Commit Graph

55 Commits

Author SHA1 Message Date
Philip Kaufmann
be8e1f8479 Bitcoin-Qt: fix crash on Windows caused by CDBEnv::EnvShutdown()
- can be triggerd by just adding -proxy=crashme with 0.7.1
- crash occured, when AppInit2() was left with return false; after the
  first call to bitdb.open() (Step 6 in init)
- this is caused by GetDataDir() or .string() in CDBEnv::EnvShutdown()
  called via the bitdb global destructor
- init fDbEnvInit and fMockDb to false in CDBEnv::CDBEnv()
2012-11-18 14:10:26 +01:00
Philip Kaufmann
c74bae0fdf simplify CDBEnv::Open() / fix small glitches
- remove pathEnv from CDBEnv, as this attribute is not needed
- change path parameter in ::Open() to a reference
- make nDbCache variable an unsigned integer
- remove a missplaced ";" behin ::IsMock()
2012-11-10 01:11:22 +01:00
Pieter Wuille
92467073ad Remove -detachdb and stop's detach argument.
As the only BDB database left is the wallet, and it is always
detached.

Also remove IsChainFile() predicate and related chainfile-specific
logic.
2012-11-04 12:59:06 +01:00
Pieter Wuille
2d8a48292b LevelDB block and coin databases
Split off CBlockTreeDB and CCoinsViewDB into txdb-*.{cpp,h} files,
implemented by either LevelDB or BDB.

Based on code from earlier commits by Mike Hearn in his leveldb
branch.
2012-10-20 23:08:57 +02:00
Pieter Wuille
d979e6e36a Use singleton block tree database instance 2012-10-20 23:08:57 +02:00
Pieter Wuille
ae8bfd12da Batch block connection during IBD
During the initial block download (or -loadblock), delay connection
of new blocks a bit, and perform them in a single action. This reduces
the load on the database engine, as subsequent blocks often update an
earlier block's transaction already.
2012-10-20 23:08:57 +02:00
Pieter Wuille
450cbb0944 Ultraprune
This switches bitcoin's transaction/block verification logic to use a
"coin database", which contains all unredeemed transaction output scripts,
amounts and heights.

The name ultraprune comes from the fact that instead of a full transaction
index, we only (need to) keep an index with unspent outputs. For now, the
blocks themselves are kept as usual, although they are only necessary for
serving, rescanning and reorganizing.

The basic datastructures are CCoins (representing the coins of a single
transaction), and CCoinsView (representing a state of the coins database).
There are several implementations for CCoinsView. A dummy, one backed by
the coins database (coins.dat), one backed by the memory pool, and one
that adds a cache on top of it. FetchInputs, ConnectInputs, ConnectBlock,
DisconnectBlock, ... now operate on a generic CCoinsView.

The block switching logic now builds a single cached CCoinsView with
changes to be committed to the database before any changes are made.
This means no uncommitted changes are ever read from the database, and
should ease the transition to another database layer which does not
support transactions (but does support atomic writes), like LevelDB.

For the getrawtransaction() RPC call, access to a txid-to-disk index
would be preferable. As this index is not necessary or even useful
for any other part of the implementation, it is not provided. Instead,
getrawtransaction() uses the coin database to find the block height,
and then scans that block to find the requested transaction. This is
slow, but should suffice for debug purposes.
2012-10-20 23:08:57 +02:00
Pieter Wuille
5382bcf8cd Multiple blocks per file
Change the block storage layer again, this time with multiple files
per block, but tracked by txindex.dat database entries. The file
format is exactly the same as the earlier blk00001.dat, but with
smaller files (128 MiB for now).

The database entries track how many bytes each block file already
uses, how many blocks are in it, which range of heights is present
and which range of dates.
2012-10-20 23:08:57 +02:00
Gavin Andresen
eed1785f70 Handle corrupt wallets gracefully.
Corrupt wallets used to cause a DB_RUNRECOVERY uncaught exception and a
crash. This commit does three things:

1) Runs a BDB verify early in the startup process, and if there is a
low-level problem with the database:
  + Moves the bad wallet.dat to wallet.timestamp.bak
  + Runs a 'salvage' operation to get key/value pairs, and
    writes them to a new wallet.dat
  + Continues with startup.

