Replace userspace RNG with the OS's CSPRNG

src/crypto/crypto.cpp

@@ -78,7 +78,7 @@ namespace crypto {
   /* generate a random 32-byte (256-bit) integer and copy it to res */
   static inline void random_scalar_not_thread_safe(ec_scalar &res) {
     unsigned char tmp[64];
-    generate_random_bytes_not_thread_safe(64, tmp);
+    generate_system_random_bytes(64, tmp);
     sc_reduce(tmp);
     memcpy(&res, tmp, 32);
   }

src/crypto/crypto.h

@@ -147,7 +147,7 @@ namespace crypto {
    */
   inline void rand(size_t N, uint8_t *bytes) {
     boost::lock_guard<boost::mutex> lock(random_lock);
-    generate_random_bytes_not_thread_safe(N, bytes);
+    generate_system_random_bytes(N, bytes);
   }
 
   /* Generate a value filled with random bytes.
@@ -156,7 +156,7 @@ namespace crypto {
   typename std::enable_if<std::is_pod<T>::value, T>::type rand() {
     typename std::remove_cv<T>::type res;
     boost::lock_guard<boost::mutex> lock(random_lock);
-    generate_random_bytes_not_thread_safe(sizeof(T), &res);
+    generate_system_random_bytes(sizeof(T), &res);
     return res;
   }
 

src/crypto/random.c

@@ -36,14 +36,12 @@
 #include "initializer.h"
 #include "random.h"
 
-static void generate_system_random_bytes(size_t n, void *result);
-
 #if defined(_WIN32)
 
 #include <windows.h>
 #include <wincrypt.h>
 
-static void generate_system_random_bytes(size_t n, void *result) {
+void generate_system_random_bytes(size_t n, void *result) {
   HCRYPTPROV prov;
 #define must_succeed(x) do if (!(x)) abort(); while (0)
   must_succeed(CryptAcquireContext(&prov, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT | CRYPT_SILENT));
@@ -62,7 +60,7 @@ static void generate_system_random_bytes(size_t n, void *result) {
 #include <sys/types.h>
 #include <unistd.h>
 
-static void generate_system_random_bytes(size_t n, void *result) {
+void generate_system_random_bytes(size_t n, void *result) {
   int fd;
   if ((fd = open("/dev/urandom", O_RDONLY | O_NOCTTY | O_CLOEXEC)) < 0) {
     err(EXIT_FAILURE, "open /dev/urandom");
@@ -88,56 +86,4 @@ static void generate_system_random_bytes(size_t n, void *result) {
   }
 }
 
-#endif
-
-static union hash_state state;
-
-#if !defined(NDEBUG)
-static volatile int curstate; /* To catch thread safety problems. */
-#endif
-
-FINALIZER(deinit_random) {
-#if !defined(NDEBUG)
-  assert(curstate == 1);
-  curstate = 0;
-#endif
-  memset(&state, 0, sizeof(union hash_state));
-}
-
-INITIALIZER(init_random) {
-  generate_system_random_bytes(32, &state);
-  REGISTER_FINALIZER(deinit_random);
-#if !defined(NDEBUG)
-  assert(curstate == 0);
-  curstate = 1;
-#endif
-}
-
-void generate_random_bytes_not_thread_safe(size_t n, void *result) {
-#if !defined(NDEBUG)
-  assert(curstate == 1);
-  curstate = 2;
-#endif
-  if (n == 0) {
-#if !defined(NDEBUG)
-    assert(curstate == 2);
-    curstate = 1;
-#endif
-    return;
-  }
-  for (;;) {
-    hash_permutation(&state);
-    if (n <= HASH_DATA_AREA) {
-      memcpy(result, &state, n);
-#if !defined(NDEBUG)
-      assert(curstate == 2);
-      curstate = 1;
-#endif
-      return;
-    } else {
-      memcpy(result, &state, HASH_DATA_AREA);
-      result = padd(result, HASH_DATA_AREA);
-      n -= HASH_DATA_AREA;
-    }
-  }
-}
+#endif

src/crypto/random.h

@@ -32,4 +32,5 @@
 
 #include <stddef.h>
 
-void generate_random_bytes_not_thread_safe(size_t n, void *result);
+
+void generate_system_random_bytes(size_t n, void *result);