aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPieter Wuille <pieter.wuille@gmail.com>2016-04-16 12:25:12 +0200
committerPieter Wuille <pieter.wuille@gmail.com>2016-05-29 01:52:17 +0200
commitfa2637a3beb8677067015df3d9d7b394fa837c2f (patch)
tree9325bb10a5fe3e220d040827b82f7da5b42fc346
parenta80de15113166354cdf208e3d8b6e25f4511a591 (diff)
Always require OS randomness when generating secret keys
-rw-r--r--src/Makefile.am3
-rw-r--r--src/init.cpp2
-rw-r--r--src/key.cpp3
-rw-r--r--src/main.cpp1
-rw-r--r--src/random.cpp48
-rw-r--r--src/random.h11
-rw-r--r--src/wallet/wallet.cpp8
7 files changed, 59 insertions, 17 deletions
diff --git a/src/Makefile.am b/src/Makefile.am
index 3c056386fa..f630ad4aa1 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -374,7 +374,8 @@ endif
bitcoin_cli_LDADD = \
$(LIBBITCOIN_CLI) \
$(LIBUNIVALUE) \
- $(LIBBITCOIN_UTIL)
+ $(LIBBITCOIN_UTIL) \
+ $(LIBBITCOIN_CRYPTO)
bitcoin_cli_LDADD += $(BOOST_LIBS) $(SSL_LIBS) $(CRYPTO_LIBS) $(EVENT_LIBS)
#
diff --git a/src/init.cpp b/src/init.cpp
index 9b6943c586..98c0894122 100644
--- a/src/init.cpp
+++ b/src/init.cpp
@@ -1401,8 +1401,6 @@ bool AppInit2(boost::thread_group& threadGroup, CScheduler& scheduler)
if (!strErrors.str().empty())
return InitError(strErrors.str());
- RandAddSeedPerfmon();
-
//// debug print
LogPrintf("mapBlockIndex.size() = %u\n", mapBlockIndex.size());
LogPrintf("nBestHeight = %d\n", chainActive.Height());
diff --git a/src/key.cpp b/src/key.cpp
index 6a3d9aa140..79023566c3 100644
--- a/src/key.cpp
+++ b/src/key.cpp
@@ -124,9 +124,8 @@ bool CKey::Check(const unsigned char *vch) {
}
void CKey::MakeNewKey(bool fCompressedIn) {
- RandAddSeedPerfmon();
do {
- GetRandBytes(vch, sizeof(vch));
+ GetStrongRandBytes(vch, sizeof(vch));
} while (!Check(vch));
fValid = true;
fCompressed = fCompressedIn;
diff --git a/src/main.cpp b/src/main.cpp
index ed157b53dc..ffc57d48be 100644
--- a/src/main.cpp
+++ b/src/main.cpp
@@ -4547,7 +4547,6 @@ void static ProcessGetData(CNode* pfrom, const Consensus::Params& consensusParam
bool static ProcessMessage(CNode* pfrom, string strCommand, CDataStream& vRecv, int64_t nTimeReceived, const CChainParams& chainparams)
{
- RandAddSeedPerfmon();
LogPrint("net", "received: %s (%u bytes) peer=%d\n", SanitizeString(strCommand), vRecv.size(), pfrom->id);
if (mapArgs.count("-dropmessagestest") && GetRand(atoi(mapArgs["-dropmessagestest"])) == 0)
{
diff --git a/src/random.cpp b/src/random.cpp
index 6155c0d8cf..8ad0a9b007 100644
--- a/src/random.cpp
+++ b/src/random.cpp
@@ -5,9 +5,11 @@
#include "random.h"
+#include "crypto/sha512.h"
#include "support/cleanse.h"
#ifdef WIN32
#include "compat.h" // for Windows API
+#include <wincrypt.h>
#endif
#include "serialize.h" // for begin_ptr(vec)
#include "util.h" // for LogPrint()
@@ -43,7 +45,7 @@ void RandAddSeed()
memory_cleanse((void*)&nCounter, sizeof(nCounter));
}
-void RandAddSeedPerfmon()
+static void RandAddSeedPerfmon()
{
RandAddSeed();
@@ -83,6 +85,29 @@ void RandAddSeedPerfmon()