2) Much more tolerant of serialization errors. All errors in deserialization
are reported by tolerated EXCEPT for errors related to reading keypairs
or master key records-- those are reported and then shut down, so the user
can get help (or recover from a backup).

3) Adds a new -salvagewallet option, which:
 + Moves the wallet.dat to wallet.timestamp.bak
 + extracts ONLY keypairs and master keys into a new wallet.dat
 + soft-sets -rescan, to recreate transaction history

This was tested by randomly corrupting testnet wallets using a little
python script I wrote (https://gist.github.com/3812689)
2012-10-08 17:46:45 -04:00
Luke Dashjr
148e107da6 Run BDB disk-less for test_bitcoin 2012-07-11 04:26:44 +00:00
Pieter Wuille
70f6049f71 Remove CTxDB::ReadOwnerTxes.
It seems it wasn't ever used since 0.1.5.
2012-06-20 15:07:48 +02:00
Jeff Garzik
9ac282ca0c Refactor: add IsChainFile helper. LoadBlockIndex() code movement. 2012-05-23 00:17:07 -04:00
Luke Dashjr
f9189543bf CDBEnv: fix qt build 2012-05-22 20:47:42 -04:00
Jeff Garzik
0134a1c08c Merge branch 'dbenv' into tmp
Conflicts:
	src/db.cpp
2012-05-22 17:45:00 -04:00
Jeff Garzik
f94b64c2f3 Prevent crashes due to missing or corrupted database records
Any problems seen during deserialization will throw an uncaught
exception, crashing the entire bitcoin process.  Properly return an
error instead, so that we may at least log the error and gracefully
shutdown other portions of the app.
2012-05-22 15:12:52 -04:00
Pieter Wuille
46784d0826 Merge pull request #1354 from fanquake/master
Update Header Licenses
2012-05-20 12:27:50 -07:00
Jeff Garzik
ffe8b77a61 Further CDBEnv encapsulation work. 2012-05-19 20:46:52 -04:00
Jeff Garzik
8b1202c52c Remove unused nested BDB transaction support 2012-05-19 20:45:39 -04:00
Jeff Garzik
24b57e3c6a Create CDBEnv::TxnBegin(), and use it in CDB::TxnBegin() 2012-05-19 20:44:31 -04:00
Jeff Garzik
cd9696fc97 Encapsulate BDB environment inside new CDBEnv class
Cleans up and organizes several scattered functions and variables related to
the BDB env.  Class CDBInit() existed to provide a
guaranteed-via-C++-destructor cleanup of the db environment.

A formal CDBEnv class provides all of this inside a single wrapper.
2012-05-19 20:43:19 -04:00
Jeff Garzik
394b9298fa Default to DB_TXN_WRITE_NOSYNC for all transactional operations
* This is safer than DB_TXN_NOSYNC, and does not appear to impact
  performance.
* Applying this to the dbenv is necessary to avoid many fdatasync(2)
  calls on db 5.x
* We carefully and thoroughly flush databases upon shutdown and
  other important events already.
2012-05-19 01:25:06 -04:00
Fordy
3a25a2b9b0 Update License in File Headers
I originally created a pull to replace the "COPYING" in crypter.cpp and
crypter.h, but it turned out that COPYING was actually the correct
file.
2012-05-18 22:02:28 +08:00
Jeff Garzik
d17ac27a72 Merge pull request #1316 from jgarzik/dead-code
Remove dead code: CTxDB::EraseBlockIndex(), CBlockIndex::EraseBlockFromDisk()
2012-05-17 08:47:54 -07:00
Jeff Garzik
928d3a011c CAddrDB: Replace BDB-managed addr.dat with internally managed peers.dat 2012-05-16 22:11:19 -04:00
Jeff Garzik
a7d45c5a7a Remove dead code: CTxDB::EraseBlockIndex(), CBlockIndex::EraseBlockFromDisk() 2012-05-15 13:36:25 -04:00
Pieter Wuille
83743ed681 Make lsn_reset ("detach databases") optional and off by default.
Add an option -detachdb (and entry in OptionDialog), without which no
lsn_reset is called on addr.dat and blkindex.dat. That means these
files cannot be moved to a new environment, but shutdown can be
significantly faster. The wallet file is always lsn_reset'ed.

