Commit graph

47 commits

Author SHA1 Message Date
practicalswift
280023f31d Remove duplicate includes 2018-04-09 09:18:49 +02:00
Akira Takizawa
595a7bab23 Increment MIT Licence copyright header year on files modified in 2017 2018-01-03 02:26:56 +09:00
MeshCollider
1a445343f6 scripted-diff: Replace #include "" with #include <> (ryanofsky)
-BEGIN VERIFY SCRIPT-
for f in \
  src/*.cpp \
  src/*.h \
  src/bench/*.cpp \
  src/bench/*.h \
  src/compat/*.cpp \
  src/compat/*.h \
  src/consensus/*.cpp \
  src/consensus/*.h \
  src/crypto/*.cpp \
  src/crypto/*.h \
  src/crypto/ctaes/*.h \
  src/policy/*.cpp \
  src/policy/*.h \
  src/primitives/*.cpp \
  src/primitives/*.h \
  src/qt/*.cpp \
  src/qt/*.h \
  src/qt/test/*.cpp \
  src/qt/test/*.h \
  src/rpc/*.cpp \
  src/rpc/*.h \
  src/script/*.cpp \
  src/script/*.h \
  src/support/*.cpp \
  src/support/*.h \
  src/support/allocators/*.h \
  src/test/*.cpp \
  src/test/*.h \
  src/wallet/*.cpp \
  src/wallet/*.h \
  src/wallet/test/*.cpp \
  src/wallet/test/*.h \
  src/zmq/*.cpp \
  src/zmq/*.h
do
  base=${f%/*}/ relbase=${base#src/} sed -i "s:#include \"\(.*\)\"\(.*\):if test -e \$base'\\1'; then echo \"#include <\"\$relbase\"\\1>\\2\"; else echo \"#include <\\1>\\2\"; fi:e" $f
done
-END VERIFY SCRIPT-
2017-11-16 08:23:01 +13:00
Wladimir J. van der Laan
2ab7c6300f
Merge #10843: Add attribute [[noreturn]] (C++11) to functions that will not return
b82c55a Add attribute [[noreturn]] (C++11) to functions that will not return (practicalswift)

Pull request description:

  Add attribute `[[noreturn]]` (C++11) to functions that will not return.

  Rationale:
  * Reduce the number of false positives/false negatives from static analyzers with regards to things such as unused or unreachable code
  * Potentially enable additional compiler optimizations

Tree-SHA512: 899683fe8b2fcf19bd334352271d368b46b805be9d426aac1808335fd95732d6d7078d3296951b9879196f3f6e3ec0fdb7695d0afdc3fbe4dd78a2ca70e91ff7
2017-08-22 09:38:49 +02:00
practicalswift
bea8e9e66e Document the preference of nullptr over NULL or (void*)0 2017-08-18 09:51:00 +02:00
Wladimir J. van der Laan
ce74799a3c
Merge #10483: scripted-diff: Use the C++11 keyword nullptr to denote the pointer literal instead of the macro NULL
90d4d89 scripted-diff: Use the C++11 keyword nullptr to denote the pointer literal instead of the macro NULL (practicalswift)

Pull request description:

  Since C++11 the macro `NULL` may be:
  * an integer literal with value zero, or
  * a prvalue of type `std::nullptr_t`

  By using the C++11 keyword `nullptr` we are guaranteed a prvalue of type `std::nullptr_t`.

  For a more thorough discussion, see "A name for the null pointer: nullptr" (Sutter &
  Stroustrup), http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2007/n2431.pdf

  With this patch applied there are no `NULL` macro usages left in the repo:

  ```
  $ git grep NULL -- "*.cpp" "*.h" | egrep -v '(/univalue/|/secp256k1/|/leveldb/|_NULL|NULLDUMMY|torcontrol.*NULL|NULL cert)' | wc -l
  0
  ```

  The road towards `nullptr` (C++11) is split into two PRs:
  * `NULL` → `nullptr` is handled in PR #10483 (scripted, this PR)
  * `0` → `nullptr` is handled in PR #10645 (manual)

