ruby-changes:40729
From: kosaki <ko1@a...>
Date: Tue, 1 Dec 2015 05:27:31 +0900 (JST)
Subject: [ruby-changes:40729] kosaki:r52808 (trunk): * random.c: random_raw_seed don't use GRND_NONBLOCK. GRND_NONBLOCK
kosaki 2015-12-01 05:27:11 +0900 (Tue, 01 Dec 2015) New Revision: 52808 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=52808 Log: * random.c: random_raw_seed don't use GRND_NONBLOCK. GRND_NONBLOCK mean the result might not have an enough cryptic strength and easy predictable. That's no good for SecureRandom. Modified files: trunk/ChangeLog trunk/random.c Index: ChangeLog =================================================================== --- ChangeLog (revision 52807) +++ ChangeLog (revision 52808) @@ -1,3 +1,9 @@ https://github.com/ruby/ruby/blob/trunk/ChangeLog#L1 +Wed Oct 21 08:23:36 2015 KOSAKI Motohiro <kosaki.motohiro@g...> + + * random.c: random_raw_seed don't use GRND_NONBLOCK. GRND_NONBLOCK + mean the result might not have an enough cryptic strength and + easy predictable. That's no good for SecureRandom. + Sun Oct 18 17:26:53 2015 KOSAKI Motohiro <kosaki.motohiro@g...> * missing/explicit_bzero.c: new file. define explicit_bzero. Index: random.c =================================================================== --- random.c (revision 52807) +++ random.c (revision 52808) @@ -495,7 +495,7 @@ release_crypt(void *p) https://github.com/ruby/ruby/blob/trunk/random.c#L495 } static int -fill_random_bytes_syscall(void *seed, size_t size) +fill_random_bytes_syscall(void *seed, size_t size, int unused) { static HCRYPTPROV perm_prov; HCRYPTPROV prov = perm_prov, old_prov; @@ -528,13 +528,16 @@ fill_random_bytes_syscall(void *seed, si https://github.com/ruby/ruby/blob/trunk/random.c#L528 # endif static int -fill_random_bytes_syscall(void *seed, size_t size) +fill_random_bytes_syscall(void *seed, size_t size, int need_secure) { static rb_atomic_t try_syscall = 1; if (try_syscall) { long ret; + int flags = 0; + if (!need_secure) + flags = GRND_NONBLOCK; errno = 0; - ret = syscall(SYS_getrandom, seed, size, GRND_NONBLOCK); + ret = syscall(SYS_getrandom, seed, size, flags); if (errno == ENOSYS) { ATOMIC_SET(try_syscall, 0); return -1; @@ -544,13 +547,13 @@ fill_random_bytes_syscall(void *seed, si https://github.com/ruby/ruby/blob/trunk/random.c#L547 return -1; } #else -# define fill_random_bytes_syscall(seed, size) -1 +# define fill_random_bytes_syscall(seed, size, need_secure) -1 #endif static int -fill_random_bytes(void *seed, size_t size) +fill_random_bytes(void *seed, size_t size, int need_secure) { - int ret = fill_random_bytes_syscall(seed, size); + int ret = fill_random_bytes_syscall(seed, size, need_secure); if (ret == 0) return ret; return fill_random_bytes_urandom(seed, size); } @@ -563,7 +566,7 @@ fill_random_seed(uint32_t seed[DEFAULT_S https://github.com/ruby/ruby/blob/trunk/random.c#L566 memset(seed, 0, DEFAULT_SEED_LEN); - fill_random_bytes(seed, sizeof(*seed)); + fill_random_bytes(seed, sizeof(*seed), TRUE); gettimeofday(&tv, 0); seed[0] ^= tv.tv_usec; @@ -631,7 +634,7 @@ random_raw_seed(VALUE self, VALUE size) https://github.com/ruby/ruby/blob/trunk/random.c#L634 long n = NUM2ULONG(size); VALUE buf = rb_str_new(0, n); if (n == 0) return buf; - if (fill_random_bytes(RSTRING_PTR(buf), n)) return Qnil; + if (fill_random_bytes(RSTRING_PTR(buf), n, FALSE)) return Qnil; return buf; } -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/