Commit graph

58 commits

Author SHA1 Message Date
Pieter Wuille
2d1cc50939 Don't log RandAddSeedPerfmon details
These are hard to deal with, as in a follow-up this function can get
called before the logging infrastructure is initialized.
2019-01-16 15:08:03 -08:00
Pieter Wuille
e414486d56 Do not permit copying FastRandomContexts 2018-12-12 14:28:16 -08:00
Pieter Wuille
8d98d42611 Bugfix: randbytes should seed when needed (non reachable issue) 2018-12-12 14:22:12 -08:00
Jim Posen
2068f089c8 scripted-diff: Move util files to separate directory.
-BEGIN VERIFY SCRIPT-
mkdir -p src/util
git mv src/util.h src/util/system.h
git mv src/util.cpp src/util/system.cpp
git mv src/utilmemory.h src/util/memory.h
git mv src/utilmoneystr.h src/util/moneystr.h
git mv src/utilmoneystr.cpp src/util/moneystr.cpp
git mv src/utilstrencodings.h src/util/strencodings.h
git mv src/utilstrencodings.cpp src/util/strencodings.cpp
git mv src/utiltime.h src/util/time.h
git mv src/utiltime.cpp src/util/time.cpp

sed -i 's/<util\.h>/<util\/system\.h>/g' $(git ls-files 'src/*.h' 'src/*.cpp')
sed -i 's/<utilmemory\.h>/<util\/memory\.h>/g' $(git ls-files 'src/*.h' 'src/*.cpp')
sed -i 's/<utilmoneystr\.h>/<util\/moneystr\.h>/g' $(git ls-files 'src/*.h' 'src/*.cpp')
sed -i 's/<utilstrencodings\.h>/<util\/strencodings\.h>/g' $(git ls-files 'src/*.h' 'src/*.cpp')
sed -i 's/<utiltime\.h>/<util\/time\.h>/g' $(git ls-files 'src/*.h' 'src/*.cpp')

sed -i 's/BITCOIN_UTIL_H/BITCOIN_UTIL_SYSTEM_H/g' src/util/system.h
sed -i 's/BITCOIN_UTILMEMORY_H/BITCOIN_UTIL_MEMORY_H/g' src/util/memory.h
sed -i 's/BITCOIN_UTILMONEYSTR_H/BITCOIN_UTIL_MONEYSTR_H/g' src/util/moneystr.h
sed -i 's/BITCOIN_UTILSTRENCODINGS_H/BITCOIN_UTIL_STRENCODINGS_H/g' src/util/strencodings.h
sed -i 's/BITCOIN_UTILTIME_H/BITCOIN_UTIL_TIME_H/g' src/util/time.h

sed -i 's/ util\.\(h\|cpp\)/ util\/system\.\1/g' src/Makefile.am
sed -i 's/utilmemory\.\(h\|cpp\)/util\/memory\.\1/g' src/Makefile.am
sed -i 's/utilmoneystr\.\(h\|cpp\)/util\/moneystr\.\1/g' src/Makefile.am
sed -i 's/utilstrencodings\.\(h\|cpp\)/util\/strencodings\.\1/g' src/Makefile.am
sed -i 's/utiltime\.\(h\|cpp\)/util\/time\.\1/g' src/Makefile.am

sed -i 's/-> util ->/-> util\/system ->/' test/lint/lint-circular-dependencies.sh
sed -i 's/src\/util\.cpp/src\/util\/system\.cpp/g' test/lint/lint-format-strings.py test/lint/lint-locale-dependence.sh
sed -i 's/src\/utilmoneystr\.cpp/src\/util\/moneystr\.cpp/g' test/lint/lint-locale-dependence.sh
sed -i 's/src\/utilstrencodings\.\(h\|cpp\)/src\/util\/strencodings\.\1/g' test/lint/lint-locale-dependence.sh
sed -i 's/src\\utilstrencodings\.cpp/src\\util\\strencodings\.cpp/' build_msvc/libbitcoinconsensus/libbitcoinconsensus.vcxproj
-END VERIFY SCRIPT-
2018-11-04 22:46:07 -08:00
Russell Yanofsky
190bf62be1 scripted-diff: Small locking rename
Call sync.h primitives "locks" and "mutexes" instead of "blocks" and "waitable
critical sections" to match current coding conventions and c++11 standard
names.

This PR does not rename the "CCriticalSection" class (though this could be done
as a followup) because it is used everywhere and would swamp the other changes
in this PR. Plain mutexes should mostly be preferred instead of recursive
mutexes in new code anyway.

