diff --git a/CHANGELOG_PENDING.md b/CHANGELOG_PENDING.md index cb9a50082..c19ecca24 100644 --- a/CHANGELOG_PENDING.md +++ b/CHANGELOG_PENDING.md @@ -46,6 +46,7 @@ Friendly reminder: We have a [bug bounty program](https://hackerone.com/tendermi - [rpc/client/http] \#6176 Remove `endpoint` arg from `New`, `NewWithTimeout` and `NewWithClient` (@melekes) - [rpc/client/http] \#6176 Unexpose `WSEvents` (@melekes) - [rpc/jsonrpc/client/ws_client] \#6176 `NewWS` no longer accepts options (use `NewWSWithOptions` and `OnReconnect` funcs to configure the client) (@melekes) + - [libs/rand] \#6364 Removed most of libs/rand in favour of standard lib's `math/rand` (@liamsi) - Blockchain Protocol diff --git a/abci/client/socket_client_test.go b/abci/client/socket_client_test.go index 82114e002..d61d729e1 100644 --- a/abci/client/socket_client_test.go +++ b/abci/client/socket_client_test.go @@ -6,13 +6,14 @@ import ( "testing" "time" + "math/rand" + "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" abcicli "github.com/tendermint/tendermint/abci/client" "github.com/tendermint/tendermint/abci/server" "github.com/tendermint/tendermint/abci/types" - tmrand "github.com/tendermint/tendermint/libs/rand" "github.com/tendermint/tendermint/libs/service" ) @@ -101,7 +102,7 @@ func TestHangingSyncCalls(t *testing.T) { func setupClientServer(t *testing.T, app types.Application) ( service.Service, abcicli.Client) { // some port between 20k and 30k - port := 20000 + tmrand.Int32()%10000 + port := 20000 + rand.Int31()%10000 addr := fmt.Sprintf("localhost:%d", port) s, err := server.NewServer(addr, "socket", app) diff --git a/abci/example/kvstore/helpers.go b/abci/example/kvstore/helpers.go index e59fee279..38bb42ea8 100644 --- a/abci/example/kvstore/helpers.go +++ b/abci/example/kvstore/helpers.go @@ -1,6 +1,8 @@ package kvstore import ( + mrand "math/rand" + "github.com/tendermint/tendermint/abci/types" tmrand "github.com/tendermint/tendermint/libs/rand" ) @@ -9,7 +11,8 @@ import ( // from the input value func RandVal(i int) types.ValidatorUpdate { pubkey := tmrand.Bytes(32) - power := tmrand.Uint16() + 1 + // Random value between [0, 2^16 - 1] + power := mrand.Uint32() & (1<<16 - 1) // nolint:gosec // G404: Use of weak random number generator v := types.UpdateValidator(pubkey, int64(power), "") return v } diff --git a/abci/tests/server/client.go b/abci/tests/server/client.go index 7b594da92..10d4a3e58 100644 --- a/abci/tests/server/client.go +++ b/abci/tests/server/client.go @@ -5,6 +5,7 @@ import ( "context" "errors" "fmt" + mrand "math/rand" abcicli "github.com/tendermint/tendermint/abci/client" "github.com/tendermint/tendermint/abci/types" @@ -18,7 +19,8 @@ func InitChain(client abcicli.Client) error { vals := make([]types.ValidatorUpdate, total) for i := 0; i < total; i++ { pubkey := tmrand.Bytes(33) - power := tmrand.Int() + // nolint:gosec // G404: Use of weak random number generator + power := mrand.Int() vals[i] = types.UpdateValidator(pubkey, int64(power), "") } _, err := client.InitChainSync(ctx, types.RequestInitChain{ diff --git a/blockchain/v0/pool_test.go b/blockchain/v0/pool_test.go index d02df0326..40780710a 100644 --- a/blockchain/v0/pool_test.go +++ b/blockchain/v0/pool_test.go @@ -2,6 +2,7 @@ package v0 import ( "fmt" + mrand "math/rand" "testing" "time" @@ -67,7 +68,7 @@ func makePeers(numPeers int, minHeight, maxHeight int64) testPeers { peers := make(testPeers, numPeers) for i := 0; i < numPeers; i++ { peerID := p2p.NodeID(tmrand.Str(12)) - height := minHeight + tmrand.Int63n(maxHeight-minHeight) + height := minHeight + mrand.Int63n(maxHeight-minHeight) base := minHeight + int64(i) if base > height { base = height diff --git a/consensus/wal_generator.go b/consensus/wal_generator.go index bbb31f5ad..b217e4e5b 100644 --- a/consensus/wal_generator.go +++ b/consensus/wal_generator.go @@ -5,6 +5,7 @@ import ( "bytes" "fmt" "io" + mrand "math/rand" "path/filepath" "testing" "time" @@ -15,7 +16,6 @@ import ( "github.com/tendermint/tendermint/abci/example/kvstore" cfg "github.com/tendermint/tendermint/config" "github.com/tendermint/tendermint/libs/log" - tmrand "github.com/tendermint/tendermint/libs/rand" "github.com/tendermint/tendermint/privval" "github.com/tendermint/tendermint/proxy" sm "github.com/tendermint/tendermint/state" @@ -140,7 +140,8 @@ func WALWithNBlocks(t *testing.T, numBlocks int) (data []byte, err error) { func randPort() int { // returns between base and base + spread base, spread := 20000, 20000 - return base + tmrand.Intn(spread) + // nolint:gosec // G404: Use of weak random number generator + return base + mrand.Intn(spread) } func makeAddrs() (string, string, string) { diff --git a/libs/bits/bit_array.go b/libs/bits/bit_array.go index 3ebad38ce..b78fafddd 100644 --- a/libs/bits/bit_array.go +++ b/libs/bits/bit_array.go @@ -5,6 +5,7 @@ import ( "errors" "fmt" "math" + mrand "math/rand" "regexp" "strings" "sync" @@ -24,6 +25,8 @@ type BitArray struct { // NewBitArray returns a new bit array. // It returns nil