Commit Graph

9324 Commits

Author SHA1 Message Date
TheCharlatan c11e64fc4c
Gitian: Change lxc ip link
The ip link currently listed in the README no longer works on the newest
version of lxc shipped with ubuntu 18.04, this commit corrects this.
2020-01-06 13:18:06 +01:00
rating89us 6772ce7062
10 block time is for incoming outputs, not transactions
10 block lock time is for incoming outputs and not only incoming transactions (outgoing transaction has an incoming change output that is also locked for 10 blocks)
2020-01-05 00:21:57 -03:00
moneromooo-monero 36bdf40288
p2p: fix adding wrong indices to the filtered peer list 2020-01-03 17:56:54 +00:00
luigi1111 907292dfb4
Merge pull request #6232
aa9ba30 add binaryFate's PGP key (binaryFate)
2020-01-03 08:21:36 -05:00
moneromooo-monero d64e5aa719
wallet: allow message sign/verify for subaddresses 2019-12-31 08:44:36 +00:00
moneromooo-monero a6c24412e5
wallet: fix exceptions getting the hash of a pruned tx 2019-12-30 15:14:57 +00:00
moneromooo-monero 6933693179
rpc: fill miner_tx_hash again
It was removed to save duplicated generation time, but it can
be copied from another instance instead
2019-12-20 14:16:31 +00:00
kozyilmaz 81494e3ffa
depends: empty spaces in PATH variable cause build failure 2019-12-19 14:18:51 +01:00
Alexander Blair f9b48b91c6
GPGKey: Add Snipa
Adds GPG key for Alexander Blair (Snipa)
2019-12-18 22:06:49 -08:00
moneromooo-monero 0eac0c430a
depends: set several missing build tags 2019-12-18 12:23:23 +00:00
moneromooo-monero 21c3d42eb9
p2p: drop the peerlist dump to TRACE
It's spammy
2019-12-17 20:27:04 +00:00
moneromooo-monero cce4ea02ff
README: fix translation link 2019-12-17 19:21:23 +00:00
moneromooo-monero f717d5936c
wallet2: guard against race with multiple decrypt_keys users
If more than one thread wants to make sure of the spend secret key,
then we decrypt on the first caller and reencrypt on the last caller,
otherwise we could use an invalid secret key.
2019-12-17 01:38:29 +00:00
moneromooo-monero 352bd13254
abstract_tcp_server2: guard against negative timeouts 2019-12-16 18:24:52 +00:00
moneromooo-monero 716012ca3a
rpc: drop the obsolete and wrong "unpruned size" log
Since we now get pruned data in the first place, the "unpruned" data
size will in fact be the pruned data size, leading to confusion
2019-12-16 14:50:07 +00:00
stoffu ae84ec90c8
wallet-cli/rpc: allow sweep_all to use outputs in all subaddresses within an account 2019-12-16 21:10:11 +09:00
palomato bc6d8aa343
Corrected message typo
Message was "peer claims higher version that we think"
Requested change "peer claims higher version than we think"
2019-12-14 13:06:09 -05:00
moneromooo-monero 5cbb17b946
wallet2: fix hang in wallet refresh
If the hashes received would move the current blockchain past the
stop point, the short history would not be updated, since we do
not expect another loop, but the daemon might return earlier hashes,
causing the end index to not be enough to reach the threshold and
this require another loop, which will download the same hashes and
cause an infinite loop.
2019-12-14 16:24:04 +00:00
moneromooo-monero 8a276451b2
blockchain: fix flushing txes from the txpool 2019-12-14 02:13:39 +00:00
