From 001a53d7427dcbcceef3c6754d9cca19df6dafa1 Mon Sep 17 00:00:00 2001 From: Philip Kaufmann Date: Tue, 24 Jun 2014 14:27:32 +0200 Subject: [PATCH] add GetRandBytes() as wrapper for RAND_bytes() - add a small wrapper in util around RAND_bytes() and replace with GetRandBytes() in the code to log errors from calling RAND_bytes() - remove OpenSSL header rand.h where no longer needed --- src/addrman.h | 4 +--- src/key.cpp | 10 ++++------ src/main.cpp | 2 +- src/net.cpp | 4 ++-- src/rpcserver.cpp | 2 +- src/util.cpp | 29 ++++++++++++++++------------- src/util.h | 1 + src/wallet.cpp | 9 +++++---- 8 files changed, 31 insertions(+), 30 deletions(-) diff --git a/src/addrman.h b/src/addrman.h index c4c296560..c012e3dee 100644 --- a/src/addrman.h +++ b/src/addrman.h @@ -16,8 +16,6 @@ #include #include -#include - /** Extended statistics about a CAddress */ class CAddrInfo : public CAddress { @@ -384,7 +382,7 @@ public: CAddrMan() : vRandom(0), vvTried(ADDRMAN_TRIED_BUCKET_COUNT, std::vector(0)), vvNew(ADDRMAN_NEW_BUCKET_COUNT, std::set()) { nKey.resize(32); - RAND_bytes(&nKey[0], 32); + GetRandBytes(&nKey[0], 32); nIdCount = 0; nTried = 0; diff --git a/src/key.cpp b/src/key.cpp index 3c4fa77e7..a253f8666 100644 --- a/src/key.cpp +++ b/src/key.cpp @@ -1,11 +1,11 @@ -// Copyright (c) 2009-2013 The Bitcoin developers +// Copyright (c) 2009-2014 The Bitcoin developers // Distributed under the MIT/X11 software license, see the accompanying // file COPYING or http://www.opensource.org/licenses/mit-license.php. #include "key.h" #include "crypto/sha2.h" -#include +#include "random.h" #ifdef USE_SECP256K1 #include @@ -194,7 +194,7 @@ public: if (d2i_ECPrivateKey(&pkey, &pbegin, privkey.size())) { if(fSkipCheck) return true; - + // d2i_ECPrivateKey returns true if parsing succeeds. // This doesn't necessarily mean the key is valid. if (EC_KEY_check_key(pkey)) @@ -412,7 +412,7 @@ bool CKey::CheckSignatureElement(const unsigned char *vch, int len, bool half) { void CKey::MakeNewKey(bool fCompressedIn) { do { - RAND_bytes(vch, sizeof(vch)); + GetRandBytes(vch, sizeof(vch)); } while (!Check(vch)); fValid = true; fCompressed = fCompressedIn; @@ -745,5 +745,3 @@ bool ECC_InitSanityCheck() { return true; #endif } - - diff --git a/src/main.cpp b/src/main.cpp index a9c080ffa..8225d73d8 100644 --- a/src/main.cpp +++ b/src/main.cpp @@ -4370,7 +4370,7 @@ bool SendMessages(CNode* pto, bool fSendTrickle) if (pingSend) { uint64_t nonce = 0; while (nonce == 0) { - RAND_bytes((unsigned char*)&nonce, sizeof(nonce)); + GetRandBytes((unsigned char*)&nonce, sizeof(nonce)); } pto->fPingQueued = false; pto->nPingUsecStart = GetTimeMicros(); diff --git a/src/net.cpp b/src/net.cpp index 6a660dc9b..0e663aea8 100644 --- a/src/net.cpp +++ b/src/net.cpp @@ -546,7 +546,7 @@ void CNode::PushVersion() int64_t nTime = (fInbound ? GetAdjustedTime() : GetTime()); CAddress addrYou = (addr.IsRoutable() && !IsProxy(addr) ? addr : CAddress(CService("0.0.0.0",0))); CAddress addrMe = GetLocalAddress(&addr); - RAND_bytes((unsigned char*)&nLocalHostNonce, sizeof(nLocalHostNonce)); + GetRandBytes((unsigned char*)&nLocalHostNonce, sizeof(nLocalHostNonce)); if (fLogIPs) LogPrint("net", "send version message: version %d, blocks=%d, us=%s, them=%s, peer=%d\n", PROTOCOL_VERSION, nBestHeight, addrMe.ToString(), addrYou.ToString(), id); else @@ -1931,7 +1931,7 @@ bool CAddrDB::Write(const CAddrMan& addr) { // Generate random temporary filename unsigned short randv = 0; - RAND_bytes((unsigned char *)&randv, sizeof(randv)); + GetRandBytes((unsigned char*)&randv, sizeof(randv)); std::string tmpfn = strprintf("peers.dat.