Skip to content

Disallow automatic conversion between disparate hash types #17938

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 8 commits into from
Jun 21, 2020
Merged

Disallow automatic conversion between disparate hash types #17938

merged 8 commits into from
Jun 21, 2020

Conversation

Empact
Copy link
Contributor

@Empact Empact commented Jan 16, 2020

This bases the script/standard hash types, TxDestination-related and CScriptID on a base template which does not silently convert the underlying uintN type.

Inspired by and built on #17924. Commits are small and focused to ease review.

Note some of these changes may be relative to existing bugs of the same sort as #17924. See particularly "Convert CPubKey to WitnessV0KeyHash directly" and "Remove an apparently unnecessary conversion".

@Empact Empact mentioned this pull request Jan 16, 2020
Merged
@DrahtBot
Copy link
Contributor

DrahtBot commented Jan 16, 2020
edited
Loading

The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

Conflicts

Reviewers, this pull request conflicts with the following ones:

If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.

@instagibbs
Copy link
Member

concept ACK, will review deeper if base is merged

@Sjors
Copy link
Member

Sjors commented Jan 17, 2020

Code review ACK 730267f

@Empact
Copy link
Contributor Author

Empact commented Jan 17, 2020

@instagibbs rebased now that #17924 is merged

@Empact
Copy link
Contributor Author

Empact commented Jan 29, 2020

@instagibbs how about a review?

@laanwj
Copy link
Member

laanwj commented Feb 5, 2020

Concept ACK, I like the idea of using explicit and separate types here to prevent non-sensible conversions, if you can use language features to avoid bugs that's very good.

@practicalswift
Copy link
Contributor

Concept ACK: explicit conversion is better (and safer!) than implicit conversion

This was referenced Feb 11, 2020
Merged
Closed
Merged
Merged
Closed
Merged
Merged
This was referenced Feb 21, 2020
Merged
Closed
Merged
@DrahtBot DrahtBot mentioned this pull request Jun 6, 2020
Closed
achow101
achow101 approved these changes Jun 11, 2020
View reviewed changes
Copy link
Member

@achow101 achow101 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ACK 4b7de7c

@DrahtBot DrahtBot mentioned this pull request Jun 16, 2020
Closed
5 tasks
meshcollider
meshcollider reviewed Jun 17, 2020
View reviewed changes
Copy link
Contributor

@meshcollider meshcollider left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code review ACK 4b7de7c

@meshcollider
Copy link
Contributor

There is a build error unfortunately

wallet/scriptpubkeyman.cpp:2054:25: error: no matching function for call to ‘CKeyID::CKeyID(const PKHash&)’
     CKeyID key_id(pkhash);
                         ^

@Empact Empact force-pushed the hash-conversion branch from 4b7de7c to 1236555 Compare June 18, 2020 22:09
@Empact
Copy link
Contributor Author

Empact commented Jun 18, 2020

Rebased, and the fix is in 1236555

I'm not sure what's up with Appveyor, and I'm happy to squash.

@maflcko
Copy link
Member

maflcko commented Jun 19, 2020

I think it makes sense to squash fixup commits that fix a compile-failure. Otherwise it is not possible to compile earlier commits.

@DrahtBot DrahtBot mentioned this pull request Jun 19, 2020
Merged
Empact added 8 commits June 19, 2020 12:14
@Empact
Prefer explicit uint160 conversion
0a5ea32
@Empact
Prefer explicit CScriptID construction
3fcc468
@Empact
Convert CPubKey to WitnessV0KeyHash directly
a9e451f 
The round-tripping through PKHash has no effect, and is
potentially misleading as such.
@Empact
Use explicit conversion from PKHash -> CKeyID
2c54217 
These types are equivalent, in data etc, so they need only their
data cast across.

Note a function is used rather than a casting
operator as CKeyID is defined at a lower level than script/standard
@Empact
Use explicit conversion from WitnessV0KeyHash -> CKeyID
f32c1e0 
These types are equivalent, in data etc, so they need only their
data cast across.
@Empact
Explicitly support conversion between equivalent hash types
966a22d 
ScriptHash <-> CScriptID
CKeyID -> PKHash
PKHash -> WitnessV0KeyHash
@Empact
Remove an apparently unnecessary conversion
fa9ef2c 
CScript -> CScriptID -> ScriptHash is unnecessary because
ScriptHash and CScriptID do the same thing.
@Empact
Disallow automatic conversion between hash types
4d73691 
A templated BaseHash does not allow for automatic conversion, thus
conversions much be explicitly allowed / whitelisted, which will
reduce the risk of unintended conversions.
@Empact Empact force-pushed the hash-conversion branch from 1236555 to 4d73691 Compare June 19, 2020 20:02
@Empact
Copy link
Contributor Author

Empact commented Jun 19, 2020

Squashed the fix and rebased.

@achow101
Copy link
Member

ACK 4d73691

Only change since last is to handle a newly introduced conversion. That's also a good example of the benefits that this PR brings.

@meshcollider
Copy link
Contributor

re-utACK 4d73691

@meshcollider meshcollider merged commit bd331bd into bitcoin:master Jun 21, 2020
@Empact Empact deleted the hash-conversion branch June 21, 2020 08:35
@ryanofsky ryanofsky mentioned this pull request Jul 7, 2020
Draft
Fabcien pushed a commit to Bitcoin-ABC/bitcoin-abc that referenced this pull request Feb 3, 2021
@Empact @Fabcien
Disallow automatic conversion between disparate hash types
79bd383 
Summary:
```
This bases the script/standard hash types, TxDestination-related and
CScriptID on a base template which does not silently convert the
underlying uintN type.

Inspired by and built on #17924. Commits are small and focused to ease
review.

Note some of these changes may be relative to existing bugs of the same
sort as #17924. See particularly "Convert CPubKey to WitnessV0KeyHash
directly" and "Remove an apparently unnecessary conversion".
```

Backport of core [[bitcoin/bitcoin#17938 | PR17938]].

Test Plan:
  ninja all check-all

Reviewers: #bitcoin_abc, PiRK

Reviewed By: #bitcoin_abc, PiRK

Differential Revision: https://reviews.bitcoinabc.org/D9140
@kwvg kwvg mentioned this pull request May 19, 2021
Merged
@furszy furszy mentioned this pull request Sep 7, 2021
Closed
@bitcoin bitcoin locked as resolved and limited conversation to collaborators Aug 18, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@achow101 achow101 achow101 approved these changes

@Sjors Sjors Awaiting requested review from Sjors

@ryanofsky ryanofsky Awaiting requested review from ryanofsky

@instagibbs instagibbs Awaiting requested review from instagibbs

+1 more reviewer

@meshcollider meshcollider meshcollider left review comments

Reviewers whose approvals may not affect merge requirements
Assignees
No one assigned
Labels
RPC/REST/ZMQ Wallet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
10 participants
@Empact @DrahtBot @instagibbs @Sjors @laanwj @practicalswift @meshcollider @maflcko @achow101 @fanquake