#endif
}
+/** Get 32 bytes of system entropy. */
+static void GetOSRand(unsigned char *ent32)
+{
+#ifdef WIN32
+ HCRYPTPROV hProvider;
+ int ret = CryptAcquireContextW(&hProvider, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT);
+ assert(ret);
+ ret = CryptGenRandom(hProvider, 32, ent32);
+ assert(ret);
+ CryptReleaseContext(hProvider, 0);
+#else
+ int f = open("/dev/urandom", O_RDONLY);
+ assert(f != -1);
+ int have = 0;
+ do {
+ ssize_t n = read(f, ent32 + have, 32 - have);
+ assert(n > 0 && n <= 32 - have);
+ have += n;
+ } while (have < 32);
+ close(f);
+#endif
+}
+
void GetRandBytes(unsigned char* buf, int num)
{
if (RAND_bytes(buf, num) != 1) {
@@ -91,6 +116,27 @@ void GetRandBytes(unsigned char* buf, int num)
}
}
+void GetStrongRandBytes(unsigned char* out, int num)
+{
+ assert(num <= 32);
+ CSHA512 hasher;
+ unsigned char buf[64];
+
+ // First source: OpenSSL's RNG
+ RandAddSeedPerfmon();
+ GetRandBytes(buf, 32);
+ hasher.Write(buf, 32);
+
+ // Second source: OS RNG
+ GetOSRand(buf);
+ hasher.Write(buf, 32);
+
+ // Produce output
+ hasher.Finalize(buf);
+ memcpy(out, buf, num);
+ memory_cleanse(buf, 64);
+}
+
uint64_t GetRand(uint64_t nMax)
{
if (nMax == 0)
diff --git a/src/random.h b/src/random.h
index 1a2d3e8ee2..31b80bd565 100644
--- a/src/random.h
+++ b/src/random.h
@@ -10,11 +10,8 @@
#include <stdint.h>
-/**
- * Seed OpenSSL PRNG with additional entropy data
- */
+/* Seed OpenSSL PRNG with additional entropy data */
void RandAddSeed();
-void RandAddSeedPerfmon();
/**
* Functions to gather random data via the OpenSSL PRNG
@@ -25,6 +22,12 @@ int GetRandInt(int nMax);
uint256 GetRandHash();
/**
+ * Function to gather random data from multiple sources, failing whenever any
+ * of those source fail to provide a result.
+ */
+void GetStrongRandBytes(unsigned char* buf, int num);
+
+/**
* Seed insecure_rand using the random pool.
* @param Deterministic Use a deterministic seed
*/
diff --git a/src/wallet/wallet.cpp b/src/wallet/wallet.cpp
index 5d1a431190..da0d6f272b 100644
--- a/src/wallet/wallet.cpp
+++ b/src/wallet/wallet.cpp
@@ -509,16 +509,14 @@ bool CWallet::EncryptWallet(const SecureString& strWalletPassphrase)
return false;
CKeyingMaterial vMasterKey;
- RandAddSeedPerfmon();
vMasterKey.resize(WALLET_CRYPTO_KEY_SIZE);
- GetRandBytes(&vMasterKey[0], WALLET_CRYPTO_KEY_SIZE);
+ GetStrongRandBytes(&vMasterKey[0], WALLET_CRYPTO_KEY_SIZE);
CMasterKey kMasterKey;
- RandAddSeedPerfmon();
kMasterKey.vchSalt.resize(WALLET_CRYPTO_SALT_SIZE);
- GetRandBytes(&kMasterKey.vchSalt[0], WALLET_CRYPTO_SALT_SIZE);
+ GetStrongRandBytes(&kMasterKey.vchSalt[0], WALLET_CRYPTO_SALT_SIZE);
CCrypter crypter;
int64_t nStartTime = GetTimeMillis();
@@ -3147,8 +3145,6 @@ bool CWallet::InitLoadWallet()
if (fFirstRun)
{
// Create new keyUser and set as default key
- RandAddSeedPerfmon();
-
CPubKey newDefaultKey;
if (walletInstance->GetKeyFromPool(newDefaultKey)) {
walletInstance->SetDefaultKey(newDefaultKey);