binaryFate aa9ba3064e add binaryFate's PGP key 2019-12-13 21:03:56 +01:00
TheCharlatan 8e338e555c
depends: update libsodium to 1.0.18 2019-12-12 23:39:37 +01:00
luigi1111 b4e1dc83d2
Merge pull request #6057
3b8dcc2 wallet2: make keys unlocker reentrant (moneromooo-monero)
2019-12-12 13:49:58 -06:00
luigi1111 9d0d4f1d08
Merge pull request #6056
5a44893 python-rpc: add missing strict_balances parameter for get_accounts (moneromooo-monero)
2019-12-12 13:48:15 -06:00
luigi1111 e5cc6d39a9
Merge pull request #6055
886ed25 blockchain: fix comment wrongly refering to SHA-3 rather than Keccak (moneromooo-monero)
2019-12-12 13:47:04 -06:00
luigi1111 ccde60838b
Merge pull request #6054
017f816 daemon: handle printing higher hash rates (moneromooo-monero)
2019-12-12 13:45:50 -06:00
luigi1111 fb64463c4c
Merge pull request #6052
c96b7ee tx_pool: fix error message assuming incorrectly (moneromooo-monero)
2019-12-12 13:44:50 -06:00
luigi1111 e629db18f4
Merge pull request #6049
45fd72b Updated paper references (SarangNoether)
277003f Minor prover simplification (SarangNoether)
2019-12-12 13:43:57 -06:00
luigi1111 a6fa7d493e
Merge pull request #6041
261abf7 functional_tests: ensure mining stops on error in mining test (moneromooo-monero)
2019-12-12 13:41:05 -06:00
luigi1111 425da2381d
Merge pull request #6037
f49a8ca easylogging++: add screen.xterm-256color to the 'allow colour' TERM list (moneromooo-monero)
2019-12-12 13:40:09 -06:00
luigi1111 a61db51aae
Merge pull request #6027
9768e96 simplewallet: remove remaining payment id dead code (moneromooo-monero)
2019-12-12 13:38:00 -06:00
luigi1111 dad4cf121e
Merge pull request #6018
dce6f05 rpc: Only show version string if it matches expected pattern (ndorf)
3293780 daemon: Use rpc for 'version' command (ndorf)
2019-12-12 13:36:05 -06:00
luigi1111 3531cc5fd2
Merge pull request #5965
5d7ae2d Adding support for hidden (anonymity) txpool (vtnerd)
2019-12-12 13:32:35 -06:00
moneromooo-monero 987c3139dc
print_coinbase_tx_sum now supports 128 bits sums
The tail emission will bring the total above 64 bits
2019-12-12 01:56:59 +00:00
Howard Chu c361303184
Silence miner debugmsg spam
Don't try to allocate the dataset repeatedly if it has already failed.
2019-12-09 15:59:52 +00:00
moneromooo-monero d93e1dffa9
simplewallet: warn on refresh if refresh-from-block-height seems off 2019-12-09 14:09:39 +00:00
moneromooo-monero a6a2ad6cac
simplewallet: set manual refresh mode in rescan_bc
This ensures we get asked for the password if needed
2019-12-07 13:57:26 +00:00
Jason Rhinelander 72ca7e3b0f Fix time comparison math
Dividing `dt` here by 1e6 converts it to seconds, but that is clearly
wrong since `REQUEST_NEXT_SCHEDULED_SPAN_THRESHOLD_STANDBY` is measured
in microseconds.  As a result, this if statement was effectively never
used.
2019-12-05 21:02:18 -04:00
naughtyfox a2578892c0 --disable-ban-rpc option to prevent RPC users from banning 2019-12-04 17:45:27 +03:00
Bertrand Jacquin 021cf733c6
ssl: server-side: allow multiple version of TLS
boost::asio::ssl::context is created using specifically TLSv1.2, which
blocks the ability to use superior version of TLS like TLSv1.3.

