From f7bd7d6f1f499726cc4aca99714e1a0050dbd92b Mon Sep 17 00:00:00 2001 From: kosaki Date: Mon, 30 Nov 2015 20:27:11 +0000 Subject: * random.c: random_raw_seed don't use GRND_NONBLOCK. GRND_NONBLOCK mean the result might not have an enough cryptic strength and easy predictable. That's no good for SecureRandom. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@52808 b2dd03c8-39d4-4d8f-98ff-823fe69b080e --- random.c | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) (limited to 'random.c') diff --git a/random.c b/random.c index b0f638de95..7a9bd9bcf7 100644 --- a/random.c +++ b/random.c @@ -495,7 +495,7 @@ release_crypt(void *p) } static int -fill_random_bytes_syscall(void *seed, size_t size) +fill_random_bytes_syscall(void *seed, size_t size, int unused) { static HCRYPTPROV perm_prov; HCRYPTPROV prov = perm_prov, old_prov; @@ -528,13 +528,16 @@ fill_random_bytes_syscall(void *seed, size_t size) # endif static int -fill_random_bytes_syscall(void *seed, size_t size) +fill_random_bytes_syscall(void *seed, size_t size, int need_secure) { static rb_atomic_t try_syscall = 1; if (try_syscall) { long ret; + int flags = 0; + if (!need_secure) + flags = GRND_NONBLOCK; errno = 0; - ret = syscall(SYS_getrandom, seed, size, GRND_NONBLOCK); + ret = syscall(SYS_getrandom, seed, size, flags); if (errno == ENOSYS) { ATOMIC_SET(try_syscall, 0); return -1; @@ -544,13 +547,13 @@ fill_random_bytes_syscall(void *seed, size_t size) return -1; } #else -# define fill_random_bytes_syscall(seed, size) -1 +# define fill_random_bytes_syscall(seed, size, need_secure) -1 #endif static int -fill_random_bytes(void *seed, size_t size) +fill_random_bytes(void *seed, size_t size, int need_secure) { - int ret = fill_random_bytes_syscall(seed, size); + int ret = fill_random_bytes_syscall(seed, size, need_secure); if (ret == 0) return ret; return fill_random_bytes_urandom(seed, size); } @@ -563,7 +566,7 @@ fill_random_seed(uint32_t seed[DEFAULT_SEED_CNT]) memset(seed, 0, DEFAULT_SEED_LEN); - fill_random_bytes(seed, sizeof(*seed)); + fill_random_bytes(seed, sizeof(*seed), TRUE); gettimeofday(&tv, 0); seed[0] ^= tv.tv_usec; @@ -631,7 +634,7 @@ random_raw_seed(VALUE self, VALUE size) long n = NUM2ULONG(size); VALUE buf = rb_str_new(0, n); if (n == 0) return buf; - if (fill_random_bytes(RSTRING_PTR(buf), n)) return Qnil; + if (fill_random_bytes(RSTRING_PTR(buf), n, FALSE)) return Qnil; return buf; } -- cgit v1.2.3