Tree-SHA512: 3c395d66f2ad724a8e6fed74b93634de8bfc0c0eafac94e64e5194c939499fefd6e68f047de3083ad0b4eff37df9a8a3a76349aa17d55eabbd8e0412f140a297
2017-08-14 16:30:59 +02:00
practicalswift
90d4d89230 scripted-diff: Use the C++11 keyword nullptr to denote the pointer literal instead of the macro NULL
-BEGIN VERIFY SCRIPT-
sed -i 's/\<NULL\>/nullptr/g' src/*.cpp src/*.h src/*/*.cpp src/*/*.h src/qt/*/*.cpp src/qt/*/*.h src/wallet/*/*.cpp src/wallet/*/*.h src/support/allocators/*.h
sed -i 's/Prefer nullptr, otherwise SAFECOOKIE./Prefer NULL, otherwise SAFECOOKIE./g' src/torcontrol.cpp
sed -i 's/tor: Using nullptr authentication/tor: Using NULL authentication/g' src/torcontrol.cpp
sed -i 's/METHODS=nullptr/METHODS=NULL/g' src/test/torcontrol_tests.cpp src/torcontrol.cpp
sed -i 's/nullptr certificates/NULL certificates/g' src/qt/paymentserver.cpp
sed -i 's/"nullptr"/"NULL"/g' src/torcontrol.cpp src/test/torcontrol_tests.cpp
-END VERIFY SCRIPT-
2017-08-07 07:36:37 +02:00
James Hilliard
ee2d10ad0c Check if sys/random.h is required for getentropy on OSX. 2017-07-27 15:34:09 +03:00
Cory Fields
077d01f2fc random: only use getentropy on openbsd 2017-07-17 13:14:53 -04:00
practicalswift
b82c55af78 Add attribute [[noreturn]] (C++11) to functions that will not return
Rationale:
* Reduce the number of false positives from static analyzers
* Potentially enable additional compiler optimizations
2017-07-17 18:46:18 +02:00
Wladimir J. van der Laan
8bc6d1f179
Merge #10837: Fix resource leak on error in GetDevURandom
a8ae0b2 Fix resource leak (Dag Robole)

Pull request description:

  Fixes a potential file handle leak when size of entropy is invalid

Tree-SHA512: 692d24daaf370bba1f842925b037275126f9494f54769650bcf5829c794a0fb8561a86f42347bdf088a484e4f107bce7fa14cd7bdbfb4ecfbeb51968953da3ae
2017-07-17 13:14:09 +02:00
Dag Robole
a8ae0b252a Fix resource leak 2017-07-15 21:34:52 +02:00
Pieter Wuille
674848fe1c Clarify entropy source 2017-07-14 12:17:33 -07:00
Pieter Wuille
a9e82f6512 Use cpuid intrinsics instead of asm code 2017-07-13 16:43:05 -07:00
Cory Fields
9af207c810 random: fix crash on some 64bit platforms
rbx needs to be stashed in a 64bit register on 64bit platforms. With this crash
in particular, it was holding a stack canary which was not properly restored
after the cpuid.

Split out the x86+PIC case so that x86_64 doesn't have to worry about it.
2017-06-16 15:19:15 -04:00
Wladimir J. van der Laan
b63be2c685
Merge #10377: Use rdrand as entropy source on supported platforms
cb24c85 Use rdrand as entropy source on supported platforms (Pieter Wuille)

Tree-SHA512: c42eaa01a14e6bc097c70b6bf8540d61854c2f76cb32be69c2a3c411a126f7b4bf4a4486e4493c4cc367cc689319abde0d4adb799d29a54fd3e81767ce0766fc
2017-06-14 15:22:15 +02:00
Pieter Wuille
cb24c8539d Use rdrand as entropy source on supported platforms 2017-06-13 17:02:05 -07:00
Pieter Wuille
37e864eb9f Add FastRandomContext::rand256() and ::randbytes()
FastRandomContext now provides all functionality that the real Rand* functions
provide.
2017-06-05 12:44:44 -07:00
Matt Corallo
888cce57a6 Add perf counter data to GetStrongRandBytes state in scheduler 2017-05-22 16:01:52 -04:00
Matt Corallo
399fb8f2d0 Add internal method to add new random data to our internal RNG state 2017-05-22 16:01:29 -04:00
Pieter Wuille
daf3e7def7
Merge #10338: Maintain state across GetStrongRandBytes calls
97477c5 Maintain state across GetStrongRandBytes calls (Pieter Wuille)