-BEGIN VERIFY SCRIPT-
set -x
set -e
ren() { git grep -l $1 | xargs sed -i s/$1/$2/; }
ren CCriticalBlock           UniqueLock
ren CWaitableCriticalSection Mutex
ren CConditionVariable       std::condition_variable
ren cs_GenesisWait           g_genesis_wait_mutex
ren condvar_GenesisWait      g_genesis_wait_cv
perl -0777 -pi -e 's/.*typedef.*condition_variable.*\n\n?//g' src/sync.h
-END VERIFY SCRIPT-
2018-08-31 10:00:38 -04:00
Wladimir J. van der Laan
385ad11040
Merge #11640: Make LOCK, LOCK2, TRY_LOCK work with CWaitableCriticalSection
9c4dc597dd Use LOCK macros for non-recursive locks (Russell Yanofsky)
1382913e61 Make LOCK, LOCK2, TRY_LOCK work with CWaitableCriticalSection (Russell Yanofsky)
ba1f095aad MOVEONLY Move AnnotatedMixin declaration (Russell Yanofsky)
41b88e9337 Add unit test for DEBUG_LOCKORDER code (Russell Yanofsky)

Pull request description:

  Make LOCK macros work with non-recursive mutexes, and use wherever possible for better deadlock detection.

  Also add unit test for DEBUG_LOCKORDER code.

Tree-SHA512: 64ef209307f28ecd0813a283f15c6406138c6ffe7f6cbbd084161044db60e2c099a7d0d2edcd1c5e7770a115e9b931b486e86c9a777bdc96d2e8a9f4dc192942
2018-08-31 16:00:38 +02:00
Russell Yanofsky
9c4dc597dd Use LOCK macros for non-recursive locks
Instead of std::unique_lock.
2018-08-03 07:11:37 -05:00
DrahtBot
eb7daf4d60 Update copyright headers to 2018 2018-07-27 07:15:02 -04:00
Wladimir J. van der Laan
c865ee1e73 Fix FreeBSD build by including utilstrencodings.h
`random.cpp` needs to explicitly include `utilstrencodings.h` to get
`ARRAYLEN`. This fixes the FreeBSD build.

This was broken in 84f41946b9.
2018-05-24 09:51:47 +02:00
Chun Kuan Lee
84f41946b9 break circular dependency: random/sync -> util -> random/sync 2018-05-17 08:13:54 +00:00
practicalswift
c3f34d06be Make it clear which functions that are intended to be translation unit local
Do not share functions that are meant to be translation unit local with
other translation units. Use internal linkage for those consistently.
2018-05-03 21:47:40 +02:00
practicalswift
280023f31d Remove duplicate includes 2018-04-09 09:18:49 +02:00
Akira Takizawa
595a7bab23 Increment MIT Licence copyright header year on files modified in 2017 2018-01-03 02:26:56 +09:00
MeshCollider
1a445343f6 scripted-diff: Replace #include "" with #include <> (ryanofsky)
-BEGIN VERIFY SCRIPT-
for f in \
  src/*.cpp \
  src/*.h \
  src/bench/*.cpp \
  src/bench/*.h \
  src/compat/*.cpp \
  src/compat/*.h \
  src/consensus/*.cpp \
  src/consensus/*.h \
  src/crypto/*.cpp \
  src/crypto/*.h \
  src/crypto/ctaes/*.h \
  src/policy/*.cpp \
  src/policy/*.h \
  src/primitives/*.cpp \
  src/primitives/*.h \
  src/qt/*.cpp \
  src/qt/*.h \
  src/qt/test/*.cpp \
  src/qt/test/*.h \
  src/rpc/*.cpp \
  src/rpc/*.h \
  src/script/*.cpp \
  src/script/*.h \
  src/support/*.cpp \
  src/support/*.h \
  src/support/allocators/*.h \
  src/test/*.cpp \
  src/test/*.h \
  src/wallet/*.cpp \
  src/wallet/*.h \
  src/wallet/test/*.cpp \
  src/wallet/test/*.h \
  src/zmq/*.cpp \
  src/zmq/*.h
do
  base=${f%/*}/ relbase=${base#src/} sed -i "s:#include \"\(.*\)\"\(.*\):if test -e \$base'\\1'; then echo \"#include <\"\$relbase\"\\1>\\2\"; else echo \"#include <\\1>\\2\"; fi:e" $f
done
-END VERIFY SCRIPT-
2017-11-16 08:23:01 +13:00
Wladimir J. van der Laan
2ab7c6300f
Merge #10843: Add attribute [[noreturn]] (C++11) to functions that will not return
b82c55a Add attribute [[noreturn]] (C++11) to functions that will not return (practicalswift)

Pull request description:

  Add attribute `[[noreturn]]` (C++11) to functions that will not return.

