5eaaa83ac1
There are only a few uses of `insecure_random` outside the tests. This PR replaces uses of insecure_random (and its accompanying global state) in the core code with an FastRandomContext that is automatically seeded on creation. This is meant to be used for inner loops. The FastRandomContext can be in the outer scope, or the class itself, then rand32() is used inside the loop. Useful e.g. for pushing addresses in CNode or the fee rounding, or randomization for coin selection. As a context is created per purpose, thus it gets rid of cross-thread unprotected shared usage of a single set of globals, this should also get rid of the potential race conditions. - I'd say TxMempool::check is not called enough to warrant using a special fast random context, this is switched to GetRand() (open for discussion...) - The use of `insecure_rand` in ConnectThroughProxy has been replaced by an atomic integer counter. The only goal here is to have a different credentials pair for each connection to go on a different Tor circuit, it does not need to be random nor unpredictable. - To avoid having a FastRandomContext on every CNode, the context is passed into PushAddress as appropriate. There remains an insecure_random for test usage in `test_random.h`.
50 lines
1.3 KiB
C++
50 lines
1.3 KiB
C++
// Copyright (c) 2009-2010 Satoshi Nakamoto
|
|
// Copyright (c) 2009-2014 The Bitcoin Core developers
|
|
// Distributed under the MIT software license, see the accompanying
|
|
// file COPYING or http://www.opensource.org/licenses/mit-license.php.
|
|
|
|
#ifndef BITCOIN_RANDOM_H
|
|
#define BITCOIN_RANDOM_H
|
|
|
|
#include "uint256.h"
|
|
|
|
#include <stdint.h>
|
|
|
|
/* Seed OpenSSL PRNG with additional entropy data */
|
|
void RandAddSeed();
|
|
|
|
/**
|
|
* Functions to gather random data via the OpenSSL PRNG
|
|
*/
|
|
void GetRandBytes(unsigned char* buf, int num);
|
|
uint64_t GetRand(uint64_t nMax);
|
|
int GetRandInt(int nMax);
|
|
uint256 GetRandHash();
|
|
|
|
/**
|
|
* Function to gather random data from multiple sources, failing whenever any
|
|
* of those source fail to provide a result.
|
|
*/
|
|
void GetStrongRandBytes(unsigned char* buf, int num);
|
|
|
|
/**
|
|
* Fast randomness source. This is seeded once with secure random data, but
|
|
* is completely deterministic and insecure after that.
|
|
* This class is not thread-safe.
|
|
*/
|
|
class FastRandomContext {
|
|
public:
|
|
explicit FastRandomContext(bool fDeterministic=false);
|
|
|
|
uint32_t rand32() {
|
|
Rz = 36969 * (Rz & 65535) + (Rz >> 16);
|
|
Rw = 18000 * (Rw & 65535) + (Rw >> 16);
|
|
return (Rw << 16) + Rz;
|
|
}
|
|
|
|
uint32_t Rz;
|
|
uint32_t Rw;
|
|
};
|
|
|
|
#endif // BITCOIN_RANDOM_H
|