Integer overflow for unsigned types are fully defined in C. They
are not always problematic (but not always OK). These functions
in this changeset intentionally utilizes that behaviour.
Blacklist from UBSAN checks for better output.
See also: https://travis-ci.org/ruby/ruby/jobs/451624829
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@65589 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
An instruction is leaf if it has no rb_funcall inside. In order to
check this property, we introduce stack canary which is a random
number collected at runtime. Stack top is always filled with this
number and checked for stack smashing operations, when VM_CHECK_MODE.
[GH-1947]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@64677 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* random.c (fill_random_bytes_syscall): check if the version macro is
defined, for very old Mac OS X development tools.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@64633 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Some old implementaions of arc4random_buf(3) were ARC4 based, or
unsafe when forked, or both. Resort to /dev/urandom for those
known problematic cases. Fix [Bug #15039]
Patch from Thomas Hurst <tom@hur.st>
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@64625 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* random.c (fill_random_bytes_syscall): use SecRandomCopyBytes in
Security framework on macOS 10.7 or later.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@64596 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* random.c (rand_range): moved call of domain_error(), not to
raise an exception in range_values().
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@64169 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* configure.ac: clock_gettime or gettimeofday must exist.
* process.c (rb_clock_gettime): prefer clock_gettime over
gettimeofday, as the latter is obsolete in SUSv4.
* random.c (fill_random_seed): ditto.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@63663 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* random.c (fill_random_seed): do not need to be secure, to get
rid of blocking at the start-up time.
[ruby-core:87462] [Bug #14837]
* random.c (random_raw_seed): expected to be a cryptographically
secure, as documented.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@63624 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* random.c: [DOC] improve language and RDoc markup in Random.bytes docs;
also adjust call-seq style of Random.bytes and Random#bytes.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@63154 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* random.c (InitVM_Random): extend Random itself by Formatter
module, as well as the `bytes` method used by the module.
[Feature #4938]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62595 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* random.c (random_s_bytes): new method Random.bytes, which is
equivalent to Random::DEFAULT.bytes. [Feature #4938]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62497 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
getrandom(2) and read(2) (from /dev/urandom) may return a random buffer
whose length is shorter than required. This change makes sure that they
get enough buffer by using a loop.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61292 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Early failure looks better in this case. Refs [Bugs #13885].
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@59858 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* random.c (get_rnd, try_get_rnd): ensure initialized to get rid
of crash in forked processes. [ruby-core:82100] [Bug #13753]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@59368 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* random.c (InitVM_Random): rename Random.raw_seed to
Random.urandom. A quick search seems there are no practical use
of this method than securerandom.rb so I think it's OK to rename
but if there are users of it, this hunk is subject to revert.
* test/ruby/test_rand.rb (TestRand#test_urandom): test for it.
* lib/securerandom.rb (SecureRandom.gen_random): Prefer OS-
provided CSPRNG if available. Otherwise falls back to OpenSSL.
Current preference is:
1. CSPRNG routine that the OS has; one of
- getrandom(2),
- arc4random(3), or
- CryptGenRandom()
2. /dev/urandom device
3. OpenSSL's RAND_bytes(3)
If none of above random number generators are available, you
cannot use this module. An exception is raised that case.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57384 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
glibc still does not define the SYS_getrandom alias for
__NR_getrandom in the Linux kernel. However, installing
up-to-date Linux kernel headers (linux-libc-dev >= 3.17 package
on Debian) will get the __NR_getrandom syscall number defined
properly without relying on glibc.
This allows users with a modern kernel+headers to use the getrandom
syscall without waiting on glibc support.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57307 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* random.c (seed_keys_t, init_seed): pack seed for rb_hash_start and
rb_memhash, and fill them at once.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56990 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* *.c: rename rb_funcall2 to rb_funcallv, except for extensions
which are/will be/may be gems. [Fix GH-1406]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55773 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* random.c (int_pair_to_real_inclusive): get rid of VC6 compile
error C2520: conversion from unsigned __int64 to double not
implemented.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55534 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* random.c (random_ulong_limited): suppress a shift count warning
when unsigned long is 32bits.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55006 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* random.c (make_seed_value): append leading-zero-guard and get
rid of making a local copy of the seed.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54997 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* random.c (fill_random_seed): move the seed size to an argument.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54995 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* random.c (obj_random_bytes): base on bytes method instead of
rand method, not to call toplevel rand method.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54968 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* random.c (rand_init): random_seed() always returns an Integer,
no conversion for it.
* random.c (random_init, rb_f_srand): convert the given seed to an
Integer.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54962 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* random.c (random_int32): split the cases of rb_random_t and
other objects.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54937 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* random.c (fill_random_bytes_syscall): turned into a static
function, to be inlined probably, so that it is unavailable if
it is a preprocessor macro.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54932 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* random.c (rand_range, rand_random): use rb_check_to_int instead
of rb_check_to_integer with the same conversion method.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54930 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* random.c: use rb_check_arity instead of rb_scan_args for simple
optional arguments.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54929 b2dd03c8-39d4-4d8f-98ff-823fe69b080e