Remove pre-EIP-8 RLPx handshake support#10257
Merged
jflo merged 3 commits intobesu-eth:mainfrom Apr 17, 2026
Merged
Conversation
Signed-off-by: stefan.pingel@consensys.net <stefan.pingel@consensys.net>
Contributor
There was a problem hiding this comment.
Pull request overview
Note
Copilot was unable to run its full agentic suite in this review.
Removes legacy pre-EIP-8 (V1) RLPx handshake support and makes the EIP-8 (V4) framing/handshake logic unconditional, simplifying the ECIES handshake implementation.
Changes:
- Deleted V1 handshake message classes and removed V1 encrypt/decrypt paths.
- Simplified
ECIESHandshakerto always use EIP-8 size-prefix parsing and V4 message decode/encode. - Updated netty
DeFramer/tests to bind the HELLO nodeId to the authenticated handshake identity.
Reviewed changes
Copilot reviewed 8 out of 8 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| ethereum/p2p/src/test/java/org/hyperledger/besu/ethereum/p2p/rlpx/handshake/ecies/ECIESHandshakeTest.java | Removes V1/PyEVM test vectors and legacy-message test helpers. |
| ethereum/p2p/src/test/java/org/hyperledger/besu/ethereum/p2p/rlpx/connections/netty/DeFramerTest.java | Updates tests for new DeFramer constructor and HELLO nodeId/handshake-id mismatch behavior. |
| ethereum/p2p/src/main/java/org/hyperledger/besu/ethereum/p2p/rlpx/handshake/ecies/ResponderHandshakeMessageV1.java | Deletes legacy V1 responder handshake message implementation. |
| ethereum/p2p/src/main/java/org/hyperledger/besu/ethereum/p2p/rlpx/handshake/ecies/InitiatorHandshakeMessageV1.java | Deletes legacy V1 initiator handshake message implementation. |
| ethereum/p2p/src/main/java/org/hyperledger/besu/ethereum/p2p/rlpx/handshake/ecies/EncryptedMessage.java | Removes legacy ECIES message framing and clarifies EIP-8-only methods/docs. |
| ethereum/p2p/src/main/java/org/hyperledger/besu/ethereum/p2p/rlpx/handshake/ecies/ECIESHandshaker.java | Removes V1 fallback logic; parses EIP-8 size prefix unconditionally; uses V4 messages only. |
| ethereum/p2p/src/main/java/org/hyperledger/besu/ethereum/p2p/rlpx/connections/netty/DeFramer.java | Adds authenticated nodeId parameter and enforces HELLO nodeId matches the handshake identity. |
| ethereum/p2p/src/main/java/org/hyperledger/besu/ethereum/p2p/rlpx/connections/netty/AbstractHandshakeHandler.java | Passes authenticated nodeId into DeFramer. |
Comment on lines
+148
to
+163
| // Read the EIP-8 size prefix to determine the full message length. | ||
| buf.markReaderIndex(); | ||
| if (buf.readableBytes() < 2) { | ||
| return Optional.empty(); | ||
| } | ||
| final int size = buf.readUnsignedShort(); | ||
| if (size > buf.readableBytes()) { | ||
| buf.resetReaderIndex(); | ||
| return Optional.empty(); | ||
| } | ||
|
|
||
| buf.markReaderIndex(); | ||
| final ByteBuf bufferedBytes = buf.readSlice(expectedLength); | ||
| final byte[] encryptedBytes = new byte[bufferedBytes.readableBytes()]; | ||
| bufferedBytes.getBytes(0, encryptedBytes); | ||
| Bytes bytes = Bytes.wrap(encryptedBytes); | ||
| // Read the full EIP-8 message (size prefix + payload). | ||
| buf.resetReaderIndex(); | ||
| final byte[] fullMessage = new byte[size + 2]; | ||
| buf.readBytes(fullMessage); | ||
| final Bytes encryptedMsg = Bytes.wrap(fullMessage); |
There was a problem hiding this comment.
The EIP-8 size prefix is used directly to allocate new byte[size + 2] without any upper-bound validation. A peer can advertise a large size (up to 65535) to force oversized allocations and increase memory pressure/GC (or potentially OOM if repeated). Add a hard cap for handshake packets (e.g., a small constant like a few KB, aligned with expected auth/ack sizes plus EIP-8 padding) and fail the handshake early when size exceeds that limit.
Contributor
There was a problem hiding this comment.
