From 31062675757d4b743ca808cfb8f54d3f719f5fc1 Mon Sep 17 00:00:00 2001
From: "Paragon Initiative Enterprises, LLC" <security@paragonie.com>
Date: Fri, 28 Oct 2016 22:03:55 -0400
Subject: [PATCH 1/6] Use libsodium's CSPRNG instead of OpenSSL's

---
 src/random.cpp | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/src/random.cpp b/src/random.cpp
index 4f197fcac..52b9c7cb9 100644
--- a/src/random.cpp
+++ b/src/random.cpp
@@ -21,6 +21,7 @@
 
 #include <openssl/err.h>
 #include <openssl/rand.h>
+#include "sodium.h"
 
 static inline int64_t GetPerformanceCounter()
 {
@@ -83,12 +84,9 @@ void RandAddSeedPerfmon()
 #endif
 }
 
-void GetRandBytes(unsigned char* buf, int num)
+void GetRandBytes(unsigned char* buf, size_t num)
 {
-    if (RAND_bytes(buf, num) != 1) {
-        LogPrintf("%s: OpenSSL RAND_bytes() failed with error: %s\n", __func__, ERR_error_string(ERR_get_error(), NULL));
-        assert(false);
-    }
+    randombytes_buf(buf, (size_t) num);
 }
 
 uint64_t GetRand(uint64_t nMax)

From e5df7ee78ee210b2c75935ba2fa16dc47ea9cbb4 Mon Sep 17 00:00:00 2001
From: Scott <scott@paragonie.com>
Date: Tue, 1 Nov 2016 17:51:39 -0400
Subject: [PATCH 2/6] Update random.h

While I'm making an argument for better consistency, I might as well be self-consistent.
---
 src/random.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/random.h b/src/random.h
index 5bc8b5480..fb78a139a 100644
--- a/src/random.h
+++ b/src/random.h
@@ -20,7 +20,7 @@ void RandAddSeedPerfmon();
 /**
  * Functions to gather random data via the OpenSSL PRNG
  */
-void GetRandBytes(unsigned char* buf, int num);
+void GetRandBytes(unsigned char* buf, size_t num);
 uint64_t GetRand(uint64_t nMax);
 int GetRandInt(int nMax);
 uint256 GetRandHash();

From 13124da0b67487d940a9bddf05322d633f2538e8 Mon Sep 17 00:00:00 2001
From: Jack Grigg <jack@z.cash>
Date: Wed, 4 Jan 2017 10:20:25 +0100
Subject: [PATCH 3/6] Update comment

---
 src/random.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/random.h b/src/random.h
index fb78a139a..4f7709bcb 100644
--- a/src/random.h
+++ b/src/random.h
@@ -18,7 +18,7 @@ void RandAddSeed();
 void RandAddSeedPerfmon();
 
 /**
- * Functions to gather random data via the OpenSSL PRNG
+ * Functions to gather random data via the libsodium PRNG
  */
 void GetRandBytes(unsigned char* buf, size_t num);
 uint64_t GetRand(uint64_t nMax);

From 207924a1d504ada8c85c0e5ef8dbb8cc0ddd8cca Mon Sep 17 00:00:00 2001
From: Jack Grigg <jack@z.cash>
Date: Wed, 4 Jan 2017 10:36:09 +0100
Subject: [PATCH 4/6] Remove OpenSSL PRNG reseeding