  Rationale:
  * Reduce the number of false positives/false negatives from static analyzers with regards to things such as unused or unreachable code
  * Potentially enable additional compiler optimizations

Tree-SHA512: 899683fe8b2fcf19bd334352271d368b46b805be9d426aac1808335fd95732d6d7078d3296951b9879196f3f6e3ec0fdb7695d0afdc3fbe4dd78a2ca70e91ff7
2017-08-22 09:38:49 +02:00
practicalswift
bea8e9e66e Document the preference of nullptr over NULL or (void*)0 2017-08-18 09:51:00 +02:00
Wladimir J. van der Laan
ce74799a3c
Merge #10483: scripted-diff: Use the C++11 keyword nullptr to denote the pointer literal instead of the macro NULL
90d4d89 scripted-diff: Use the C++11 keyword nullptr to denote the pointer literal instead of the macro NULL (practicalswift)

Pull request description:

  Since C++11 the macro `NULL` may be:
  * an integer literal with value zero, or
  * a prvalue of type `std::nullptr_t`

  By using the C++11 keyword `nullptr` we are guaranteed a prvalue of type `std::nullptr_t`.

  For a more thorough discussion, see "A name for the null pointer: nullptr" (Sutter &
  Stroustrup), http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2007/n2431.pdf

  With this patch applied there are no `NULL` macro usages left in the repo:

  ```
  $ git grep NULL -- "*.cpp" "*.h" | egrep -v '(/univalue/|/secp256k1/|/leveldb/|_NULL|NULLDUMMY|torcontrol.*NULL|NULL cert)' | wc -l
  0
  ```

  The road towards `nullptr` (C++11) is split into two PRs:
  * `NULL` → `nullptr` is handled in PR #10483 (scripted, this PR)
  * `0` → `nullptr` is handled in PR #10645 (manual)

Tree-SHA512: 3c395d66f2ad724a8e6fed74b93634de8bfc0c0eafac94e64e5194c939499fefd6e68f047de3083ad0b4eff37df9a8a3a76349aa17d55eabbd8e0412f140a297
2017-08-14 16:30:59 +02:00
practicalswift
90d4d89230 scripted-diff: Use the C++11 keyword nullptr to denote the pointer literal instead of the macro NULL
-BEGIN VERIFY SCRIPT-
sed -i 's/\<NULL\>/nullptr/g' src/*.cpp src/*.h src/*/*.cpp src/*/*.h src/qt/*/*.cpp src/qt/*/*.h src/wallet/*/*.cpp src/wallet/*/*.h src/support/allocators/*.h
sed -i 's/Prefer nullptr, otherwise SAFECOOKIE./Prefer NULL, otherwise SAFECOOKIE./g' src/torcontrol.cpp
sed -i 's/tor: Using nullptr authentication/tor: Using NULL authentication/g' src/torcontrol.cpp
sed -i 's/METHODS=nullptr/METHODS=NULL/g' src/test/torcontrol_tests.cpp src/torcontrol.cpp
sed -i 's/nullptr certificates/NULL certificates/g' src/qt/paymentserver.cpp
sed -i 's/"nullptr"/"NULL"/g' src/torcontrol.cpp src/test/torcontrol_tests.cpp
-END VERIFY SCRIPT-
2017-08-07 07:36:37 +02:00
James Hilliard
ee2d10ad0c Check if sys/random.h is required for getentropy on OSX. 2017-07-27 15:34:09 +03:00
Cory Fields
077d01f2fc random: only use getentropy on openbsd 2017-07-17 13:14:53 -04:00
practicalswift
b82c55af78 Add attribute [[noreturn]] (C++11) to functions that will not return
Rationale:
* Reduce the number of false positives from static analyzers
* Potentially enable additional compiler optimizations
2017-07-17 18:46:18 +02:00
Wladimir J. van der Laan
8bc6d1f179
Merge #10837: Fix resource leak on error in GetDevURandom
a8ae0b2 Fix resource leak (Dag Robole)

Pull request description:

  Fixes a potential file handle leak when size of entropy is invalid

Tree-SHA512: 692d24daaf370bba1f842925b037275126f9494f54769650bcf5829c794a0fb8561a86f42347bdf088a484e4f107bce7fa14cd7bdbfb4ecfbeb51968953da3ae
2017-07-17 13:14:09 +02:00
Dag Robole
a8ae0b252a Fix resource leak 2017-07-15 21:34:52 +02:00
Pieter Wuille
674848fe1c Clarify entropy source 2017-07-14 12:17:33 -07:00
Pieter Wuille
a9e82f6512 Use cpuid intrinsics instead of asm code 2017-07-13 16:43:05 -07:00
Cory Fields
9af207c810 random: fix crash on some 64bit platforms
rbx needs to be stashed in a 64bit register on 64bit platforms. With this crash
in particular, it was holding a stack canary which was not properly restored
after the cpuid.