Tree-SHA512: 77e9b1f3c6eeb0c2a3e0c64358150767222ff0b7120ccd5f4ae0276cea0e4fa275c1b757e3f20be07dc0b4ef07f70ab0b70112080c8d3d0cb6ed703db8a59168
2017-05-09 10:24:45 -07:00
Pieter Wuille
2c0a6f157d Use sanity check timestamps as entropy 2017-05-05 11:56:24 -07:00
Pieter Wuille
33f853d8d8 Test that GetPerformanceCounter() increments 2017-05-05 11:56:24 -07:00
Pieter Wuille
f544094d5e Use hardware timestamps in RNG seeding 2017-05-05 11:56:19 -07:00
Pieter Wuille
97477c537e Maintain state across GetStrongRandBytes calls 2017-05-04 10:13:40 -07:00
Wladimir J. van der Laan
342b9bc390
Merge #9792: FastRandomContext improvements and switch to ChaCha20
4fd2d2f Add a FastRandomContext::randrange and use it (Pieter Wuille)
1632922 Switch FastRandomContext to ChaCha20 (Pieter Wuille)
e04326f Add ChaCha20 (Pieter Wuille)
663fbae FastRandom benchmark (Pieter Wuille)
c21cbe6 Introduce FastRandomContext::randbool() (Pieter Wuille)

Tree-SHA512: 7fff61e3f6d6dc6ac846ca643d877b377db609646dd401a0e8f50b052c6b9bcd2f5fc34de6bbf28f04afd1724f6279ee163ead5f37d724fb782a00239f35db1d
2017-04-24 14:28:49 +02:00
Gregory Maxwell
6b3bb3d9ba Change LogAcceptCategory to use uint32_t rather than sets of strings.
This changes the logging categories to boolean flags instead of strings.

This simplifies the acceptance testing by avoiding accessing a scoped
 static thread local pointer to a thread local set of strings.  It
 eliminates the only use of boost::thread_specific_ptr outside of
 lockorder debugging.

This change allows log entries to be directed to multiple categories
 and makes it easy to change the logging flags at runtime (e.g. via
 an RPC, though that isn't done by this commit.)

It also eliminates the fDebug global.

Configuration of unknown logging categories now produces a warning.
2017-04-01 18:53:29 +00:00
Pieter Wuille
16329224e7 Switch FastRandomContext to ChaCha20 2017-03-29 11:26:08 -07:00
Wladimir J. van der Laan
7e6dcd9995 random: Add fallback if getrandom syscall not available
If the code was compiled with newer (>=3.17) kernel headers but executed
on a system without the system call, every use of random would crash the
program. Add a fallback for that case.
2017-02-22 08:51:26 +01:00
Wladimir J. van der Laan
7cad849299 sanity: Move OS random to sanity check function
Move the OS random test to a sanity check function that is called every
time bitcoind is initialized.

Keep `src/test/random_tests.cpp` for the case that later random tests
are added, and keep a rudimentary test that just calls the sanity check.
2017-02-22 08:02:50 +01:00
Wladimir J. van der Laan
224e6eb089 util: Specific GetOSRandom for Linux/FreeBSD/OpenBSD
These are available in sandboxes without access to files or
devices. Also [they are safer and more straightforward](https://en.wikipedia.org/wiki/Entropy-supplying_system_calls)
to use than `/dev/urandom` as reading from a file has quite a few edge
cases:

- Linux: `getrandom(buf, buflen, 0)`. [getrandom(2)](http://man7.org/linux/man-pages/man2/getrandom.2.html)
  was introduced in version 3.17 of the Linux kernel.
- OpenBSD: `getentropy(buf, buflen)`. The [getentropy(2)](http://man.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man2/getentropy.2)
  function appeared in OpenBSD 5.6.
- FreeBSD and NetBSD: `sysctl(KERN_ARND)`. Not sure when this was added
  but it has existed for quite a while.

Alternatives:

- Linux has sysctl `CTL_KERN` / `KERN_RANDOM` / `RANDOM_UUID`
  which gives 16 bytes of randomness. This may be available
  on older kernels, however [sysctl is deprecated on Linux](https://lwn.net/Articles/605392/)
  and even removed in some distros so we shouldn't use it.

Add tests for `GetOSRand()`:

- Test that no error happens (otherwise `RandFailure()` which aborts)
- Test that all 32 bytes are overwritten (initialize with zeros, try multiple times)

Discussion:

- When to use these? Currently they are always used when available.
  Another option would be to use them only when `/dev/urandom` is not
  available. But this would mean these code paths receive less testing,
  and I'm not sure there is any reason to prefer `/dev/urandom`.

