Changeset View
Changeset View
Standalone View
Standalone View
src/consensus/merkle.cpp
// Copyright (c) 2015-2016 The Bitcoin Core developers | // Copyright (c) 2015-2016 The Bitcoin Core developers | ||||
// Distributed under the MIT software license, see the accompanying | // Distributed under the MIT software license, see the accompanying | ||||
// file COPYING or http://www.opensource.org/licenses/mit-license.php. | // file COPYING or http://www.opensource.org/licenses/mit-license.php. | ||||
#include "merkle.h" | #include <consensus/merkle.h> | ||||
#include "hash.h" | #include <hash.h> | ||||
#include "utilstrencodings.h" | #include <utilstrencodings.h> | ||||
/* WARNING! If you're reading this because you're learning about crypto | /* WARNING! If you're reading this because you're learning about crypto | ||||
and/or designing a new system that will use merkle trees, keep in mind | and/or designing a new system that will use merkle trees, keep in mind | ||||
that the following merkle tree algorithm has a serious flaw related to | that the following merkle tree algorithm has a serious flaw related to | ||||
duplicate txids, resulting in a vulnerability (CVE-2012-2459). | duplicate txids, resulting in a vulnerability (CVE-2012-2459). | ||||
The reason is that if the number of hashes in the list at a given time | The reason is that if the number of hashes in the list at a given time | ||||
is odd, the last one is duplicated before computing the next level (which | is odd, the last one is duplicated before computing the next level (which | ||||
▲ Show 20 Lines • Show All 56 Lines • Show Last 20 Lines |