@copilot suggest changes based on this feedback
Comment on lines
+163
to
+173
| if (!peerInfo.getNodeId().equals(authenticatedNodeId)) { | ||
| LOG.debug( | ||
| "Peer Hello nodeId {} does not match authenticated nodeId from handshake {}. Disconnecting.", | ||
| peerInfo.getNodeId(), | ||
| authenticatedNodeId); | ||
| connectFuture.completeExceptionally( | ||
| new UnexpectedPeerConnectionException( | ||
| "Hello nodeId does not match handshake identity")); | ||
| ctx.close(); | ||
| return; | ||
| } |
There was a problem hiding this comment.
On HELLO/handshake identity mismatch, the code closes the channel without sending a devp2p Disconnect reason (previous behavior used UNEXPECTED_ID). This can make the disconnect harder to diagnose for the remote side and may deviate from expected protocol behavior. Consider emitting a DisconnectMessage with an appropriate reason before closing (or moving this check to a point where a RlpxConnection exists so connection.disconnect(...) can be used), then closing after flush.
fab-10
approved these changes
Apr 17, 2026
daniellehrner
added a commit
that referenced
this pull request
Apr 21, 2026
* enable bal parallelization for all blocks and not only head (#10234) Signed-off-by: Karim Taam <karim.t2am@gmail.com> * Add MULMOD to EVMv2 (#10168) - Add MulModOperationV2, tests and benchmarks - Rename c -> m in benchmarks following (a * b) % m formula - Add MulModOperationV2Test covering stack management and underflow Tests verify correct stack depth reduction (3→1), result placement, zero-modulus special case, cross-limb arithmetic, and that underflow with 0 or 2 items returns INSUFFICIENT_STACK_ITEMS without mutating the stack. --------- Signed-off-by: Simon Dudley <simon.dudley@consensys.net> * BlockSimulator fix (#10251) * BlockSimulator fix Signed-off-by: Roman <4833306+Filter94@users.noreply.github.com> Signed-off-by: Roman <4833306+Filter94@users.noreply.github.com> Co-authored-by: garyschulte <garyschulte@gmail.com> * Enable NullAway static null-safety analysis for util module (#10046) * Migrate JSR305 nullness annotations to JSpecify - Replace javax.annotation.Nullable and javax.annotation.CheckForNull with org.jspecify.annotations.Nullable across 18 Java files - Update platform constraint to org.jspecify:jspecify:1.0.0 - Replace compileOnly com.google.code.findbugs:jsr305 with compileOnly org.jspecify:jspecify in affected modules Signed-off-by: Mykim <38449976+Apisapple@users.noreply.github.com> * feat(util): add opt-in NullAway configuration for Error Prone Signed-off-by: mykim <kimminyong2034@gmail.com> * feat(util): enable NullAway with comprehensive nullability fixes - Add NullAway 0.12.4 to util errorprone dependencies - Annotate nullable fields/returns in 6 util classes with @nullable - Fix nullable dereferences: RollingFileWriter, StackTraceMatchFilter, PlatformDetector - Enable NullAway:ERROR for util main compile, OFF for tests - Add optional CI job (run-nullaway label) for gradual monitoring - All util compilation passes with NullAway ERROR by default Fixes: - MemoryBoundCache: mark getIfPresent() return as @nullable - ExceptionUtils: annotate rootCause() for nullable input/output - RollingFileWriter: guard Path.getParent() null dereference - PlatformDetector: make static fields @nullable, add fallback to UNKNOWN - BesuVersionUtils: mark VERSION/COMMIT fields as @nullable - StackTraceMatchFilter: fix nullable message comparison, builder fields Signed-off-by: mykim <kimminyong2034@gmail.com> * style(util): format code for improved readability in StackTraceMatchFilter Signed-off-by: mykim <kimminyong2034@gmail.com> * fix(util): PlatformDetector.normalizeGLibcVersion returns UNKNOWN not null Replace null return with UNKNOWN to satisfy NullAway @nonnull contract. Signed-off-by: mykim <kimminyong2034@gmail.com> * fix(util): update getGlibc to return null instead of UNKNOWN - Return null to account for existing code that expects and handles null values. Signed-off-by: mykim <kimminyong2034@gmail.com> * fix(util): remove NullAway flag from util compile command - Remove the unnecessary -PenableNullAway flag Signed-off-by: mykim <kimminyong2034@gmail.com> * docs(util): update getGlibc Javadoc to clarify return value can be null - Update the Javadoc to reflect the actual behavior of the getGlibc function. Signed-off-by: mykim <kimminyong2034@gmail.com> * docs(util): update NullAway optional check job name for clarity Signed-off-by: mykim <kimminyong2034@gmail.com> * fix(util): update getGlibc to always return a value instead of null Signed-off-by: mykim <kimminyong2034@gmail.com> * fix(util): remove NullAway optional check job from pre-review workflow Signed-off-by: mykim <kimminyong2034@gmail.com> * Fix YAML indentation in pre-review workflow Adjust indentation of GRADLEW_UNIT_TEST_ARGS in .github/workflows/pre-review.yml under unitTests.env to align with surrounding keys. Signed-off-by: mykim <kimminyong2034@gmail.com> * feat: Improve version metadata null-safety and bump NullAway to 0.13.1 Signed-off-by: mykim <kimminyong2034@gmail.com> * chroe: Add jspecify compileOnly dependency Add org.jspecify:jspecify as a compileOnly dependency to util/build.gradle. This brings JSpecify annotations into the module for static nullness/type-checking without introducing a runtime dependency. Signed-off-by: mykim <kimminyong2034@gmail.com> * feat: Use shortVersion() and improve StackTraceMatchFilter Update acceptance tests to call BesuVersionUtils.shortVersion() directly instead of using orElse("unknown"). In StackTraceMatchFilter, mark the Throwable parameter as @nullable and simplify toString() to return stackContains directly. These changes clarify nullability and streamline version usage/representation. Signed-off-by: mykim <kimminyong2034@gmail.com> * docs: Fix Javadoc reference for UNKNOWN constant Update Javadoc in util/src/main/java/org/hyperledger/besu/util/BesuVersionUtils.java to use {@value #UNKNOWN} instead of {@value UNKNOWN} in shortVersion() and commit() docs so the UNKNOWN field is referenced correctly. No behavioral changes. Signed-off-by: mykim <kimminyong2034@gmail.com> * chroe: Remove old verification metadata entries Delete verification-metadata entries for com.uber.nullaway:nullaway:0.12.4 and org.checkerframework:dataflow-nullaway:3.48.0 (their artifact SHA entries were removed). These versions are superseded in the file by nullaway:0.13.1 and dataflow-nullaway:3.53.0, so the stale metadata was cleaned up. Signed-off-by: mykim <kimminyong2034@gmail.com> * Merge pull request #7 from Apisapple/feature/nullaway-util Feature/nullaway util Signed-off-by: mykim <kimminyong2034@gmail.com> * Use UNKNOWN constant in version regex tests Replace hardcoded "UNKNOWN" literal in regex assertions with BesuVersionUtils.UNKNOWN constant in three unit tests (versionStringIsEthstatsFriendly, noIdentityNodeNameIsEthstatsFriendly, userIdentityNodeNameIsEthstatsFriendly) in BesuVersionUtilsTest. This keeps the tests consistent with the source constant and avoids duplicating the literal value; no behavioral change. Signed-off-by: mykim <kimminyong2034@gmail.com> * Use BesuVersionUtils.UNKNOWN constant Remove the local BESU_VERSION_UNKNOWN constant and use BesuVersionUtils.UNKNOWN instead. Simplify getRuntimeVersionString() to return BesuVersionUtils.shortVersion() directly, construct VersionMetadata with BesuVersionUtils.UNKNOWN on FileNotFoundException, and compare metadata versions against BesuVersionUtils.UNKNOWN. Centralizes the unknown-version sentinel in BesuVersionUtils. Signed-off-by: mykim <kimminyong2034@gmail.com> * docs: Clarify rootCause javadoc null behavior Update Javadoc for ExceptionUtils.rootCause to state it returns the root cause or {@code null} when the input throwable is {@code null}. This documents the method's existing behavior, which already returns null for a null input. Signed-off-by: mykim <kimminyong2034@gmail.com> * style: Wrap long regex in BesuVersionUtilsTest Reformat the long regex in userIdentityNodeNameIsEthstatsFriendly test to improve readability by splitting the string across lines. This is a purely formatting change in util/src/test/java/org/hyperledger/besu/util/BesuVersionUtilsTest.java and does not alter test behavior. Signed-off-by: mykim <kimminyong2034@gmail.com> * chore: Use