Filtering is also made specially later in the code to remove unsafe
version for TLS such SSLv2, SSLv3 etc..

This change is removing double filtering to allow TLSv1.2 and above to
be used.

testssl.sh 3.0rc5 now reports the following (please note monerod was
built with USE_EXTRA_EC_CERT):

 $ ./testssl.sh --openssl=/usr/bin/openssl \
     --each-cipher --cipher-per-proto \
     --server-defaults --server-preference \
     --vulnerable --heartbleed --ccs --ticketbleed \
     --robot --renegotiation --compression --breach \
     --poodle --tls-fallback --sweet32 --beast --lucky13 \
     --freak --logjam --drown --pfs --rc4 --full \
     --wide --hints 127.0.0.1:38081

 Using "OpenSSL 1.1.1d  10 Sep 2019" [~80 ciphers]
 on ip-10-97-15-6:/usr/bin/openssl
 (built: "Dec  3 21:14:51 2019", platform: "linux-x86_64")

 Start 2019-12-03 21:51:25        -->> 127.0.0.1:38081 (127.0.0.1) <<--

 rDNS (127.0.0.1):       --
 Service detected:       HTTP

 Testing protocols via sockets except NPN+ALPN

 SSLv2      not offered (OK)
 SSLv3      not offered (OK)
 TLS 1      not offered
 TLS 1.1    not offered
 TLS 1.2    offered (OK)
 TLS 1.3    offered (OK): final
 NPN/SPDY   not offered
 ALPN/HTTP2 not offered

 Testing for server implementation bugs

 No bugs found.

 Testing cipher categories

 NULL ciphers (no encryption)                  not offered (OK)
 Anonymous NULL Ciphers (no authentication)    not offered (OK)
 Export ciphers (w/o ADH+NULL)                 not offered (OK)
 LOW: 64 Bit + DES, RC[2,4] (w/o export)       not offered (OK)
 Triple DES Ciphers / IDEA                     not offered (OK)
 Average: SEED + 128+256 Bit CBC ciphers       not offered
 Strong encryption (AEAD ciphers)              offered (OK)

 Testing robust (perfect) forward secrecy, (P)FS -- omitting Null Authentication/Encryption, 3DES, RC4

 PFS is offered (OK), ciphers follow (client/browser support is important here)

Hexcode  Cipher Suite Name (OpenSSL)       KeyExch.   Encryption  Bits     Cipher Suite Name (IANA/RFC)
-----------------------------------------------------------------------------------------------------------------------------
 x1302   TLS_AES_256_GCM_SHA384            ECDH 253   AESGCM      256      TLS_AES_256_GCM_SHA384
 x1303   TLS_CHACHA20_POLY1305_SHA256      ECDH 253   ChaCha20    256      TLS_CHACHA20_POLY1305_SHA256
 xc030   ECDHE-RSA-AES256-GCM-SHA384       ECDH 253   AESGCM      256      TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
 xc02c   ECDHE-ECDSA-AES256-GCM-SHA384     ECDH 253   AESGCM      256      TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
 xcca9   ECDHE-ECDSA-CHACHA20-POLY1305     ECDH 253   ChaCha20    256      TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
 xcca8   ECDHE-RSA-CHACHA20-POLY1305       ECDH 253   ChaCha20    256      TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
 x1301   TLS_AES_128_GCM_SHA256            ECDH 253   AESGCM      128      TLS_AES_128_GCM_SHA256
 xc02f   ECDHE-RSA-AES128-GCM-SHA256       ECDH 253   AESGCM      128      TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
 xc02b   ECDHE-ECDSA-AES128-GCM-SHA256     ECDH 253   AESGCM      128      TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256

 Elliptic curves offered:     prime256v1 secp384r1 secp521r1 X25519 X448

 Testing server preferences

 Has server cipher order?     yes (OK)
 Negotiated protocol          TLSv1.3
 Negotiated cipher            TLS_AES_256_GCM_SHA384, 253 bit ECDH (X25519)
 Cipher order
    TLSv1.2:   ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-CHACHA20-POLY1305 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-GCM-SHA256
    TLSv1.3:   TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 TLS_AES_128_GCM_SHA256

 Testing server defaults (Server Hello)

 TLS extensions (standard)    "renegotiation info/#65281" "EC point formats/#11" "supported versions/#43" "key share/#51" "max fragment length/#1" "extended master secret/#23"
 Session Ticket RFC 5077 hint no -- no lifetime advertised
 SSL Session ID support       yes
 Session Resumption           Tickets no, ID: no
 TLS clock skew               Random values, no fingerprinting possible

