Security fixes:
- HIGH-014: Use OpenSSL's RAND_bytes() for cryptographic random instead
of std::mt19937 when libsodium not available
- HIGH-021: Use find() instead of operator[] in SimpleSplitter::submit()
to avoid inserting nullptr into map
- HIGH-024: Use CRYPTO_memcmp() for constant-time token comparison in
Httpd::auth() to prevent timing attacks
- HIGH-026: Add overflow detection and slot reuse in Storage::add()
counter to prevent ID collisions after many connections
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Critical fixes:
- CRIT-008: Enable TLS peer certificate verification in client connections
- CRIT-010: Add null pointer checks throughout ExtraNonceSplitter
- CRIT-011: Validate JSON error message field before access in Client
- CRIT-013: Make event system thread-safe with atomic<bool> and CAS
- CRIT-018: Add bounds checking in NonceSplitter vector access
High priority fixes:
- HIGH-002: Set 0600 permissions on generated private key files
- HIGH-004: Add strtol error checking and overflow validation
- HIGH-007: Handle integer overflow in ExtraNonceStorage nonce counter
- HIGH-018: Add comprehensive JSON field validation in Miner::parse()
These fixes address TLS security, thread safety, memory safety, and
input validation issues identified during parallel code review.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Security fixes implemented:
- CRIT-001/002: Replace static shared buffer with per-instance buffer in Miner
- CRIT-003: Redact password from API response in ApiRouter
- CRIT-004: Fix TlsContext::setCiphers returning true on failure + TLS hardening
- CRIT-005: Add null check in Controller destructor to prevent double-free
- CRIT-006: Add JSON type validation before member access in BindHost
- CRIT-007: Restrict CORS to localhost + add security headers in HttpApiResponse
- CRIT-014: Add HTTP body/header/URL size limits to prevent DoS
- HIGH-001: Make miner ID generation thread-safe with std::atomic
- HIGH-003: Make all global counters atomic in Counters class
- HIGH-009: Implement rolling window for latency vector (max 10K entries)
These fixes address race conditions, memory exhaustion DoS vectors,
information disclosure, and thread safety issues identified during
parallel code review.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Implement GPU mining backends for three new algorithms:
- ProgPowZ (Zano): DAG-based ProgPow variant with 512 parents, dynamic
program generation per period
- ETChash (Ethereum Classic): Standard Ethash with 256 parents and
ECIP-1099 epoch calculation for post-block 11.7M
- Blake3DCR (Decred): Simple Blake3 hash kernel with no DAG requirement,
processing 180-byte block headers
Each implementation includes OpenCL kernels, GPU runners, thread
generators, and build system integration. Also adds fast modulo
optimization to ETCCache for GPU kernel performance.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Stratum protocol integration for ETChash, ProgPowZ, Blake3DCR
- EthStratumClient selection for DAG-based algorithms
- Nonce offset handling for all new algorithm families
- AutoClient support for new algorithm detection
- Coin definitions for ETC, ETH, ZANO, DCR
Worker integration:
- CPU worker support for Blake3DCR mining
- GPU worker stubs for ETChash, ProgPowZ, Blake3
- Proper algorithm family handling in CpuWorker/OclWorker
Go CLI integration:
- Updated xmrig_start.go with coin field support
- Improved pool configuration for new algorithms
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add Blake3 cryptographic hash library (portable C implementation)
- Create Blake3DCR wrapper for Decred mining (180-byte block headers)
- Register BLAKE3_DCR algorithm ID (0x62100000) with dcr/decred aliases
- Support for block header hashing and nonce iteration
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add core crypto implementation (ProgPowZHash.cpp, ProgPowZCache.cpp)
- ProgPowZ uses standard Ethash 30000 block epochs
- Period length 50 (vs 3 for KawPow), CNT_CACHE 12, CNT_MATH 20
- Integrate with OpenCL and CUDA backends for memory calculation
- Register PROGPOWZ_ZANO algorithm ID (0x70100000)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add core crypto implementation (ETChash.cpp, ETCCache.cpp)
- Implement ECIP-1099 epoch calculation for Ethereum Classic
- Add Ethash support with standard 30000 block epochs
- Integrate with OpenCL and CUDA backends for memory calculation
- Register ETCHASH_ETC and ETHASH_ETH algorithm IDs
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