Split out the x86+PIC case so that x86_64 doesn't have to worry about it.
2017-06-16 15:19:15 -04:00
Wladimir J. van der Laan
b63be2c685
Merge #10377: Use rdrand as entropy source on supported platforms
cb24c85 Use rdrand as entropy source on supported platforms (Pieter Wuille)

Tree-SHA512: c42eaa01a14e6bc097c70b6bf8540d61854c2f76cb32be69c2a3c411a126f7b4bf4a4486e4493c4cc367cc689319abde0d4adb799d29a54fd3e81767ce0766fc
2017-06-14 15:22:15 +02:00
Pieter Wuille
cb24c8539d Use rdrand as entropy source on supported platforms 2017-06-13 17:02:05 -07:00
Pieter Wuille
37e864eb9f Add FastRandomContext::rand256() and ::randbytes()
FastRandomContext now provides all functionality that the real Rand* functions
provide.
2017-06-05 12:44:44 -07:00
Matt Corallo
888cce57a6 Add perf counter data to GetStrongRandBytes state in scheduler 2017-05-22 16:01:52 -04:00
Matt Corallo
399fb8f2d0 Add internal method to add new random data to our internal RNG state 2017-05-22 16:01:29 -04:00
Pieter Wuille
daf3e7def7
Merge #10338: Maintain state across GetStrongRandBytes calls
97477c5 Maintain state across GetStrongRandBytes calls (Pieter Wuille)

Tree-SHA512: 77e9b1f3c6eeb0c2a3e0c64358150767222ff0b7120ccd5f4ae0276cea0e4fa275c1b757e3f20be07dc0b4ef07f70ab0b70112080c8d3d0cb6ed703db8a59168
2017-05-09 10:24:45 -07:00
Pieter Wuille
2c0a6f157d Use sanity check timestamps as entropy 2017-05-05 11:56:24 -07:00
Pieter Wuille
33f853d8d8 Test that GetPerformanceCounter() increments 2017-05-05 11:56:24 -07:00
Pieter Wuille
f544094d5e Use hardware timestamps in RNG seeding 2017-05-05 11:56:19 -07:00
Pieter Wuille
97477c537e Maintain state across GetStrongRandBytes calls 2017-05-04 10:13:40 -07:00
Wladimir J. van der Laan
342b9bc390
Merge #9792: FastRandomContext improvements and switch to ChaCha20
4fd2d2f Add a FastRandomContext::randrange and use it (Pieter Wuille)
1632922 Switch FastRandomContext to ChaCha20 (Pieter Wuille)
e04326f Add ChaCha20 (Pieter Wuille)
663fbae FastRandom benchmark (Pieter Wuille)
c21cbe6 Introduce FastRandomContext::randbool() (Pieter Wuille)

Tree-SHA512: 7fff61e3f6d6dc6ac846ca643d877b377db609646dd401a0e8f50b052c6b9bcd2f5fc34de6bbf28f04afd1724f6279ee163ead5f37d724fb782a00239f35db1d
2017-04-24 14:28:49 +02:00
Gregory Maxwell
6b3bb3d9ba Change LogAcceptCategory to use uint32_t rather than sets of strings.
This changes the logging categories to boolean flags instead of strings.

This simplifies the acceptance testing by avoiding accessing a scoped
 static thread local pointer to a thread local set of strings.  It
 eliminates the only use of boost::thread_specific_ptr outside of
 lockorder debugging.

This change allows log entries to be directed to multiple categories
 and makes it easy to change the logging flags at runtime (e.g. via
 an RPC, though that isn't done by this commit.)

It also eliminates the fDebug global.

Configuration of unknown logging categories now produces a warning.
2017-04-01 18:53:29 +00:00
Pieter Wuille
16329224e7 Switch FastRandomContext to ChaCha20 2017-03-29 11:26:08 -07:00
Wladimir J. van der Laan
7e6dcd9995 random: Add fallback if getrandom syscall not available
If the code was compiled with newer (>=3.17) kernel headers but executed
on a system without the system call, every use of random would crash the
program. Add a fallback for that case.
2017-02-22 08:51:26 +01:00
Wladimir J. van der Laan
7cad849299 sanity: Move OS random to sanity check function
Move the OS random test to a sanity check function that is called every
time bitcoind is initialized.