%04x", randv); // serialize addresses, checksum data up to that point, then append csum diff --git a/src/rpcserver.cpp b/src/rpcserver.cpp index 18fa07510..e0c96d88f 100644 --- a/src/rpcserver.cpp +++ b/src/rpcserver.cpp @@ -531,7 +531,7 @@ void StartRPCThreads() (mapArgs["-rpcuser"] == mapArgs["-rpcpassword"])) && Params().RequireRPCPassword()) { unsigned char rand_pwd[32]; - RAND_bytes(rand_pwd, 32); + GetRandBytes(rand_pwd, 32); string strWhatAmI = "To use bitcoind"; if (mapArgs.count("-server")) strWhatAmI = strprintf(_("To use the %s option"), "\"-server\""); diff --git a/src/util.cpp b/src/util.cpp index 91ac8833d..8f2a1bd73 100644 --- a/src/util.cpp +++ b/src/util.cpp @@ -69,6 +69,7 @@ #include #include #include +#include #include // Work around clang compilation problem in Boost 1.46: @@ -141,12 +142,14 @@ public: } instance_of_cinit; - - - - - - +bool GetRandBytes(unsigned char *buf, int num) +{ + if (RAND_bytes(buf, num) == 0) { + LogPrint("rand", "%s : OpenSSL RAND_bytes() failed with error: %s\n", __func__, ERR_error_string(ERR_get_error(), NULL)); + return false; + } + return true; +} void RandAddSeed() { @@ -207,9 +210,9 @@ uint64_t GetRand(uint64_t nMax) // to give every possible output value an equal possibility uint64_t nRange = (std::numeric_limits::max() / nMax) * nMax; uint64_t nRand = 0; - do - RAND_bytes((unsigned char*)&nRand, sizeof(nRand)); - while (nRand >= nRange); + do { + GetRandBytes((unsigned char*)&nRand, sizeof(nRand)); + } while (nRand >= nRange); return (nRand % nMax); } @@ -221,7 +224,7 @@ int GetRandInt(int nMax) uint256 GetRandHash() { uint256 hash; - RAND_bytes((unsigned char*)&hash, sizeof(hash)); + GetRandBytes((unsigned char*)&hash, sizeof(hash)); return hash; } @@ -1196,18 +1199,18 @@ uint32_t insecure_rand_Rz = 11; uint32_t insecure_rand_Rw = 11; void seed_insecure_rand(bool fDeterministic) { - //The seed values have some unlikely fixed points which we avoid. + // The seed values have some unlikely fixed points which we avoid. if(fDeterministic) { insecure_rand_Rz = insecure_rand_Rw = 11; } else { uint32_t tmp; do { - RAND_bytes((unsigned char*)&tmp, 4); + GetRandBytes((unsigned char*)&tmp, 4); } while(tmp == 0 || tmp == 0x9068ffffU); insecure_rand_Rz = tmp; do { - RAND_bytes((unsigned char*)&tmp, 4); + GetRandBytes((unsigned char*)&tmp, 4); } while(tmp == 0 || tmp == 0x464fffffU); insecure_rand_Rw = tmp; } diff --git a/src/util.h b/src/util.h index 60db71bfd..d0108ee77 100644 --- a/src/util.h +++ b/src/util.h @@ -103,6 +103,7 @@ extern bool fLogTimestamps; extern bool fLogIPs; extern volatile bool fReopenDebugLog; +bool GetRandBytes(unsigned char *buf, int num); void RandAddSeed(); void RandAddSeedPerfmon(); void SetupEnvironment(); diff --git a/src/wallet.cpp b/src/wallet.cpp index a54494f93..d61f01d09 100644 --- a/src/wallet.cpp +++ b/src/wallet.cpp @@ -12,7 +12,6 @@ #include "timedata.h" #include -#include using namespace std; @@ -384,13 +383,15 @@ bool CWallet::EncryptWallet(const SecureString& strWalletPassphrase) RandAddSeedPerfmon(); vMasterKey.resize(WALLET_CRYPTO_KEY_SIZE); - RAND_bytes(&vMasterKey[0], WALLET_CRYPTO_KEY_SIZE); + if (!GetRandBytes(&vMasterKey[0], WALLET_CRYPTO_KEY_SIZE)) + return false; CMasterKey kMasterKey; - RandAddSeedPerfmon(); + kMasterKey.vchSalt.resize(WALLET_CRYPTO_SALT_SIZE); - RAND_bytes(&kMasterKey.vchSalt[0], WALLET_CRYPTO_SALT_SIZE); + if (!GetRandBytes(&kMasterKey.vchSalt[0], WALLET_CRYPTO_SALT_SIZE)) + return false; CCrypter crypter; int64_t nStartTime = GetTimeMillis();