compileOnlyApi for jspecify dependency Replace compileOnly with compileOnlyApi for org.jspecify:jspecify in util/build.gradle so jspecify annotations are exposed on the compile classpath to consumers of this module. This ensures downstream modules compiling against this artifact can see the jspecify types without packaging the dependency. Signed-off-by: mykim <kimminyong2034@gmail.com> * feat: Quote UNKNOWN in version regex tests Use Pattern.quote(BesuVersionUtils.UNKNOWN) in regex assertions to ensure the UNKNOWN token is matched literally and not treated as a regex. Added import java.util.regex.Pattern and updated three assertions in BesuVersionUtilsTest (versionStringIsEthstatsFriendly, noIdentityNodeNameIsEthstatsFriendly, userIdentityNodeNameIsEthstatsFriendly) to avoid accidental regex interpretation and potential test flakiness. Signed-off-by: mykim <kimminyong2034@gmail.com> * style: Apply Spotless formatting Apply Spotless formatting Signed-off-by: mykim <kimminyong2034@gmail.com> --------- Signed-off-by: Mykim <38449976+Apisapple@users.noreply.github.com> Signed-off-by: mykim <kimminyong2034@gmail.com> Co-authored-by: Simon Dudley <simon.dudley@consensys.net> * Layered txpool: enable balance check by default (#10175) Signed-off-by: Fabio Di Fabio <fabio.difabio@consensys.net> Co-authored-by: Justin Florentine <justin+github@florentine.us> * remove pre EIP8 handshake support (#10257) Signed-off-by: stefan.pingel@consensys.net <stefan.pingel@consensys.net> Co-authored-by: Justin Florentine <justin+github@florentine.us> * Minor Mulmod v2 refactor (#10253) * Refactor stack index logic * Refactor test helper * Remove redundant stack param * Inline mulmod method --------- Signed-off-by: Simon Dudley <simon.dudley@consensys.net> * Increase disconnect await timeout in flaky P2P rejection tests (#10267) Under full test suite load, the multi-hop async disconnect path (local denies inbound → TCP close → remote Netty event loop → subscriber callback) can exceed 5s due to thread pool contention. Raise peerFuture/reasonFuture timeouts to 30s in P2PNetworkTest and P2PPlainNetworkTest to tolerate CI load without masking bugs. Signed-off-by: Simon Dudley <simon.dudley@consensys.net> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> * Include slotNumber in payloadIdentifier generation (#10242) Signed-off-by: Fabio Di Fabio <fabio.difabio@consensys.net> Co-authored-by: Usman Saleem <usman@usmans.info> * Update Gradle plugin for Besu plugin development to 0.2.0 (#10263) Signed-off-by: Fabio Di Fabio <fabio.difabio@consensys.net> * Change block access list index to uint32 (#10279) Signed-off-by: Karim Taam <karim.t2am@gmail.com> * SystemCallProcessor: remove duplicate logging (#10152) * remove duplicate logging Signed-off-by: Sally MacFarlane <macfarla.github@gmail.com> --------- Signed-off-by: Sally MacFarlane <macfarla.github@gmail.com> * EVMv2 AddOperationV2 (#10255) * AddOperationV2 Signed-off-by: Simon Dudley <simon.dudley@consensys.net> * AddOperationV2Test: structural coverage Drop redundant arithmetic cases (covered by UInt256PropertyBasedTest) and focus on structural concerns: stack arity, limb-level read/write wiring, 256-bit wrap, deep-slot preservation, and gas cost. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> Signed-off-by: Simon Dudley <simon.dudley@consensys.net> * Optimize for JIT Signed-off-by: Luis Pinto <luis.pinto@consensys.net> * Address review comments Don't mutate top Don't use fromHexStringLenient Signed-off-by: Simon Dudley <simon.dudley@consensys.net> --------- Signed-off-by: Simon Dudley <simon.dudley@consensys.net> Signed-off-by: Luis Pinto <luis.pinto@consensys.net> Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com> Co-authored-by: Luis Pinto <luis.pinto@consensys.net> * [CHANGELOG] add unreleased section (#10286) Signed-off-by: Sally MacFarlane <macfarla.github@gmail.com> * Enforce that blob_versioned_hashes match blobs (#10278) Signed-off-by: Fabio Di Fabio <fabio.difabio@consensys.net> * Implement BaseFee, blobBaseFee, CallValue, GasPrice, Balance and SelfBalance for EVM v2 (#10229) * Migrate wei operations to EVM v2 (first