Keep `src/test/random_tests.cpp` for the case that later random tests
are added, and keep a rudimentary test that just calls the sanity check.
2017-02-22 08:02:50 +01:00
Wladimir J. van der Laan
224e6eb089 util: Specific GetOSRandom for Linux/FreeBSD/OpenBSD
These are available in sandboxes without access to files or
devices. Also [they are safer and more straightforward](https://en.wikipedia.org/wiki/Entropy-supplying_system_calls)
to use than `/dev/urandom` as reading from a file has quite a few edge
cases:

- Linux: `getrandom(buf, buflen, 0)`. [getrandom(2)](http://man7.org/linux/man-pages/man2/getrandom.2.html)
  was introduced in version 3.17 of the Linux kernel.
- OpenBSD: `getentropy(buf, buflen)`. The [getentropy(2)](http://man.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man2/getentropy.2)
  function appeared in OpenBSD 5.6.
- FreeBSD and NetBSD: `sysctl(KERN_ARND)`. Not sure when this was added
  but it has existed for quite a while.

Alternatives:

- Linux has sysctl `CTL_KERN` / `KERN_RANDOM` / `RANDOM_UUID`
  which gives 16 bytes of randomness. This may be available
  on older kernels, however [sysctl is deprecated on Linux](https://lwn.net/Articles/605392/)
  and even removed in some distros so we shouldn't use it.

Add tests for `GetOSRand()`:

- Test that no error happens (otherwise `RandFailure()` which aborts)
- Test that all 32 bytes are overwritten (initialize with zeros, try multiple times)

Discussion:

- When to use these? Currently they are always used when available.
  Another option would be to use them only when `/dev/urandom` is not
  available. But this would mean these code paths receive less testing,
  and I'm not sure there is any reason to prefer `/dev/urandom`.

Closes: #9676
2017-02-21 20:57:34 +01:00
isle2983
27765b6403 Increment MIT Licence copyright header year on files modified in 2016
Edited via:

$ contrib/devtools/copyright_header.py update .
2016-12-31 11:01:21 -07:00
Karl-Johan Alm
8c1dbc5e9d Refactor: Removed begin/end_ptr functions. 2016-12-09 13:15:19 +09:00
Wladimir J. van der Laan
5eaaa83ac1 Kill insecure_random and associated global state
There are only a few uses of `insecure_random` outside the tests.
This PR replaces uses of insecure_random (and its accompanying global
state) in the core code with an FastRandomContext that is automatically
seeded on creation.

This is meant to be used for inner loops. The FastRandomContext
can be in the outer scope, or the class itself, then rand32() is used
inside the loop. Useful e.g. for pushing addresses in CNode or the fee
rounding, or randomization for coin selection.

As a context is created per purpose, thus it gets rid of
cross-thread unprotected shared usage of a single set of globals, this
should also get rid of the potential race conditions.

- I'd say TxMempool::check is not called enough to warrant using a special
  fast random context, this is switched to GetRand() (open for
  discussion...)

- The use of `insecure_rand` in ConnectThroughProxy has been replaced by
  an atomic integer counter. The only goal here is to have a different
  credentials pair for each connection to go on a different Tor circuit,
  it does not need to be random nor unpredictable.

- To avoid having a FastRandomContext on every CNode, the context is
  passed into PushAddress as appropriate.

There remains an insecure_random for test usage in `test_random.h`.
2016-10-17 13:08:35 +02:00
Pieter Wuille
628cf1440a Don't use assert for catching randomness failures 2016-05-29 01:52:25 +02:00
Pieter Wuille
fa2637a3be Always require OS randomness when generating secret keys 2016-05-29 01:52:17 +02:00
MarcoFalke
fa24439ff3 Bump copyright headers to 2015 2015-12-13 18:08:39 +01:00
21E14
32eaf8a3de WIN32 Seed Cleanup: Move nLastPerfmon behind win32 ifdef.
Code to avoid calling Perfmon too often is only needed when perfmon is actually going to get called.
This is not intended to make any functional difference in the addition of entropy to the random pool.
2015-02-25 18:37:06 -05:00
Cory Fields
1630219d90 openssl: abstract out OPENSSL_cleanse
This makes it easier for us to replace it if desired, since it's now only in
one spot. Also, it avoids the openssl include from allocators.h, which
essentially forced openssl to be included from every compilation unit.
2015-02-15 11:34:02 -05:00