  Server Certificate #1 (in response to request w/o SNI)
   Signature Algorithm          SHA256 with RSA
   Server key size              RSA 4096 bits
   Server key usage             --
   Server extended key usage    --
   Serial / Fingerprints        01 / SHA1 132E42981812F5575FA0AE64922B18A81B38C03F
                                SHA256 EBA3CC4AA09DEF26706E64A70DB4BC8D723533BB67EAE12B503A845019FB61DC
   Common Name (CN)             (no CN field in subject)
   subjectAltName (SAN)         missing (NOT ok) -- Browsers are complaining
   Issuer
   Trust (hostname)             certificate does not match supplied URI
   Chain of trust               NOT ok (self signed)
   EV cert (experimental)       no
   "eTLS" (visibility info)     not present
   Certificate Validity (UTC)   181 >= 60 days (2019-12-03 21:51 --> 2020-06-02 21:51)
   # of certificates provided   1
   Certificate Revocation List  --
   OCSP URI                     --
                                NOT ok -- neither CRL nor OCSP URI provided
   OCSP stapling                not offered
   OCSP must staple extension   --
   DNS CAA RR (experimental)    not offered
   Certificate Transparency     --

  Server Certificate #2 (in response to request w/o SNI)
   Signature Algorithm          ECDSA with SHA256
   Server key size              EC 256 bits
   Server key usage             --
   Server extended key usage    --
   Serial / Fingerprints        01 / SHA1 E17B765DD8124525B1407E827B89A31FB167647D
                                SHA256 AFB7F44B1C33831F521357E5AEEB813044CB02532143E92D35650A3FF792A7C3
   Common Name (CN)             (no CN field in subject)
   subjectAltName (SAN)         missing (NOT ok) -- Browsers are complaining
   Issuer
   Trust (hostname)             certificate does not match supplied URI
   Chain of trust               NOT ok (self signed)
   EV cert (experimental)       no
   "eTLS" (visibility info)     not present
   Certificate Validity (UTC)   181 >= 60 days (2019-12-03 21:51 --> 2020-06-02 21:51)
   # of certificates provided   1
   Certificate Revocation List  --
   OCSP URI                     --
                                NOT ok -- neither CRL nor OCSP URI provided
   OCSP stapling                not offered
   OCSP must staple extension   --
   DNS CAA RR (experimental)    not offered
   Certificate Transparency     --

 Testing HTTP header response @ "/"

 HTTP Status Code             404 Not found (Hint: supply a path which doesn't give a "404 Not found")
 HTTP clock skew              Got no HTTP time, maybe try different URL?
 Strict Transport Security    not offered
 Public Key Pinning           --
 Server banner                Epee-based
 Application banner           --
 Cookie(s)                    (none issued at "/") -- maybe better try target URL of 30x
 Security headers             --
 Reverse Proxy banner         --

 Testing vulnerabilities

 Heartbleed (CVE-2014-0160)                not vulnerable (OK), no heartbeat extension
 CCS (CVE-2014-0224)                       not vulnerable (OK)
 Ticketbleed (CVE-2016-9244), experiment.  not vulnerable (OK), no session ticket extension
 ROBOT                                     Server does not support any cipher suites that use RSA key transport
 Secure Renegotiation (CVE-2009-3555)      not vulnerable (OK)
 Secure Client-Initiated Renegotiation     not vulnerable (OK)
 CRIME, TLS (CVE-2012-4929)                not vulnerable (OK)
 BREACH (CVE-2013-3587)                    no HTTP compression (OK)  - only supplied "/" tested
 POODLE, SSL (CVE-2014-3566)               not vulnerable (OK)
 TLS_FALLBACK_SCSV (RFC 7507)              No fallback possible, no protocol below TLS 1.2 offered (OK)
 SWEET32 (CVE-2016-2183, CVE-2016-6329)    not vulnerable (OK)
 FREAK (CVE-2015-0204)                     not vulnerable (OK)
 DROWN (CVE-2016-0800, CVE-2016-0703)      not vulnerable on this host and port (OK)
                                           make sure you don't use this certificate elsewhere with SSLv2 enabled services
                                           https://censys.io/ipv4?q=EBA3CC4AA09DEF26706E64A70DB4BC8D723533BB67EAE12B503A845019FB61DC could help you to find out
 LOGJAM (CVE-2015-4000), experimental      not vulnerable (OK): no DH EXPORT ciphers, no DH key detected with <= TLS 1.2
 BEAST (CVE-2011-3389)                     no SSL3 or TLS1 (OK)
 LUCKY13 (CVE-2013-0169), experimental     not vulnerable (OK)
 RC4 (CVE-2013-2566, CVE-2015-2808)        no RC4 ciphers detected (OK)