if the number of bits is zero. func NewBitArray(bits int) *BitArray { + // Reseed non-deterministically. + tmrand.Reseed() if bits <= 0 { return nil } @@ -242,7 +245,7 @@ func (bA *BitArray) IsFull() bool { // PickRandom returns a random index for a set bit in the bit array. // If there is no such value, it returns 0, false. -// It uses the global randomness in `random.go` to get this index. +// It uses math/rand's global randomness Source to get this index. func (bA *BitArray) PickRandom() (int, bool) { if bA == nil { return 0, false @@ -255,8 +258,8 @@ func (bA *BitArray) PickRandom() (int, bool) { if len(trueIndices) == 0 { // no bits set to true return 0, false } - - return trueIndices[tmrand.Intn(len(trueIndices))], true + // nolint:gosec // G404: Use of weak random number generator + return trueIndices[mrand.Intn(len(trueIndices))], true } func (bA *BitArray) getTrueIndices() []int { diff --git a/libs/clist/clist_test.go b/libs/clist/clist_test.go index d10a1e5ae..aa5142a38 100644 --- a/libs/clist/clist_test.go +++ b/libs/clist/clist_test.go @@ -2,14 +2,13 @@ package clist import ( "fmt" + mrand "math/rand" "runtime" "sync/atomic" "testing" "time" "github.com/stretchr/testify/assert" - - tmrand "github.com/tendermint/tendermint/libs/rand" ) func TestPanicOnMaxLength(t *testing.T) { @@ -148,7 +147,7 @@ func _TestGCRandom(t *testing.T) { els = append(els, el) } - for _, i := range tmrand.Perm(numElements) { + for _, i := range mrand.Perm(numElements) { el := els[i] l.Remove(el) _ = el.Next() @@ -206,7 +205,7 @@ func TestScanRightDeleteRandom(t *testing.T) { // Remove an element, push back an element. for i := 0; i < numTimes; i++ { // Pick an element to remove - rmElIdx := tmrand.Intn(len(els)) + rmElIdx := mrand.Intn(len(els)) rmEl := els[rmElIdx] // Remove it @@ -260,7 +259,7 @@ func TestWaitChan(t *testing.T) { for i := 1; i < 100; i++ { l.PushBack(i) pushed++ - time.Sleep(time.Duration(tmrand.Intn(25)) * time.Millisecond) + time.Sleep(time.Duration(mrand.Intn(25)) * time.Millisecond) } // apply a deterministic pause so the counter has time to catch up time.Sleep(25 * time.Millisecond) diff --git a/libs/rand/random.go b/libs/rand/random.go index 41d04a440..ee400e195 100644 --- a/libs/rand/random.go +++ b/libs/rand/random.go @@ -2,161 +2,57 @@ package rand import ( crand "crypto/rand" + "encoding/binary" + "fmt" mrand "math/rand" - "time" - - tmsync "github.com/tendermint/tendermint/libs/sync" ) const ( strChars = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" // 62 characters ) -// Rand is a prng, that is seeded with OS randomness. -// The OS randomness is obtained from crypto/rand, however none of the provided -// methods are suitable for cryptographic usage. -// They all utilize math/rand's prng internally. -// -// All of the methods here are suitable for concurrent use. -// This is achieved by using a mutex lock on all of the provided methods. -type Rand struct { - tmsync.Mutex - rand *mrand.Rand -} - -var grand *Rand - func init() { - grand = NewRand() - grand.init() -} - -func NewRand() *Rand { - rand := &Rand{} - rand.init() - return rand + Reseed() } -func (r *Rand) init() { - bz := cRandBytes(8) - var seed uint64 - for i := 0; i < 8; i++ { - seed |= uint64(bz[i]) - seed <<= 8 - } - r.reset(int64(seed)) -} - -func (r *Rand) reset(seed int64) { - r.rand = mrand.New(mrand.NewSource(seed)) // nolint:gosec // G404: Use of weak random number generator +// NewRand returns a prng, that is seeded with OS randomness. +// The OS randomness is obtained from crypto/rand, however, like with any math/rand.Rand +// object none of the provided methods are suitable for cryptographic usage. +// +// Note that the returned instance of math/rand's Rand is not +// suitable for concurrent use by multiple goroutines. +// +// For concurrent use, call Reseed to reseed math/rand's default source and +// use math/rand's top-level convenience functions instead. +func NewRand() *mrand.Rand { + seed := crandSeed() + // nolint:gosec // G404: Use of weak random number generator + return mrand.New(mrand.NewSource(seed)) } -//---------------------------------------- -// Global functions - -func Seed(seed int64) { - grand.Seed(seed) +// Reseed conveniently re-seeds the default Source of math/rand with +// randomness obtained from crypto/rand. +// +// Note that this does not make math/rand suitable for cryptographic usage. +// +// Use math/rand's top-level convenience functions remain suitable +// for concurrent use by multiple goroutines. +func Reseed() { + seed := crandSeed() + mrand.Seed(seed) } +// Str constructs a random alphanumeric string of given length +// from math/rand's global default Source. func Str(length int) string { - return grand.Str(length) -} - -func Uint16() uint16 { - return grand.Uint16() -} - -func Uint32() uint32 { - return grand.Uint32() -} - -func Uint64() uint64 { - return grand.Uint64() -} - -func Uint() uint { - return grand.Uint() -} - -func Int16() int16 { - return grand.Int16() -} - -func Int32() int32 { - return grand.Int32() -} - -func Int64() int64 { - return grand.Int64() -} - -func Int() int { - return grand.Int() -} - -func Int31() int32 { - return grand.Int31() -} - -func Int31n(n int32) int32 { - return grand.Int31n(n) -} - -func Int63() int64 { - return grand.Int63() -} - -func Int63n(n int64) int64 { - return grand.Int63n(n) -} - -func Bool() bool { - return grand.Bool() -} - -func Float32() float32 { - return grand.Float32() -} - -func Float64() float64 { - return grand.Float64() -} - -func Time() time.Time { - return grand.Time() -} - -func Bytes(n int) []byte { - return grand.Bytes(n) -} - -func Intn(n int) int { - return grand.Intn(n) -} - -func Perm(n int) []int { - return grand.Perm(n) -} - -//---------------------------------------- -// Rand methods - -func (r *Rand) Seed(seed int64) { - r.Lock() - r.reset(seed) - r.Unlock() -} - -// Str constructs a random alphanumeric string of given length. -func (r *Rand) Str(length int) string { if length <= 0 { return "" } - chars := []byte{} -MAIN_LOOP: + chars := make([]byte, 0, length) for { - val := r.Int63() + // nolint:gosec // G404: Use of weak random number generator + val := mrand.Int63() for i := 0; i < 10; i++ { v := int(val & 0x3f) // rightmost 6 bits if v >= 62 { // only 62 characters in strChars @@ -165,147 +61,29 @@ MAIN_LOOP: } else { chars = append(chars, strChars[v]) if len(chars) == length { - break MAIN_LOOP + return string(chars) } val >>= 6 } } } - - return string(chars) -} - -func (r *Rand) Uint16() uint16 { - return uint16(r.Uint32() & (1<<16 - 1)) -} - -func (r *Rand) Uint32() uint32 { - r.Lock() - u32 := r.rand.Uint32() - r.Unlock() - return u32 -} - -func (r *Rand) Uint64() uint64 { - return uint64(r.Uint32())<<32 + uint64(r.Uint32()) -} - -func (r *Rand) Uint() uint { - r.Lock() - i := r.rand.Int() - r.Unlock() - return uint(i) -} - -func (r *Rand) Int16() int16 { - return int16(r.Uint32() & (1<<16 - 1)) -} - -func (r *Rand) Int32() int32 { - return int32(r.Uint32()) -} - -func (r *Rand) Int64() int64 { - return int64(r.Uint64()) -} - -func (r *Rand) Int() int { - r.Lock() - i := r.rand.Int() - r.Unlock() - return i -} - -func (r *Rand) Int31() int32 { - r.Lock() - i31 := r.rand.Int31() - r.Unlock() - return i31 -} - -func (r *Rand) Int31n(n int32) int32 { - r.Lock() - i31n := r.rand.Int31n(n) - r.Unlock() - return i31n -} - -func (r *Rand) Int63() int64 { - r.Lock() - i63 := r.rand.Int63() - r.Unlock() - return i63 -} - -func (r *Rand) Int63n(n int64) int64 { - r.Lock() - i63n := r.rand.Int63n(n) - r.Unlock() - return i63n -} - -func (r *Rand) Float32() float32 { - r.Lock() - f32 := r.rand.Float32() - r.Unlock() - return f32 -} - -func (r *Rand) Float64() float64 { - r.Lock() - f64 := r.rand.Float64() - r.Unlock() - return f64 } -func (r *Rand) Time() time.Time { - return time.Unix(int64(r.Uint64()), 0) -} - -// Bytes returns n random bytes generated from the internal -// prng. -func (r *Rand) Bytes(n int) []byte { - // cRandBytes isn't guaranteed to be fast so instead - // use random bytes generated from the internal PRNG +// Bytes returns n random bytes generated from math/rand's global default Source. +func Bytes(n int) []byte { bs := make([]byte, n) for i := 0; i < len(bs); i++ { - bs[i] = byte(r.Int() & 0xFF) + // nolint:gosec // G404: Use of weak random number generator + bs[i] = byte(mrand.Int() & 0xFF) } return bs } -// Intn returns, as an int, a uniform pseudo-random number in the range [0, n). -// It panics if n <= 0. -func (r *Rand) Intn(n int) int { - r.Lock() - i := r.rand.Intn(n) - r.Unlock() - return i -} - -// Bool returns a uniformly random boolean -func (r *Rand) Bool() bool { - // See https://github.com/golang/go/issues/23804#issuecomment-365370418 - // for reasoning behind computing like this - return r.Int63()%2 == 0 -} - -// Perm returns a pseudo-random permutation of n integers in [0, n). -func (r *Rand) Perm(n int) []int { - r.Lock() - perm := r.rand.Perm(n) - r.Unlock() - return perm -} - -// NOTE: This relies on the os's random number generator. -// For real security, we should salt that with some seed. -// See github.com/tendermint/tendermint/crypto for a more secure reader. -func cRandBytes(numBytes int) []byte { - b := make([]byte, numBytes) - _, err := crand.Read(b) +func crandSeed() int64 { + var seed int64 + err := binary.Read(crand.Reader, binary.BigEndian, &seed) if err != nil { - panic(err) + panic(fmt.Sprintf("could nor read random seed from crypto/rand: %v", err)) } - return b + return seed } diff --git a/libs/rand/random_test.go b/libs/rand/random_test.go index e669f250f..6dfb6b441 100644 --- a/libs/rand/random_test.go +++ b/libs/rand/random_test.go @@ -1,13 +1,7 @@ package rand import ( - "bytes" - "encoding/json" - "fmt" - mrand "math/rand" - "sync" "testing" - "time" "github.com/stretchr/testify/assert" ) @@ -24,71 +18,6 @@ func TestRandBytes(t *testing.T) { assert.Equal(t, l, len(b)) } -func TestRandIntn(t *testing.T) { - n := 243 - for i := 0; i < 100; i++ { - x := Intn(n) - assert.True(t, x < n) - } -} - -// Test to make sure that we never call math.rand(). -// We do this by ensuring that outputs are deterministic. -func TestDeterminism(t *testing.T) { - var firstOutput string - - // Set math/rand's seed for the sake of debugging this test. - // (It isn't strictly necessary). - mrand.Seed(1) - - for i := 0; i < 100; i++ { - output := testThemAll() - if i == 0 { - firstOutput = output - } else if firstOutput != output { - t.Errorf("run #%d's output was different from first run.