kotovalexarian-likes-github/ruby--ruby
1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2022-11-09 12:17:21 -05:00
Code Releases Activity

* random.c: random_raw_seed don't use GRND_NONBLOCK. GRND_NONBLOCK

Browse source 
mean the result might not have an enough cryptic strength and
  easy predictable. That's no good for SecureRandom.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@52808 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
kosaki 2015-11-30 20:27:11 +00:00
parent 9401002fde
commit f7bd7d6f1f
2 changed files with 17 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
ChangeLog
View file

@ -1,3 +1,9 @@
Wed Oct 21 08:23:36 2015 KOSAKI Motohiro <kosaki.motohiro@gmail.com>
* random.c: random_raw_seed don't use GRND_NONBLOCK. GRND_NONBLOCK
mean the result might not have an enough cryptic strength and
easy predictable. That's no good for SecureRandom.
Sun Oct 18 17:26:53 2015 KOSAKI Motohiro <kosaki.motohiro@gmail.com> Sun Oct 18 17:26:53 2015 KOSAKI Motohiro <kosaki.motohiro@gmail.com>
* missing/explicit_bzero.c: new file. define explicit_bzero. * missing/explicit_bzero.c: new file. define explicit_bzero.

19
random.c
View file

@ -495,7 +495,7 @@ release_crypt(void *p)
} }
static int static int
fill_random_bytes_syscall(void *seed, size_t size) fill_random_bytes_syscall(void *seed, size_t size, int unused)
{ {
static HCRYPTPROV perm_prov; static HCRYPTPROV perm_prov;
HCRYPTPROV prov = perm_prov, old_prov; HCRYPTPROV prov = perm_prov, old_prov;
@ -528,13 +528,16 @@ fill_random_bytes_syscall(void *seed, size_t size)
# endif # endif
static int static int
fill_random_bytes_syscall(void *seed, size_t size) fill_random_bytes_syscall(void *seed, size_t size, int need_secure)
{ {
static rb_atomic_t try_syscall = 1; static rb_atomic_t try_syscall = 1;
if (try_syscall) { if (try_syscall) {
long ret; long ret;
int flags = 0;
if (!need_secure)
flags = GRND_NONBLOCK;
errno = 0; errno = 0;
ret = syscall(SYS_getrandom, seed, size, GRND_NONBLOCK); ret = syscall(SYS_getrandom, seed, size, flags);
if (errno == ENOSYS) { if (errno == ENOSYS) {
ATOMIC_SET(try_syscall, 0); ATOMIC_SET(try_syscall, 0);
return -1; return -1;
@ -544,13 +547,13 @@ fill_random_bytes_syscall(void *seed, size_t size)
return -1; return -1;
} }
#else #else
# define fill_random_bytes_syscall(seed, size) -1 # define fill_random_bytes_syscall(seed, size, need_secure) -1
#endif #endif
static int static int
fill_random_bytes(void *seed, size_t size) fill_random_bytes(void *seed, size_t size, int need_secure)
{ {
int ret = fill_random_bytes_syscall(seed, size); int ret = fill_random_bytes_syscall(seed, size, need_secure);
if (ret == 0) return ret; if (ret == 0) return ret;
return fill_random_bytes_urandom(seed, size); return fill_random_bytes_urandom(seed, size);
} }
@ -563,7 +566,7 @@ fill_random_seed(uint32_t seed[DEFAULT_SEED_CNT])
memset(seed, 0, DEFAULT_SEED_LEN); memset(seed, 0, DEFAULT_SEED_LEN);
fill_random_bytes(seed, sizeof(*seed)); fill_random_bytes(seed, sizeof(*seed), TRUE);
gettimeofday(&tv, 0); gettimeofday(&tv, 0);
seed[0] ^= tv.tv_usec; seed[0] ^= tv.tv_usec;
@ -631,7 +634,7 @@ random_raw_seed(VALUE self, VALUE size)
long n = NUM2ULONG(size); long n = NUM2ULONG(size);
VALUE buf = rb_str_new(0, n); VALUE buf = rb_str_new(0, n);
if (n == 0) return buf; if (n == 0) return buf;
if (fill_random_bytes(RSTRING_PTR(buf), n)) return Qnil; if (fill_random_bytes(RSTRING_PTR(buf), n, FALSE)) return Qnil;
return buf; return buf;
} }