 Testing ciphers per protocol via OpenSSL plus sockets against the server, ordered by encryption strength

Hexcode  Cipher Suite Name (OpenSSL)       KeyExch.   Encryption  Bits     Cipher Suite Name (IANA/RFC)
-----------------------------------------------------------------------------------------------------------------------------
SSLv2
SSLv3
TLS 1
TLS 1.1
TLS 1.2
 xc030   ECDHE-RSA-AES256-GCM-SHA384       ECDH 253   AESGCM      256      TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
 xc02c   ECDHE-ECDSA-AES256-GCM-SHA384     ECDH 253   AESGCM      256      TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
 xcca9   ECDHE-ECDSA-CHACHA20-POLY1305     ECDH 253   ChaCha20    256      TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
 xcca8   ECDHE-RSA-CHACHA20-POLY1305       ECDH 253   ChaCha20    256      TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
 xc02f   ECDHE-RSA-AES128-GCM-SHA256       ECDH 253   AESGCM      128      TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
 xc02b   ECDHE-ECDSA-AES128-GCM-SHA256     ECDH 253   AESGCM      128      TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS 1.3
 x1302   TLS_AES_256_GCM_SHA384            ECDH 253   AESGCM      256      TLS_AES_256_GCM_SHA384
 x1303   TLS_CHACHA20_POLY1305_SHA256      ECDH 253   ChaCha20    256      TLS_CHACHA20_POLY1305_SHA256
 x1301   TLS_AES_128_GCM_SHA256            ECDH 253   AESGCM      128      TLS_AES_128_GCM_SHA256