\nfirst: %v\nlast: %v", - i, firstOutput, output) - } - } -} - -func testThemAll() string { - - // Such determinism. - grand.reset(1) - - // Use it. - out := new(bytes.Buffer) - perm := Perm(10) - blob, _ := json.Marshal(perm) - fmt.Fprintf(out, "perm: %s\n", blob) - fmt.Fprintf(out, "randInt: %d\n", Int()) - fmt.Fprintf(out, "randUint: %d\n", Uint()) - fmt.Fprintf(out, "randIntn: %d\n", Intn(97)) - fmt.Fprintf(out, "randInt31: %d\n", Int31()) - fmt.Fprintf(out, "randInt32: %d\n", Int32()) - fmt.Fprintf(out, "randInt63: %d\n", Int63()) - fmt.Fprintf(out, "randInt64: %d\n", Int64()) - fmt.Fprintf(out, "randUint32: %d\n", Uint32()) - fmt.Fprintf(out, "randUint64: %d\n", Uint64()) - return out.String() -} - -func TestRngConcurrencySafety(t *testing.T) { - var wg sync.WaitGroup - for i := 0; i < 100; i++ { - wg.Add(1) - go func() { - defer wg.Done() - - _ = Uint64() - <-time.After(time.Millisecond * time.Duration(Intn(100))) - _ = Perm(3) - }() - } - wg.Wait() -} - func BenchmarkRandBytes10B(b *testing.B) { benchmarkRandBytes(b, 10) } diff --git a/libs/tempfile/tempfile_test.go b/libs/tempfile/tempfile_test.go index 9d07f806b..5650fe720 100644 --- a/libs/tempfile/tempfile_test.go +++ b/libs/tempfile/tempfile_test.go @@ -6,6 +6,7 @@ import ( "bytes" "fmt" "io/ioutil" + mrand "math/rand" "os" testing "testing" @@ -16,8 +17,8 @@ import ( func TestWriteFileAtomic(t *testing.T) { var ( - data = []byte(tmrand.Str(tmrand.Intn(2048))) - old = tmrand.Bytes(tmrand.Intn(2048)) + data = []byte(tmrand.Str(mrand.Intn(2048))) + old = tmrand.Bytes(mrand.Intn(2048)) perm os.FileMode = 0600 ) diff --git a/libs/test/mutate.go b/libs/test/mutate.go index f90600f5a..94920cad5 100644 --- a/libs/test/mutate.go +++ b/libs/test/mutate.go @@ -1,7 +1,8 @@ +// nolint:gosec // G404: Use of weak random number generator package test import ( - tmrand "github.com/tendermint/tendermint/libs/rand" + mrand "math/rand" ) // Contract: !bytes.Equal(input, output) && len(input) >= len(output) @@ -17,11 +18,11 @@ func MutateByteSlice(bytez []byte) []byte { bytez = mBytez // Try a random mutation - switch tmrand.Int() % 2 { + switch mrand.Int() % 2 { case 0: // Mutate a single byte - bytez[tmrand.Int()%len(bytez)] += byte(tmrand.Int()%255 + 1) + bytez[mrand.Int()%len(bytez)] += byte(mrand.Int()%255 + 1) case 1: // Remove an arbitrary byte - pos := tmrand.Int() % len(bytez) + pos := mrand.Int() % len(bytez) bytez = append(bytez[:pos], bytez[pos+1:]...) } return bytez diff --git a/p2p/conn/secret_connection_test.go b/p2p/conn/secret_connection_test.go index d70b8a902..62587c0da 100644 --- a/p2p/conn/secret_connection_test.go +++ b/p2p/conn/secret_connection_test.go @@ -8,6 +8,7 @@ import ( "io" "io/ioutil" "log" + mrand "math/rand" "os" "path/filepath" "strconv" @@ -114,8 +115,8 @@ func TestSecretConnectionReadWrite(t *testing.T) { // Pre-generate the things to write (for foo & bar) for i := 0; i < 100; i++ { - fooWrites = append(fooWrites, tmrand.Str((tmrand.Int()%(dataMaxSize*5))+1)) - barWrites = append(barWrites, tmrand.Str((tmrand.Int()%(dataMaxSize*5))+1)) + fooWrites = append(fooWrites, tmrand.Str((mrand.Int()%(dataMaxSize*5))+1)) + barWrites = append(barWrites, tmrand.Str((mrand.Int()%(dataMaxSize*5))+1)) } // A helper that will run with (fooConn, fooWrites, fooReads) and vice versa @@ -312,7 +313,7 @@ func createGoldenTestVectors(t *testing.T) string { randSecret := new([32]byte) copy((*randSecret)[:], randSecretVector) data += hex.EncodeToString((*randSecret)[:]) + "," - locIsLeast := tmrand.Bool() + locIsLeast := mrand.Int63()%2 == 0 data += strconv.FormatBool(locIsLeast) + "," recvSecret, sendSecret := deriveSecrets(randSecret, locIsLeast) data += hex.EncodeToString((*recvSecret)[:]) + "," @@ -412,7 +413,7 @@ func BenchmarkWriteSecretConnection(b *testing.B) { b.StartTimer() for i := 0; i < b.N; i++ { - idx := tmrand.Intn(len(fooWriteBytes)) + idx := mrand.Intn(len(fooWriteBytes)) _, err := fooSecConn.Write(fooWriteBytes[idx]) if err != nil { b.Errorf("failed to write to fooSecConn: %v", err) @@ -446,7 +447,7 @@ func BenchmarkReadSecretConnection(b *testing.B) { } go func() { for i := 0; i < b.N; i++ { - idx := tmrand.Intn(len(fooWriteBytes)) + idx := mrand.Intn(len(fooWriteBytes)) _, err := fooSecConn.Write(fooWriteBytes[idx]) if err != nil { b.Errorf("failed to write to fooSecConn: %v, %v,%v", err, i, b.N) diff --git a/p2p/pex/addrbook.go b/p2p/pex/addrbook.go index f9faabc09..fa4d0094f 100644 --- a/p2p/pex/addrbook.go +++ b/p2p/pex/addrbook.go @@ -9,13 +9,12 @@ import ( "encoding/binary" "fmt" "math" - "math/rand" + mrand "math/rand" "net" "sync" "time" "github.com/minio/highwayhash" - "github.com/tendermint/tendermint/crypto" tmmath "github.com/tendermint/tendermint/libs/math" tmrand "github.com/tendermint/tendermint/libs/rand" @@ -89,7 +88,6 @@ type addrBook struct { // accessed concurrently mtx tmsync.Mutex - rand *tmrand.Rand ourAddrs map[string]struct{} privateIDs map[p2p.NodeID]struct{} addrLookup map[p2p.NodeID]*knownAddress // new & old @@ -118,7 +116,6 @@ func newHashKey() []byte { // Use Start to begin processing asynchronous address updates. func NewAddrBook(filePath string, routabilityStrict bool) AddrBook { am := &addrBook{ - rand: tmrand.NewRand(), ourAddrs: make(map[string]struct{}), privateIDs: make(map[p2p.NodeID]struct{}), addrLookup: make(map[p2p.NodeID]*knownAddress), @@ -268,6 +265,7 @@ func (a *addrBook) Empty() bool { // and determines how biased we are to pick an address from a new bucket. // PickAddress returns nil if the AddrBook is empty or if we try to pick // from an empty bucket. +// nolint:gosec // G404: Use of weak random number generator func (a *addrBook) PickAddress(biasTowardsNewAddrs int) *p2p.NetAddress { a.mtx.Lock() defer a.mtx.Unlock() @@ -292,7 +290,7 @@ func (a *addrBook) PickAddress(biasTowardsNewAddrs int) *p2p.NetAddress { // pick a random peer from a random bucket var bucket map[string]*knownAddress - pickFromOldBucket := (newCorrelation+oldCorrelation)*a.rand.Float64() < oldCorrelation + pickFromOldBucket := (newCorrelation+oldCorrelation)*mrand.Float64() < oldCorrelation if (pickFromOldBucket && a.nOld == 0) || (!pickFromOldBucket && a.nNew == 0) { return nil @@ -300,13 +298,13 @@ func (a *addrBook) PickAddress(biasTowardsNewAddrs int) *p2p.NetAddress { // loop until we pick a random non-empty bucket for len(bucket) == 0 { if pickFromOldBucket { - bucket = a.bucketsOld[a.rand.Intn(len(a.bucketsOld))] + bucket = a.bucketsOld[mrand.Intn(len(a.bucketsOld))] } else { - bucket = a.bucketsNew[a.rand.Intn(len(a.bucketsNew))] + bucket = a.bucketsNew[mrand.Intn(len(a.bucketsNew))] } } // pick a random index and loop over the map to return that index - randIndex := a.rand.Intn(len(bucket)) + randIndex := mrand.Intn(len(bucket)) for _, ka := range bucket { if randIndex == 0 { return ka.Addr @@ -417,7 +415,8 @@ func (a *addrBook) GetSelection() []*p2p.NetAddress { // `numAddresses' since we are throwing the rest. for i := 0; i < numAddresses; i++ { // pick a number between current index and the end - j := tmrand.Intn(len(allAddr)-i) + i + // nolint:gosec // G404: Use of weak random number generator + j := mrand.Intn(len(allAddr)-i) + i allAddr[i], allAddr[j] = allAddr[j], allAddr[i] } @@ -681,7 +680,8 @@ func (a *addrBook) addAddress(addr, src *p2p.NetAddress) error { } // The more entries we have, the less likely we are to add more. factor := int32(2 * len(ka.Buckets)) - if a.rand.Int31n(factor) != 0 { + // nolint:gosec // G404: Use of weak random number generator + if mrand.Int31n(factor) != 0 { return nil } } else { @@ -717,6 +717,7 @@ func (a *addrBook) randomPickAddresses(bucketType byte, num int) []*p2p.NetAddre } selection := make([]*p2p.NetAddress, 0, num) chosenSet := make(map[string]bool, num) + rand := tmrand.NewRand() rand.Shuffle(total, func(i, j int) { addresses[i], addresses[j] = addresses[j], addresses[i] }) diff --git a/p2p/pex/addrbook_test.go b/p2p/pex/addrbook_test.go index 349df9f13..f274feff2 100644 --- a/p2p/pex/addrbook_test.go +++ b/p2p/pex/addrbook_test.go @@ -5,6 +5,7 @@ import ( "fmt" "io/ioutil" "math" + mrand "math/rand" "net" "os" "testing" @@ -187,12 +188,12 @@ func randNetAddressPairs(t *testing.T, n int) []netAddressPair { func randIPv4Address(t *testing.T) *p2p.NetAddress { for { ip := fmt.Sprintf("%v.%v.%v.%v", - tmrand.Intn(254)+1, - tmrand.Intn(255), - tmrand.Intn(255), - tmrand.Intn(255), + mrand.Intn(254)+1, + mrand.Intn(255), + mrand.Intn(255), + mrand.Intn(255), ) - port := tmrand.Intn(65535-1) + 1 + port := mrand.Intn(65535-1) + 1 id := p2p.NodeID(hex.EncodeToString(tmrand.Bytes(p2p.NodeIDByteLength))) idAddr := p2p.IDAddressString(id, fmt.Sprintf("%v:%v", ip, port)) addr, err := p2p.NewNetAddressString(idAddr) @@ -554,7 +555,7 @@ func TestMultipleAddrBookAddressSelection(t *testing.T) { ranges := [...][]int{{33, 100}, {100, 175}} bookSizes := make([]int, 0, len(ranges)) for _, r := range ranges { - bookSizes = append(bookSizes, tmrand.Intn(r[1]-r[0])+r[0]) + bookSizes = append(bookSizes, mrand.Intn(r[1]-r[0])+r[0]) } t.Logf("Testing address selection for the following book sizes %v\n", bookSizes) for _, bookSize := range bookSizes { diff --git a/p2p/pex/pex_reactor.go b/p2p/pex/pex_reactor.go index 5ea75c96c..e821ce789 100644 --- a/p2p/pex/pex_reactor.go +++ b/p2p/pex/pex_reactor.go @@ -525,7 +525,8 @@ func (r *Reactor) ensurePeers() { peers := r.Switch.Peers().List() peersCount := len(peers) if peersCount > 0 { - peer := peers[tmrand.Int()%peersCount] + rand := tmrand.NewRand() + peer := peers[rand.Int()%peersCount] r.Logger.Info("We need more addresses. Sending pexRequest to random peer", "peer", peer) r.RequestAddrs(peer) } @@ -558,7 +559,8 @@ func (r *Reactor) dialPeer(addr *p2p.NetAddress) error { // exponential backoff if it's not our first attempt to dial given address if attempts > 0 { - jitter := time.Duration(tmrand.Float64() * float64(time.Second)) // 1s == (1e9 ns) + rand := tmrand.NewRand() + jitter := time.Duration(rand.Float64() * float64(time.Second)) // 1s == (1e9 ns) backoffDuration := jitter + ((1 << uint(attempts)) * time.Second) backoffDuration = r.maxBackoffDurationForPeer(addr, backoffDuration) sinceLastDialed := time.Since(lastDialed) @@ -624,7 +626,8 @@ func (r *Reactor) checkSeeds() (numOnline int, netAddrs []*p2p.NetAddress, err e // randomly dial seeds until we connect to one or exhaust them func (r *Reactor) dialSeeds() { - perm := tmrand.Perm(len(r.seedAddrs)) + rand := tmrand.NewRand() + perm := rand.Perm(len(r.seedAddrs)) // perm := r.Switch.rng.Perm(lSeeds) for _, i := range perm { // dial a random seed diff --git a/p2p/switch.go b/p2p/switch.go index ba4b29f2b..0a4ae1237 100644 --- a/p2p/switch.go +++ b/p2p/switch.go @@ -5,6 +5,7 @@ import ( "fmt" "io" "math" + mrand "math/rand" "net" "sync" "time" @@ -12,7 +13,7 @@ import ( "github.com/tendermint/tendermint/config" "github.com/tendermint/tendermint/crypto" "github.com/tendermint/tendermint/libs/cmap" - "github.com/tendermint/tendermint/libs/rand" + tmrand "github.com/tendermint/tendermint/libs/rand" "github.com/tendermint/tendermint/libs/service" "github.com/tendermint/tendermint/p2p/conn" ) @@ -115,8 +116,6 @@ type Switch struct { connFilters []ConnFilterFunc conns ConnSet - rng *rand.Rand // seed for randomizing dial times and orders - metrics *Metrics } @@ -159,8 +158,8 @@ func NewSwitch( conns: NewConnSet(), } - // Ensure we have a completely undeterministic PRNG. - sw.rng = rand.NewRand() + // Ensure PRNG is reseeded. + tmrand.Reseed() sw.BaseService = *service.NewBaseService(nil, "P2P Switch", sw) @@ -554,7 +553,7 @@ func (sw *Switch) dialPeersAsync(netAddrs []*NetAddress) { } // permute the list, dial them in random order. - perm := sw.rng.Perm(len(netAddrs)) + perm := mrand.Perm(len(netAddrs)) for i := 0; i < len(perm); i++ { go func(i int) { j := perm[i] @@ -597,7 +596,8 @@ func (sw *Switch) DialPeerWithAddress(addr *NetAddress) error { // sleep for interval plus some random amount of ms on [0, dialRandomizerIntervalMilliseconds] func (sw *Switch) randomSleep(interval time.Duration) { - r := time.Duration(sw.rng.Int63n(dialRandomizerIntervalMilliseconds)) * time.Millisecond + // nolint:gosec // G404: Use of weak random number generator + r := time.Duration(mrand.Int63n(dialRandomizerIntervalMilliseconds)) * time.Millisecond time.Sleep(r + interval) } diff --git a/p2p/test_util.go b/p2p/test_util.go index 83e1d9a42..5b2861e50 100644 --- a/p2p/test_util.go +++ b/p2p/test_util.go @@ -3,6 +3,7 @@ package p2p import ( "context" "fmt" + mrand "math/rand" "net" "github.com/tendermint/tendermint/libs/log" @@ -35,15 +36,16 @@ func CreateRandomPeer(outbound bool) Peer { return p } +// nolint:gosec // G404: Use of weak random number generator func CreateRoutableAddr() (addr string, netAddr *NetAddress) { for { var err error addr = fmt.Sprintf("%X@%v.%v.%v.%v:26656", tmrand.Bytes(20), - tmrand.Int()%256, - tmrand.Int()%256, - tmrand.Int()%256, - tmrand.Int()%256) + mrand.Int()%256, + mrand.Int()%256, + mrand.Int()%256, + mrand.Int()%256) netAddr, err = NewNetAddressString(addr) if err != nil { panic(err) diff --git a/rpc/jsonrpc/client/ws_client.go b/rpc/jsonrpc/client/ws_client.go index f28f1bee6..c93426110 100644 --- a/rpc/jsonrpc/client/ws_client.go +++ b/rpc/jsonrpc/client/ws_client.go @@ -4,6 +4,7 @@ import ( "context" "encoding/json" "fmt" + mrand "math/rand" "net" "net/http" "sync" @@ -12,7 +13,6 @@ import ( "github.com/gorilla/websocket" metrics "github.com/rcrowley/go-metrics" - tmrand "github.com/tendermint/tendermint/libs/rand" "github.com/tendermint/tendermint/libs/service" tmsync "github.com/tendermint/tendermint/libs/sync" types "github.com/tendermint/tendermint/rpc/jsonrpc/types" @@ -266,7 +266,8 @@ func (c *WSClient) reconnect() error { }() for { - jitter := time.Duration(tmrand.Float64() * float64(time.Second)) // 1s == (1e9 ns) + // nolint:gosec // G404: Use of weak random number generator + jitter := time.Duration(mrand.Float64() * float64(time.Second)) // 1s == (1e9 ns) backoffDuration := jitter + ((1 << attempt) * time.Second) c.Logger.Info("reconnecting", "attempt", attempt+1, "backoff_duration", backoffDuration) diff --git a/rpc/jsonrpc/jsonrpc_test.go b/rpc/jsonrpc/jsonrpc_test.go index c06f13b7e..405610c3d 100644 --- a/rpc/jsonrpc/jsonrpc_test.go +++ b/rpc/jsonrpc/jsonrpc_test.go @@ -6,6 +6,7 @@ import ( crand "crypto/rand" "encoding/json" "fmt" + mrand "math/rand" "net/http" "os" "os/exec" @@ -18,8 +19,6 @@ import ( tmbytes "github.com/tendermint/tendermint/libs/bytes" "github.com/tendermint/tendermint/libs/log" - tmrand "github.com/tendermint/tendermint/libs/rand" - client "github.com/tendermint/tendermint/rpc/jsonrpc/client" server "github.com/tendermint/tendermint/rpc/jsonrpc/server" types "github.com/tendermint/tendermint/rpc/jsonrpc/types" @@ -215,7 +214,7 @@ func testWithHTTPClient(t *testing.T, cl client.HTTPClient) { require.Nil(t, err) assert.Equal(t, got3, val3) - val4 := tmrand.Intn(10000) + val4 := mrand.Intn(10000) got4, err := echoIntViaHTTP(cl, val4) require.Nil(t, err) assert.Equal(t, got4, val4) @@ -400,7 +399,7 @@ func TestWSClientPingPong(t *testing.T) { } func randBytes(t *testing.T) []byte { - n := tmrand.Intn(10) + 2 + n := mrand.Intn(10) + 2 buf := make([]byte, n) _, err := crand.Read(buf) require.Nil(t, err) diff --git a/state/state_test.go b/state/state_test.go index 483392b94..7806e281d 100644 --- a/state/state_test.go +++ b/state/state_test.go @@ -6,6 +6,7 @@ import ( "fmt" "math" "math/big" + mrand "math/rand" "os" "testing" @@ -18,7 +19,6 @@ import ( cfg "github.com/tendermint/tendermint/config" "github.com/tendermint/tendermint/crypto/ed25519" cryptoenc "github.com/tendermint/tendermint/crypto/encoding" - tmrand "github.com/tendermint/tendermint/libs/rand" tmstate "github.com/tendermint/tendermint/proto/tendermint/state" sm "github.com/tendermint/tendermint/state" "github.com/tendermint/tendermint/types" @@ -356,18 +356,18 @@ func TestProposerFrequency(t *testing.T) { maxPower := 1000 nTestCases := 5 for i := 0; i < nTestCases; i++ { - N := tmrand.Int()%maxVals + 1 + N := mrand.Int()%maxVals + 1 vals := make([]*types.Validator, N) totalVotePower := int64(0) for j := 0; j < N; j++ { // make sure votePower > 0 - votePower := int64(tmrand.Int()%maxPower) + 1 + votePower := int64(mrand.Int()%maxPower) + 1 totalVotePower += votePower privVal := types.NewMockPV() pubKey, err := privVal.GetPubKey(context.Background()) require.NoError(t, err) val := types.NewValidator(pubKey, votePower) - val.ProposerPriority = tmrand.Int64() + val.ProposerPriority = mrand.Int63() vals[j] = val } valSet := types.NewValidatorSet(vals) @@ -384,7 +384,7 @@ func genValSetWithPowers(powers []int64) *types.ValidatorSet { for i := 0; i < size; i++ { totalVotePower += powers[i] val := types.NewValidator(ed25519.GenPrivKey().PubKey(), powers[i]) - val.ProposerPriority = tmrand.Int64() + val.ProposerPriority = mrand.Int63() vals[i] = val } valSet := types.NewValidatorSet(vals) diff --git a/types/block_test.go b/types/block_test.go index ab546e53b..617fefb0f 100644 --- a/types/block_test.go +++ b/types/block_test.go @@ -7,6 +7,7 @@ import ( "crypto/rand" "encoding/hex" "math" + mrand "math/rand" "os" "reflect" "testing" @@ -643,7 +644,7 @@ func TestBlockIDValidateBasic(t *testing.T) { } func TestBlockProtoBuf(t *testing.T) { - h := tmrand.Int63() + h := mrand.Int63() c1 := randCommit(time.Now()) b1 := MakeBlock(h, []Tx{Tx([]byte{1})}, &Commit{Signatures: []CommitSig{}}, []Evidence{}) b1.ProposerAddress = tmrand.Bytes(crypto.AddressSize) @@ -751,7 +752,7 @@ func TestEvidenceDataProtoBuf(t *testing.T) { func makeRandHeader() Header { chainID := "test" t := time.Now() - height := tmrand.Int63() + height := mrand.Int63() randBytes := tmrand.Bytes(tmhash.Size) randAddress := tmrand.Bytes(crypto.AddressSize) h := Header{ diff --git a/types/event_bus_test.go b/types/event_bus_test.go index 7759d29a6..0578396e2 100644 --- a/types/event_bus_test.go +++ b/types/event_bus_test.go @@ -3,7 +3,7 @@ package types import ( "context" "fmt" - "math/rand" + mrand "math/rand" "testing" "time" @@ -13,7 +13,6 @@ import ( abci "github.com/tendermint/tendermint/abci/types" tmpubsub "github.com/tendermint/tendermint/libs/pubsub" tmquery "github.com/tendermint/tendermint/libs/pubsub/query" - tmrand "github.com/tendermint/tendermint/libs/rand" ) func TestEventBusPublishEventTx(t *testing.T) { @@ -410,7 +409,7 @@ func BenchmarkEventBus(b *testing.B) { func benchmarkEventBus(numClients int, randQueries bool, randEvents bool, b *testing.B) { // for random* functions - rand.Seed(time.Now().Unix()) + mrand.Seed(time.Now().Unix()) eventBus := NewEventBusWithBufferCapacity(0) // set buffer capacity to 0 so we are not testing cache err := eventBus.Start() @@ -476,7 +475,7 @@ var events = []string{ EventVote} func randEvent() string { - return events[tmrand.Intn(len(events))] + return events[mrand.Intn(len(events))] } var queries = []tmpubsub.Query{ @@ -494,5 +493,5 @@ var queries = []tmpubsub.Query{ EventQueryVote} func randQuery() tmpubsub.Query { - return queries[tmrand.Intn(len(queries))] + return queries[mrand.Intn(len(queries))] } diff --git a/types/evidence_test.go b/types/evidence_test.go index 7e9bed7e6..29a877664 100644 --- a/types/evidence_test.go +++ b/types/evidence_test.go @@ -3,6 +3,7 @@ package types import ( "context" "math" + mrand "math/rand" "testing" "time" @@ -256,7 +257,7 @@ func makeHeaderRandom() *Header { return &Header{ Version: version.Consensus{Block: version.BlockProtocol, App: 1}, ChainID: tmrand.Str(12), - Height: int64(tmrand.Uint16()) + 