commit) Signed-off-by: Ameziane H. <ameziane.hamlat@consensys.net> * Update SelfBalance benchmarks Signed-off-by: Ameziane H. <ameziane.hamlat@consensys.net> * spotless Signed-off-by: Ameziane H. <ameziane.hamlat@consensys.net> * Address comments. Signed-off-by: Ameziane H. <ameziane.hamlat@consensys.net> * Add Javadoc Signed-off-by: Ameziane H. <ameziane.hamlat@consensys.net> * Add unit tests Signed-off-by: Ameziane H. <ameziane.hamlat@consensys.net> * spotless Signed-off-by: Ameziane H. <ameziane.hamlat@consensys.net> * Update datatypes/src/main/java/org/hyperledger/besu/datatypes/Wei.java Co-authored-by: Simon Dudley <simon.dudley@consensys.net> Signed-off-by: ahamlat <ameziane.hamlat@consensys.net> * Update evm/src/main/java/org/hyperledger/besu/evm/frame/MessageFrame.java Co-authored-by: Simon Dudley <simon.dudley@consensys.net> Signed-off-by: ahamlat <ameziane.hamlat@consensys.net> * Update evm/src/main/java/org/hyperledger/besu/evm/frame/MessageFrame.java Co-authored-by: Simon Dudley <simon.dudley@consensys.net> Signed-off-by: ahamlat <ameziane.hamlat@consensys.net> * Update datatypes/src/main/java/org/hyperledger/besu/datatypes/Wei.java Co-authored-by: Simon Dudley <simon.dudley@consensys.net> Signed-off-by: ahamlat <ameziane.hamlat@consensys.net> * Apply refactoring changes Signed-off-by: Ameziane H. <ameziane.hamlat@consensys.net> * remove basefee field Signed-off-by: Ameziane H. <ameziane.hamlat@consensys.net> * Fix merge issue Signed-off-by: Ameziane H. <ameziane.hamlat@consensys.net> * Address more comments Signed-off-by: Ameziane H. <ameziane.hamlat@consensys.net> * Remove not used field Signed-off-by: Ameziane H. <ameziane.hamlat@consensys.net> * spotless Signed-off-by: Ameziane H. <ameziane.hamlat@consensys.net> * Undo Balance operation change and add more unit tests Signed-off-by: Ameziane H. <ameziane.hamlat@consensys.net> * Update AddOperationV2 after merge with main Signed-off-by: Ameziane H. <ameziane.hamlat@consensys.net> --------- Signed-off-by: Ameziane H. <ameziane.hamlat@consensys.net> Signed-off-by: ahamlat <ameziane.hamlat@consensys.net> Co-authored-by: Simon Dudley <simon.dudley@consensys.net> --------- Signed-off-by: Karim Taam <karim.t2am@gmail.com> Signed-off-by: Simon Dudley <simon.dudley@consensys.net> Signed-off-by: Roman <4833306+Filter94@users.noreply.github.com> Signed-off-by: Mykim <38449976+Apisapple@users.noreply.github.com> Signed-off-by: mykim <kimminyong2034@gmail.com> Signed-off-by: Fabio Di Fabio <fabio.difabio@consensys.net> Signed-off-by: stefan.pingel@consensys.net <stefan.pingel@consensys.net> Signed-off-by: Sally MacFarlane <macfarla.github@gmail.com> Signed-off-by: Luis Pinto <luis.pinto@consensys.net> Signed-off-by: Ameziane H. <ameziane.hamlat@consensys.net> Signed-off-by: ahamlat <ameziane.hamlat@consensys.net> Co-authored-by: Karim Taam <karim.t2am@gmail.com> Co-authored-by: Simon Dudley <simon.dudley@consensys.net> Co-authored-by: Roman Vaseev <4833306+Filter94@users.noreply.github.com> Co-authored-by: garyschulte <garyschulte@gmail.com> Co-authored-by: Mykim <kimminyong2034@gmail.com> Co-authored-by: Fabio Di Fabio <fabio.difabio@consensys.net> Co-authored-by: Justin Florentine <justin+github@florentine.us> Co-authored-by: Stefan Pingel <16143240+pinges@users.noreply.github.com> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> Co-authored-by: Usman Saleem <usman@usmans.info> Co-authored-by: Sally MacFarlane <macfarla.github@gmail.com> Co-authored-by: Luis Pinto <luis.pinto@consensys.net> Co-authored-by: ahamlat <ameziane.hamlat@consensys.net>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
PR description
Motivation
EIP-8 was introduced with the Homestead hard fork in March 2016. Geth ethereum/go-ethereum#22899, noting that no actively maintained client sends this format. Nethermind, Erigon, and Reth all only support EIP-8. Besu was the last major client still carrying this dead code path.
Removing V1 simplifies the handshake logic — the ECIESHandshaker no longer needs the version4 flag, the try-V4-then-fallback-to-V1 decryption dance, or the V1 message classes. The EIP-8 size-prefix framing is now assumed unconditionally.