 Running client simulations (HTTP) via sockets

 Browser                      Protocol  Cipher Suite Name (OpenSSL)       Forward Secrecy
------------------------------------------------------------------------------------------------
 Android 4.2.2                No connection
 Android 4.4.2                TLSv1.2   ECDHE-RSA-AES256-GCM-SHA384       256 bit ECDH (P-256)
 Android 5.0.0                TLSv1.2   ECDHE-RSA-AES128-GCM-SHA256       256 bit ECDH (P-256)
 Android 6.0                  TLSv1.2   ECDHE-RSA-AES128-GCM-SHA256       256 bit ECDH (P-256)
 Android 7.0                  TLSv1.2   ECDHE-RSA-CHACHA20-POLY1305       253 bit ECDH (X25519)
 Android 8.1 (native)         No connection
 Android 9.0 (native)         TLSv1.3   TLS_AES_256_GCM_SHA384            253 bit ECDH (X25519)
 Chrome 65 Win 7              TLSv1.2   ECDHE-RSA-CHACHA20-POLY1305       253 bit ECDH (X25519)
 Chrome 74 (Win 10)           No connection
 Firefox 62 Win 7             TLSv1.2   ECDHE-RSA-CHACHA20-POLY1305       253 bit ECDH (X25519)
 Firefox 66 (Win 8.1/10)      TLSv1.3   TLS_AES_256_GCM_SHA384            253 bit ECDH (X25519)
 IE 6 XP                      No connection
 IE 7 Vista                   No connection
 IE 8 Win 7                   No connection
 IE 8 XP                      No connection
 IE 11 Win 7                  No connection
 IE 11 Win 8.1                No connection
 IE 11 Win Phone 8.1          No connection
 IE 11 Win 10                 TLSv1.2   ECDHE-RSA-AES256-GCM-SHA384       256 bit ECDH (P-256)
 Edge 15 Win 10               TLSv1.2   ECDHE-RSA-AES256-GCM-SHA384       253 bit ECDH (X25519)
 Edge 17 (Win 10)             TLSv1.2   ECDHE-RSA-AES256-GCM-SHA384       253 bit ECDH (X25519)
 Opera 60 (Win 10)            No connection
 Safari 9 iOS 9               TLSv1.2   ECDHE-RSA-AES256-GCM-SHA384       256 bit ECDH (P-256)
 Safari 9 OS X 10.11          TLSv1.2   ECDHE-RSA-AES256-GCM-SHA384       256 bit ECDH (P-256)
 Safari 10 OS X 10.12         TLSv1.2   ECDHE-RSA-AES256-GCM-SHA384       256 bit ECDH (P-256)
 Apple ATS 9 iOS 9            TLSv1.2   ECDHE-RSA-AES256-GCM-SHA384       256 bit ECDH (P-256)
 Tor 17.0.9 Win 7             No connection
 Java 6u45                    No connection
 Java 7u25                    No connection
 Java 8u161                   TLSv1.2   ECDHE-ECDSA-AES256-GCM-SHA384     256 bit ECDH (P-256)
 Java 9.0.4                   TLSv1.2   ECDHE-ECDSA-AES256-GCM-SHA384     256 bit ECDH (P-256)
 OpenSSL 1.0.1l               TLSv1.2   ECDHE-ECDSA-AES256-GCM-SHA384     256 bit ECDH (P-256)
 OpenSSL 1.0.2e               TLSv1.2   ECDHE-ECDSA-AES256-GCM-SHA384     256 bit ECDH (P-256)
 OpenSSL 1.1.0j (Debian)      TLSv1.2   ECDHE-RSA-CHACHA20-POLY1305       253 bit ECDH (X25519)
 OpenSSL 1.1.1b (Debian)      TLSv1.3   TLS_AES_256_GCM_SHA384            253 bit ECDH (X25519)
 Thunderbird (60.6)           TLSv1.3   TLS_AES_256_GCM_SHA384            253 bit ECDH (X25519)
2019-12-03 22:02:16 +00:00
moneromooo-monero 94266eeb89
simplewallet: fix output age display with duplicate heights
The highlight check was based on height, so would highlight
any output at that height, resulting in several matches if
a fake out was picked at the same height as the real spend
2019-12-03 18:50:28 +00:00
moneromooo-monero f1d379d27d
simplewallet: fix "outputs in same tx" detector
It was comparing source txids, but txids were empty,
so all checks triggered
2019-12-03 18:50:22 +00:00
moneromooo-monero 5985c5afe8
rpc: add bad-blocks to flush_cache RPC
Flushes m_invalid_blocks in Blockchain.
2019-12-02 18:53:30 +00:00
moneromooo-monero 948534877e
easylogging++: add emscripten support
This is upstream, but seems to have got lost in conflicts
when merging support for BSDs or android.
2019-12-02 15:09:21 +00:00
TheCharlatan 1d78db2709
Add travis freebsd 2019-12-02 01:04:40 +01:00
woodser ef95a76d0d remove unused variable 'ptx' from on_describe_transfer() 2019-12-01 13:07:26 -05:00
moneromooo-monero 02b8051339
unit_tests: remove invalid bulletproofs unit test
It was intended to check a case which is actually valid (0 gamma),
but was actually duplicating the bad amount test.

Reported by WhatDo_ on IRC.
2019-12-01 15:40:59 +00:00
moneromooo-monero 5f2a32c15a
daemon: run with -rpc-payment-address and --rpc-restricted-bind-port 2019-11-29 20:07:01 +00:00
moneromooo-monero f8127831c7
simplewallet: fix encrypted payment id note triggering on dummy ones 2019-11-29 20:02:46 +00:00
moneromooo-monero 316ab7b56e
wallet2: better error when restoring a wallet with the wrong keys 2019-11-28 18:22:29 +00:00
moneromooo-monero b90c4bc39e
rpc: error out from get_info if the proxied call errors out
Coverity 205410
2019-11-27 19:52:39 +00:00