1, + Height: int64(mrand.Uint32() + 1), Time: time.Now(), LastBlockID: makeBlockIDRandom(), LastCommitHash: crypto.CRandBytes(tmhash.Size), diff --git a/types/tx_test.go b/types/tx_test.go index 0ee308ced..931b1f00d 100644 --- a/types/tx_test.go +++ b/types/tx_test.go @@ -2,6 +2,7 @@ package types import ( "bytes" + mrand "math/rand" "testing" "github.com/stretchr/testify/assert" @@ -21,7 +22,7 @@ func makeTxs(cnt, size int) Txs { } func randInt(low, high int) int { - off := tmrand.Int() % (high - low) + off := mrand.Int() % (high - low) return low + off } diff --git a/types/validator.go b/types/validator.go index 0f4f58146..46b16deb5 100644 --- a/types/validator.go +++ b/types/validator.go @@ -5,11 +5,11 @@ import ( "context" "errors" "fmt" + mrand "math/rand" "strings" "github.com/tendermint/tendermint/crypto" ce "github.com/tendermint/tendermint/crypto/encoding" - tmrand "github.com/tendermint/tendermint/libs/rand" tmproto "github.com/tendermint/tendermint/proto/tendermint/types" ) @@ -183,7 +183,8 @@ func RandValidator(randPower bool, minPower int64) (*Validator, PrivValidator) { privVal := NewMockPV() votePower := minPower if randPower { - votePower += int64(tmrand.Uint32()) + // nolint:gosec // G404: Use of weak random number generator + votePower += int64(mrand.Uint32()) } pubKey, err := privVal.GetPubKey(context.Background()) if err != nil { diff --git a/types/validator_set_test.go b/types/validator_set_test.go index a61c704e0..5e1afbfb2 100644 --- a/types/validator_set_test.go +++ b/types/validator_set_test.go @@ -5,6 +5,7 @@ import ( "context" "fmt" "math" + "math/rand" "sort" "strings" "testing" @@ -352,10 +353,10 @@ func TestProposerSelection3(t *testing.T) { // times is usually 1 times := int32(1) - mod := (tmrand.Int() % 5) + 1 - if tmrand.Int()%mod > 0 { + mod := (rand.Int() % 5) + 1 + if rand.Int()%mod > 0 { // sometimes its up to 5 - times = (tmrand.Int31() % 4) + 1 + times = (rand.Int31() % 4) + 1 } vset.IncrementProposerPriority(times) @@ -376,8 +377,8 @@ func randPubKey() crypto.PubKey { func randValidator(totalVotingPower int64) *Validator { // this modulo limits the ProposerPriority/VotingPower to stay in the // bounds of MaxTotalVotingPower minus the already existing voting power: - val := NewValidator(randPubKey(), int64(tmrand.Uint64()%uint64(MaxTotalVotingPower-totalVotingPower))) - val.ProposerPriority = tmrand.Int64() % (MaxTotalVotingPower - totalVotingPower) + val := NewValidator(randPubKey(), int64(rand.Uint64()%uint64(MaxTotalVotingPower-totalVotingPower))) + val.ProposerPriority = rand.Int63() % (MaxTotalVotingPower - totalVotingPower) return val } @@ -882,7 +883,7 @@ func permutation(valList []testVal) []testVal { return nil } permList := make([]testVal, len(valList)) - perm := tmrand.Perm(len(valList)) + perm := rand.Perm(len(valList)) for i, v := range perm { permList[v] = valList[i] } @@ -1284,14 +1285,14 @@ func randTestVSetCfg(t *testing.T, nBase, nAddMax int) testVSetCfg { const maxPower = 1000 var nOld, nDel, nChanged, nAdd int - nOld = int(tmrand.Uint()%uint(nBase)) + 1 + nOld = int(uint(rand.Int())%uint(nBase)) + 1 if nBase-nOld > 0 { - nDel = int(tmrand.Uint() % uint(nBase-nOld)) + nDel = int(uint(rand.Int()) % uint(nBase-nOld)) } nChanged = nBase - nOld - nDel if nAddMax > 0 { - nAdd = tmrand.Int()%nAddMax + 1 + nAdd = rand.Int()%nAddMax + 1 } cfg := testVSetCfg{} @@ -1303,12 +1304,12 @@ func randTestVSetCfg(t *testing.T, nBase, nAddMax int) testVSetCfg { cfg.expectedVals = make([]testVal, nBase-nDel+nAdd) for i := 0; i < nBase; i++ { - cfg.startVals[i] = testVal{fmt.Sprintf("v%d", i), int64(tmrand.Uint()%maxPower + 1)} + cfg.startVals[i] = testVal{fmt.Sprintf("v%d", i), int64(uint(rand.Int())%maxPower + 1)} if i < nOld { cfg.expectedVals[i] = cfg.startVals[i] } if i >= nOld && i < nOld+nChanged { - cfg.updatedVals[i-nOld] = testVal{fmt.Sprintf("v%d", i), int64(tmrand.Uint()%maxPower + 1)} + cfg.updatedVals[i-nOld] = testVal{fmt.Sprintf("v%d", i), int64(uint(rand.Int())%maxPower + 1)} cfg.expectedVals[i] = cfg.updatedVals[i-nOld] } if i >= nOld+nChanged { @@ -1317,7 +1318,7 @@ func randTestVSetCfg(t *testing.T, nBase, nAddMax int) testVSetCfg { } for i := nBase; i < nBase+nAdd; i++ { - cfg.addedVals[i-nBase] = testVal{fmt.Sprintf("v%d", i), int64(tmrand.Uint()%maxPower + 1)} + cfg.addedVals[i-nBase] = testVal{fmt.Sprintf("v%d", i), int64(uint(rand.Int())%maxPower + 1)} cfg.expectedVals[i-nDel] = cfg.addedVals[i-nBase] } @@ -1398,7 +1399,7 @@ func TestValSetUpdatePriorityOrderTests(t *testing.T) { func verifyValSetUpdatePriorityOrder(t *testing.T, valSet *ValidatorSet, cfg testVSetCfg, nMaxElections int32) { // Run election up to nMaxElections times, sort validators by priorities - valSet.IncrementProposerPriority(tmrand.Int31()%nMaxElections + 1) + valSet.IncrementProposerPriority(rand.Int31()%nMaxElections + 1) // apply the changes, get the updated validators, sort by priorities applyChangesToValSet(t, nil, valSet, cfg.addedVals, cfg.updatedVals, cfg.deletedVals)