Per https://download.libsodium.org/doc/generating_random_data/ reseeding the
default libsodium PRNG is not required.
---
 src/init.cpp                  |  4 ---
 src/key.cpp                   |  1 -
 src/main.cpp                  |  1 -
 src/qt/winshutdownmonitor.cpp | 12 ---------
 src/random.cpp                | 49 -----------------------------------
 src/random.h                  |  6 -----
 src/util.cpp                  | 11 --------
 src/wallet/wallet.cpp         |  2 --
 8 files changed, 86 deletions(-)

diff --git a/src/init.cpp b/src/init.cpp
index 80304bf2c..55bf6655d 100644
--- a/src/init.cpp
+++ b/src/init.cpp
@@ -1363,8 +1363,6 @@ bool AppInit2(boost::thread_group& threadGroup, CScheduler& scheduler)
         if (fFirstRun)
         {
             // Create new keyUser and set as default key
-            RandAddSeedPerfmon();
-
             CPubKey newDefaultKey;
             if (pwalletMain->GetKeyFromPool(newDefaultKey)) {
                 pwalletMain->SetDefaultKey(newDefaultKey);
@@ -1481,8 +1479,6 @@ bool AppInit2(boost::thread_group& threadGroup, CScheduler& scheduler)
     if (!strErrors.str().empty())
         return InitError(strErrors.str());
 
-    RandAddSeedPerfmon();
-
     //// debug print
     LogPrintf("mapBlockIndex.size() = %u\n",   mapBlockIndex.size());
     LogPrintf("nBestHeight = %d\n",                   chainActive.Height());
diff --git a/src/key.cpp b/src/key.cpp
index b772dff33..4a6a1d25c 100644
--- a/src/key.cpp
+++ b/src/key.cpp
@@ -21,7 +21,6 @@ bool CKey::Check(const unsigned char *vch) {
 }
 
 void CKey::MakeNewKey(bool fCompressedIn) {
-    RandAddSeedPerfmon();
     do {
         GetRandBytes(vch, sizeof(vch));
     } while (!Check(vch));
diff --git a/src/main.cpp b/src/main.cpp
index a843724ac..d5c9198f7 100644
--- a/src/main.cpp
+++ b/src/main.cpp
@@ -4303,7 +4303,6 @@ void static ProcessGetData(CNode* pfrom)
 bool static ProcessMessage(CNode* pfrom, string strCommand, CDataStream& vRecv, int64_t nTimeReceived)
 {
     const CChainParams& chainparams = Params();
-    RandAddSeedPerfmon();
     LogPrint("net", "received: %s (%u bytes) peer=%d\n", SanitizeString(strCommand), vRecv.size(), pfrom->id);
     if (mapArgs.count("-dropmessagestest") && GetRand(atoi(mapArgs["-dropmessagestest"])) == 0)
     {
diff --git a/src/qt/winshutdownmonitor.cpp b/src/qt/winshutdownmonitor.cpp
index 1bc4f7795..bcb2855a4 100644
--- a/src/qt/winshutdownmonitor.cpp
+++ b/src/qt/winshutdownmonitor.cpp
@@ -12,8 +12,6 @@
 
 #include <QDebug>
 
-#include <openssl/rand.h>
-
 // If we don't want a message to be processed by Qt, return true and set result to
 // the value that the window procedure should return. Otherwise return false.
 bool WinShutdownMonitor::nativeEventFilter(const QByteArray &eventType, void *pMessage, long *pnResult)
@@ -22,16 +20,6 @@ bool WinShutdownMonitor::nativeEventFilter(const QByteArray &eventType, void *pM
 
        MSG *pMsg = static_cast<MSG *>(pMessage);
 
-       // Seed OpenSSL PRNG with Windows event data (e.g.  mouse movements and other user interactions)
-       if (RAND_event(pMsg->message, pMsg->wParam, pMsg->lParam) == 0) {
-            // Warn only once as this is performance-critical
-            static bool warned = false;
-            if (!warned) {
-                LogPrint("%s: OpenSSL RAND_event() failed to seed OpenSSL PRNG with enough data.\n", __func__);
-                warned = true;
-            }
-       }
-
        switch(pMsg->message)
        {
            case WM_QUERYENDSESSION:
diff --git a/src/random.cpp b/src/random.cpp
index 52b9c7cb9..10b0e8c08 100644
--- a/src/random.cpp
+++ b/src/random.cpp
@@ -20,7 +20,6 @@
 #endif
 