Closes: #9676
2017-02-21 20:57:34 +01:00
isle2983
27765b6403 Increment MIT Licence copyright header year on files modified in 2016
Edited via:

$ contrib/devtools/copyright_header.py update .
2016-12-31 11:01:21 -07:00
Karl-Johan Alm
8c1dbc5e9d Refactor: Removed begin/end_ptr functions. 2016-12-09 13:15:19 +09:00
Wladimir J. van der Laan
5eaaa83ac1 Kill insecure_random and associated global state
There are only a few uses of `insecure_random` outside the tests.
This PR replaces uses of insecure_random (and its accompanying global
state) in the core code with an FastRandomContext that is automatically
seeded on creation.

This is meant to be used for inner loops. The FastRandomContext
can be in the outer scope, or the class itself, then rand32() is used
inside the loop. Useful e.g. for pushing addresses in CNode or the fee
rounding, or randomization for coin selection.

As a context is created per purpose, thus it gets rid of
cross-thread unprotected shared usage of a single set of globals, this
should also get rid of the potential race conditions.

- I'd say TxMempool::check is not called enough to warrant using a special
  fast random context, this is switched to GetRand() (open for
  discussion...)

- The use of `insecure_rand` in ConnectThroughProxy has been replaced by
  an atomic integer counter. The only goal here is to have a different
  credentials pair for each connection to go on a different Tor circuit,
  it does not need to be random nor unpredictable.

- To avoid having a FastRandomContext on every CNode, the context is
  passed into PushAddress as appropriate.

There remains an insecure_random for test usage in `test_random.h`.
2016-10-17 13:08:35 +02:00
Pieter Wuille
628cf1440a Don't use assert for catching randomness failures 2016-05-29 01:52:25 +02:00
Pieter Wuille
fa2637a3be Always require OS randomness when generating secret keys 2016-05-29 01:52:17 +02:00
MarcoFalke
fa24439ff3 Bump copyright headers to 2015 2015-12-13 18:08:39 +01:00
21E14
32eaf8a3de WIN32 Seed Cleanup: Move nLastPerfmon behind win32 ifdef.
Code to avoid calling Perfmon too often is only needed when perfmon is actually going to get called.
This is not intended to make any functional difference in the addition of entropy to the random pool.
2015-02-25 18:37:06 -05:00
Cory Fields
1630219d90 openssl: abstract out OPENSSL_cleanse
This makes it easier for us to replace it if desired, since it's now only in
one spot. Also, it avoids the openssl include from allocators.h, which
essentially forced openssl to be included from every compilation unit.
2015-02-15 11:34:02 -05:00
sandakersmann
f914f1a746
Added "Core" to copyright headers
Github-Pull: #5494
Rebased-From: 15de949bb9277e442302bdd8dee299a8d6deee60
2014-12-19 19:55:32 +01:00
Michael Ford
78253fcbad Remove references to X11 licence 2014-12-16 15:56:50 +08:00
Wladimir J. van der Laan
65e3a1e762
Make sure that GetRandomBytes never fails
We're using GetRandomBytes in several contexts where it's either
unwieldy to return an error, or an error would mean a fatal exception
anyhow.

@gmaxwell checked OpenSSL a while ago and discovered that it never
actually fails, but it can't hurt to be a bit paranoid here.
2014-11-07 13:49:25 +01:00
Pieter Wuille
20e01b1a03 Apply clang-format on some infrequently-updated files 2014-09-19 19:21:46 +02:00
Philip Kaufmann
611116d4e3 header include cleanup
- ensures alphabetical ordering for includes etc. in source file headers
2014-09-14 12:43:56 +02:00
Wladimir J. van der Laan
ad49c256c3 Split up util.cpp/h
Split up util.cpp/h into:

- string utilities (hex, base32, base64): no internal dependencies, no dependency on boost (apart from foreach)
- money utilities (parsesmoney, formatmoney)
- time utilities (gettime*, sleep, format date):
- and the rest (logging, argument parsing, config file parsing)

The latter is basically the environment and OS handling,
and is stripped of all utility functions, so we may want to
rename it to something else than util.cpp/h for clarity (Matt suggested
osinterface).

Breaks dependency of sha256.cpp on all the things pulled in by util.
2014-08-26 13:25:22 +02:00
Philip Kaufmann
4eedf4ffee make RandAddSeed() use OPENSSL_cleanse()
- removes the cstring include and is also used in RandAddSeedPerfmon()
2014-07-09 09:43:55 +02:00
Philip Kaufmann
6354935c48 move rand functions from util to new random.h/.cpp 2014-07-09 09:42:19 +02:00