-detachdb corresponds to the old behaviour, though it is off by
default now to speed up shutdowns.
2012-04-26 00:31:54 +02:00
Pieter Wuille
6b6aaa1698 Further reduce header dependencies
This commit removes the dependency of serialize.h on PROTOCOL_VERSION,
and makes this parameter required instead of implicit. This is much saner,
as it makes the places where changing a version number can have an
influence obvious.
2012-04-17 20:03:42 +02:00
Jeff Garzik
9eace6b113 Move CWalletDB code to new walletdb module.
In addition to standard code separation, this change opens the door
to fixing several include inter-dependencies.
2012-04-17 20:00:55 +02:00
Pieter Wuille
ed6d0b5f85 Remove headers.h 2012-04-17 20:00:55 +02:00
Gavin Andresen
c698633447 Merge branch 'master' of github.com:bitcoin/bitcoin 2012-03-26 15:31:32 -04:00
Pieter Wuille
53cb1a49e7 Use erase instead of rewrite to remove old addr entries 2012-03-26 20:22:38 +02:00
Pieter Wuille
6b8de05d0a Begin doxygen-compatible comments 2012-03-26 16:48:23 +02:00
Gavin Andresen
a6b4a11385 Merge branch 'addrman' of https://github.com/sipa/bitcoin 2012-03-22 09:19:01 -04:00
Gavin Andresen
972060ce0e bitcoind changes to stop storing settings in wallet.dat. 2012-02-26 23:21:33 +01:00
Pieter Wuille
5fee401fe1 CAddrMan: stochastic address manager
Design goals:
 * Only keep a limited number of addresses around, so that addr.dat does not grow without bound.
 * Keep the address tables in-memory, and occasionally write the table to addr.dat.
 * Make sure no (localized) attacker can fill the entire table with his nodes/addresses.

See comments in addrman.h for more detailed information.
2012-02-24 13:41:04 +01:00
Pieter Wuille
0b807a417f Add SetMinVersion to CWallet 2012-02-18 15:42:29 +01:00
Gavin Andresen
882164196e Update all copyrights to 2012 2012-02-07 11:28:30 -05:00
Wladimir J. van der Laan
bde280b9a4 Revert "Use standard C99 (and Qt) types for 64-bit integers"
This reverts commit 21d9f36781.
2011-12-21 22:33:19 +01:00
Luke Dashjr
21d9f36781 Use standard C99 (and Qt) types for 64-bit integers 2011-12-20 16:52:59 -05:00
Gavin Andresen
2a45a494b0 Use block times for 'hard' OP_EVAL switchover, and refactored EvalScript
so it takes a flag for how to interpret OP_EVAL.
Also increased IsStandard size of scriptSigs to 500 bytes, so
a 3-of-3 multisig transaction IsStandard.
2011-12-19 13:24:48 -05:00
Gavin Andresen
e679ec969c OP_EVAL implementation
OP_EVAL is a new opcode that evaluates an item on the stack as a script.
It enables a new type of bitcoin address that needs an arbitrarily
complex script to redeem.
2011-12-19 12:40:19 -05:00
Gavin Andresen
b2d3b2d65d Never remove database files on shutdown, it caused unreadable wallets on some testers' machines. 2011-11-20 10:39:01 -05:00
Gavin Andresen
1c15f88653 Only remove database log files on shutdown after wallet encryption/rewrite 2011-11-17 14:21:32 -05:00
Gavin Andresen
d764d9161e Obsolete keypool and make sure database removes log files on shutdown. 2011-11-15 09:30:16 -05:00
Pieter Wuille
9e9869d0fe Resilvering 2011-11-14 09:59:22 -05:00
Matt Corallo
b2120e223a Unify copyright notices.
To a variation on:
// Copyright (c) 2009-2010 Satoshi Nakamoto
// Copyright (c) 2011 The Bitcoin developers
2011-08-09 13:32:52 +02:00
Jeff Garzik
116df55e21 Update CWallet::LoadWallet for proper return type. 2011-07-13 01:07:49 -04:00
Giel van Schijndel
ecf1c79aad fix warnings: expression result unused [-Wunused-value]
In the assert()s take advantage of the fact that string constants
("string") are effectively of type 'const char []', which when used in
an expression yield a non-NULL pointer.

