG_WARN([Found Berkeley DB other than 5.3; wallets opened by this build will not be portable!]) ],[ - AC_MSG_ERROR([Found Berkeley DB other than 6.2, required for portable wallets (--with-incompatible-bdb to ignore or --disable-wallet to disable wallet functionality)]) + AC_MSG_ERROR([Found Berkeley DB other than 5.3, required for portable wallets (--with-incompatible-bdb to ignore or --disable-wallet to disable wallet functionality)]) ]) else - BITCOIN_SUBDIR_TO_INCLUDE(BDB_CPPFLAGS,[${bdb62path}],db_cxx) - bdbpath="${bdb62path}" + BITCOIN_SUBDIR_TO_INCLUDE(BDB_CPPFLAGS,[${bdb53path}],db_cxx) + bdbpath="${bdb53path}" fi AC_SUBST(BDB_CPPFLAGS) # TODO: Ideally this could find the library version and make sure it matches the headers being used - for searchlib in db_cxx-6.2 db_cxx; do + for searchlib in db_cxx-5.3 db_cxx; do AC_CHECK_LIB([$searchlib],[main],[ BDB_LIBS="-l${searchlib}" break diff --git a/configure.ac b/configure.ac index 4a2aa8a6..40a98557 100644 --- a/configure.ac +++ b/configure.ac @@ -263,9 +263,9 @@ case $host in dnl add default macports paths CPPFLAGS="$CPPFLAGS -isystem /opt/local/include" LIBS="$LIBS -L/opt/local/lib" - if test -d /opt/local/include/db62; then - CPPFLAGS="$CPPFLAGS -I/opt/local/include/db62" - LIBS="$LIBS -L/opt/local/lib/db62" + if test -d /opt/local/include/db53; then + CPPFLAGS="$CPPFLAGS -I/opt/local/include/db53" + LIBS="$LIBS -L/opt/local/lib/db53" fi fi @@ -512,7 +512,7 @@ AC_SUBST(LIBMEMENV) if test x$enable_wallet != xno; then dnl Check for libdb_cxx only if wallet enabled - BITCOIN_FIND_BDB62 + BITCOIN_FIND_BDB53 fi dnl Check for libminiupnpc (optional) diff --git a/depends/packages/bdb.mk b/depends/packages/bdb.mk index df5df6bd..d0565c88 100644 --- a/depends/packages/bdb.mk +++ b/depends/packages/bdb.mk @@ -1,8 +1,8 @@ package=bdb -$(package)_version=6.2.23 +$(package)_version=5.3.28 $(package)_download_path=http://download.oracle.com/berkeley-db $(package)_file_name=db-$($(package)_version).tar.gz -$(package)_sha256_hash=47612c8991aa9ac2f6be721267c8d3cdccf5ac83105df8e50809daea24e95dc7 +$(package)_sha256_hash=e0a992d740709892e81f9d93f06daf305cf73fb81b545afe72478043172c3628 $(package)_build_subdir=build_unix define $(package)_set_vars @@ -16,7 +16,7 @@ define $(package)_config_cmds endef define $(package)_build_cmds - $(MAKE) libdb_cxx-6.2.a libdb-6.2.a + $(MAKE) libdb_cxx-5.3.a libdb-5.3.a endef define $(package)_stage_cmds From 87da7b4ea0d5515dad5d204c76945f1e5f7eff03 Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Tue, 4 Oct 2016 00:45:56 -0700 Subject: [PATCH 20/20] Fix secp256k1 test compilation --- src/secp256k1/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/secp256k1/Makefile.am b/src/secp256k1/Makefile.am index cc15338b..5f388f3f 100644 --- a/src/secp256k1/Makefile.am +++ b/src/secp256k1/Makefile.am @@ -70,7 +70,7 @@ noinst_PROGRAMS += tests tests_SOURCES = src/tests.c tests_CPPFLAGS = -DVERIFY $(SECP_INCLUDES) $(SECP_TEST_INCLUDES) tests_LDADD = $(SECP_LIBS) $(SECP_TEST_LIBS) -tests_LDFLAGS = -static +tests_LDFLAGS = -static -pthread TESTS = tests endif