random: stop retrieving random bytes from OpenSSL

fanquake · Fuzzbawls · commit 602c0b26da94 · 2021-05-10T17:01:10.000-07:00
On the ::SLOW path we would use OpenSSL as an additional source of random bytes. This commit removes that functionality. Note that this was always only an additional source, and that we never checked the return value RAND_bytes(): https://www.openssl.org/docs/manmaster/man3/RAND_bytes.html RAND_bytes() puts num cryptographically strong pseudo-random bytes into buf.
diff --git a/src/random.cpp b/src/random.cpp
@@ -522,10 +522,6 @@ static void SeedSlow(CSHA512& hasher, RNGState& rng) noexcept
     GetOSRand(buffer);
     hasher.Write(buffer, sizeof(buffer));
 
-    // OpenSSL RNG (for now)
-    RAND_bytes(buffer, sizeof(buffer));
-    hasher.Write(buffer, sizeof(buffer));
-
     // Add the events hasher into the mix
     rng.SeedEvents(hasher);
 
diff --git a/src/random.h b/src/random.h
@@ -35,7 +35,6 @@
  *   that fast seeding includes, but additionally:
  *   - OS entropy (/dev/urandom, getrandom(), ...). The application will terminate if
  *     this entropy source fails.
- *   - Bytes from OpenSSL's RNG (which itself may be seeded from various sources)
  *   - Another high-precision timestamp (indirectly committing to a benchmark of all the
  *     previous sources).
  *   These entropy sources are slower, but designed to make sure the RNG state contains
diff --git a/src/randomenv.cpp b/src/randomenv.cpp
@@ -70,7 +70,6 @@ namespace {
 void RandAddSeedPerfmon(CSHA512& hasher)
 {
 #ifdef WIN32
-    // Don't need this on Linux, OpenSSL automatically uses /dev/urandom
     // Seed with the entire set of perfmon data
 
     // This can take up to 2 seconds, so only do it every 10 minutes

Original file line number	Diff line number	Diff line change
`@@ -70,7 +70,6 @@ namespace {`
`70`	`70`	`void RandAddSeedPerfmon(CSHA512& hasher)`
`71`	`71`	`{`
`72`	`72`	`#ifdef WIN32`
`73`		`- // Don't need this on Linux, OpenSSL automatically uses /dev/urandom`
`74`	`73`	`// Seed with the entire set of perfmon data`
`75`	`74`
`76`	`75`	`// This can take up to 2 seconds, so only do it every 10 minutes`