An assertion that should always fail can thus be formulated as:
  assert(!"fail);

An assertion where a text message should be added to the expression can
be written as such:
  assert("message" && expression);

Signed-off-by: Giel van Schijndel <me@mortis.eu>
2011-07-13 05:07:44 +02:00
Jeff Garzik
0fa89d8e81 Merge pull request #381 from TheBlueMatt/nminversion
Add minversion to wallet.
2011-07-12 19:34:30 -07:00
Matt Corallo
4e87d341f7 Add wallet privkey encryption.
This commit adds support for ckeys, or enCrypted private keys, to the wallet.
All keys are stored in memory in their encrypted form and thus the passphrase
is required from the user to spend coins, or to create new addresses.

Keys are encrypted with AES-256-CBC using OpenSSL's EVP library. The key is
calculated via EVP_BytesToKey using SHA512 with (by default) 25000 rounds and
a random salt.

By default, the user's wallet remains unencrypted until they call the RPC
command encryptwallet <passphrase> or, from the GUI menu, Options->
Encrypt Wallet.

When the user is attempting to call RPC functions which require the password
to unlock the wallet, an error will be returned unless they call
walletpassphrase <passphrase> <time to keep key in memory> first.

A keypoolrefill command has been added which tops up the users keypool
(requiring the passphrase via walletpassphrase first).
keypoolsize has been added to the output of getinfo to show the user the
number of keys left before they need to specify their passphrase (and call
keypoolrefill).

Note that walletpassphrase will automatically fill keypool in a separate
thread which it spawns when the passphrase is set. This could cause some
delays in other threads waiting for locks on the wallet passphrase, including
one which could cause the passphrase to be stored longer than expected,
however it will not allow the passphrase to be used longer than expected as
ThreadCleanWalletPassphrase will attempt to get a lock on the key as soon
as the specified lock time has arrived.

When the keypool runs out (and wallet is locked) GetOrReuseKeyFromPool
returns vchDefaultKey, meaning miners may start to generate many blocks to
vchDefaultKey instead of a new key each time.

A walletpassphrasechange <oldpassphrase> <newpassphrase> has been added to
allow the user to change their password via RPC.

Whenever keying material (unencrypted private keys, the user's passphrase,
the wallet's AES key) is stored unencrypted in memory, any reasonable attempt
is made to mlock/VirtualLock that memory before storing the keying material.
This is not true in several (commented) cases where mlock/VirtualLocking the
memory is not possible.

Although encryption of private keys in memory can be very useful on desktop
systems (as some small amount of protection against stupid viruses), on an
RPC server, the password is entered fairly insecurely. Thus, the only main
advantage encryption has for RPC servers is for RPC servers that do not spend
coins, except in rare cases, eg. a webserver of a merchant which only receives
payment except for cases of manual intervention.

Thanks to jgarzik for the original patch and sipa, gmaxwell and many others
for all their input.

Conflicts:

	src/wallet.cpp
2011-07-13 02:11:25 +02:00