 #include <openssl/err.h>
-#include <openssl/rand.h>
 #include "sodium.h"
 
 static inline int64_t GetPerformanceCounter()
@@ -36,54 +35,6 @@ static inline int64_t GetPerformanceCounter()
     return nCounter;
 }
 
-void RandAddSeed()
-{
-    // Seed with CPU performance counter
-    int64_t nCounter = GetPerformanceCounter();
-    RAND_add(&nCounter, sizeof(nCounter), 1.5);
-    memory_cleanse((void*)&nCounter, sizeof(nCounter));
-}
-
-void RandAddSeedPerfmon()
-{
-    RandAddSeed();
-
-#ifdef WIN32
-    // Don't need this on Linux, OpenSSL automatically uses /dev/urandom
-    // Seed with the entire set of perfmon data
-
-    // This can take up to 2 seconds, so only do it every 10 minutes
-    static int64_t nLastPerfmon;
-    if (GetTime() < nLastPerfmon + 10 * 60)
-        return;
-    nLastPerfmon = GetTime();
-
-    std::vector<unsigned char> vData(250000, 0);
-    long ret = 0;
-    unsigned long nSize = 0;
-    const size_t nMaxSize = 10000000; // Bail out at more than 10MB of performance data
-    while (true) {
-        nSize = vData.size();
-        ret = RegQueryValueExA(HKEY_PERFORMANCE_DATA, "Global", NULL, NULL, begin_ptr(vData), &nSize);
-        if (ret != ERROR_MORE_DATA || vData.size() >= nMaxSize)
-            break;
-        vData.resize(std::max((vData.size() * 3) / 2, nMaxSize)); // Grow size of buffer exponentially
-    }
-    RegCloseKey(HKEY_PERFORMANCE_DATA);
-    if (ret == ERROR_SUCCESS) {
-        RAND_add(begin_ptr(vData), nSize, nSize / 100.0);
-        memory_cleanse(begin_ptr(vData), nSize);
-        LogPrint("rand", "%s: %lu bytes\n", __func__, nSize);
-    } else {
-        static bool warned = false; // Warn only once
-        if (!warned) {
-            LogPrintf("%s: Warning: RegQueryValueExA(HKEY_PERFORMANCE_DATA) failed with code %i\n", __func__, ret);
-            warned = true;
-        }
-    }
-#endif
-}
-
 void GetRandBytes(unsigned char* buf, size_t num)
 {
     randombytes_buf(buf, (size_t) num);
diff --git a/src/random.h b/src/random.h
index 4f7709bcb..47b8868f5 100644
--- a/src/random.h
+++ b/src/random.h
@@ -11,12 +11,6 @@
 #include <functional>
 #include <stdint.h>
 
-/**
- * Seed OpenSSL PRNG with additional entropy data
- */
-void RandAddSeed();
-void RandAddSeedPerfmon();
-
 /**
  * Functions to gather random data via the libsodium PRNG
  */
diff --git a/src/util.cpp b/src/util.cpp
index cd17ad3f5..0023cd380 100644
--- a/src/util.cpp
+++ b/src/util.cpp
@@ -82,7 +82,6 @@
 #include <boost/program_options/parsers.hpp>
 #include <boost/thread.hpp>
 #include <openssl/crypto.h>
-#include <openssl/rand.h>
 #include <openssl/conf.h>
 
 // Work around clang compilation problem in Boost 1.46:
@@ -142,19 +141,9 @@ public:
         // or corrupt. Explicitly tell OpenSSL not to try to load the file. The result for our libs will be
         // that the config appears to have been loaded and there are no modules/engines available.
         OPENSSL_no_config();
-
-#ifdef WIN32
-        // Seed OpenSSL PRNG with current contents of the screen
-        RAND_screen();
-#endif
-
-        // Seed OpenSSL PRNG with performance counter
-        RandAddSeed();
     }
     ~CInit()
     {
-        // Securely erase the memory used by the PRNG
-        RAND_cleanup();
         // Shutdown OpenSSL library multithreading support
         CRYPTO_set_locking_callback(NULL);
         for (int i = 0; i < CRYPTO_num_locks(); i++)
diff --git a/src/wallet/wallet.cpp b/src/wallet/wallet.cpp
index 8c32dcb1a..2dde3d835 100644
--- a/src/wallet/wallet.cpp
+++ b/src/wallet/wallet.cpp
@@ -814,13 +814,11 @@ bool CWallet::EncryptWallet(const SecureString& strWalletPassphrase)
         return false;
 
     CKeyingMaterial vMasterKey;
-    RandAddSeedPerfmon();
 
     vMasterKey.resize(WALLET_CRYPTO_KEY_SIZE);
     GetRandBytes(&vMasterKey[0], WALLET_CRYPTO_KEY_SIZE);
 
     CMasterKey kMasterKey;
-    RandAddSeedPerfmon();
 
     kMasterKey.vchSalt.resize(WALLET_CRYPTO_SALT_SIZE);
     GetRandBytes(&kMasterKey.vchSalt[0], WALLET_CRYPTO_SALT_SIZE);

From bf6a1383047465c1d042946096629cd6552db1bb Mon Sep 17 00:00:00 2001
From: Jack Grigg <jack@z.cash>
Date: Mon, 16 Jan 2017 17:38:04 +0100
Subject: [PATCH 5/6] Address review comments

---
 src/random.cpp | 3 +--
 src/random.h   | 2 +-
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/src/random.cpp b/src/random.cpp
index 10b0e8c08..29faa32a7 100644
--- a/src/random.cpp
+++ b/src/random.cpp
@@ -19,7 +19,6 @@
 #include <sys/time.h>
 #endif
 
-#include <openssl/err.h>
 #include "sodium.h"
 
 static inline int64_t GetPerformanceCounter()
@@ -37,7 +36,7 @@ static inline int64_t GetPerformanceCounter()
 
 void GetRandBytes(unsigned char* buf, size_t num)
 {
-    randombytes_buf(buf, (size_t) num);
+    randombytes_buf(buf, num);
 }
 
 uint64_t GetRand(uint64_t nMax)
diff --git a/src/random.h b/src/random.h
index 47b8868f5..8cec678ef 100644
--- a/src/random.h
+++ b/src/random.h
@@ -12,7 +12,7 @@
 #include <stdint.h>
 
 /**
- * Functions to gather random data via the libsodium PRNG
+ * Functions to gather random data via the libsodium CSPRNG
  */
 void GetRandBytes(unsigned char* buf, size_t num);
 uint64_t GetRand(uint64_t nMax);

From 475233553bb0193fcdf5026a6d67acb256325beb Mon Sep 17 00:00:00 2001
From: Jack Grigg <jack@z.cash>
Date: Mon, 23 Jan 2017 18:29:22 +0100
Subject: [PATCH 6/6] Fix linking error in CreateJoinSplit

---
 src/Makefile.zcash.include | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Makefile.zcash.include b/src/Makefile.zcash.include
index 562512dfe..7325fdcff 100644
--- a/src/Makefile.zcash.include
+++ b/src/Makefile.zcash.include
@@ -15,8 +15,8 @@ zcash_GenerateParams_LDADD = \
 zcash_CreateJoinSplit_SOURCES = zcash/CreateJoinSplit.cpp
 zcash_CreateJoinSplit_LDADD = \
   $(LIBBITCOIN_COMMON) \
+  $(LIBZCASH) \
   $(LIBBITCOIN_UTIL) \
   $(LIBBITCOIN_CRYPTO) \
-  $(LIBZCASH) \
   $(BOOST_LIBS) \
   $(LIBZCASH_LIBS)