OpenSSL's man page previously stated that "the application is
responsible for seeding the PRNG by calling RAND_add" (see [1]).
So we had this code. However things changed. They no longer
say so, instead "manual (re-)seeding of the default OpenSSL
random generator is not necessary" now (see [2]). It seems all
OpenSSL versions that we support now already behaves like this.
Let's follow that.
[1]: https://www.openssl.org/docs/man1.0.2/man3/RAND_add.html
[2]: https://www.openssl.org/docs/manmaster/man3/RAND_add.html
SecureRandom lazily defines `get_random`. Accessing the mutex to define
the `get_random` method is not supported inside a Ractor. This commit
defines `gen_random` when `securerandom` is required and makes it
suppore Ractor (as well as thread safe).
Here is a test program:
```ruby
require "securerandom"
r = Ractor.new do
loop do
Ractor.yield SecureRandom.hex
end
end
p r.take
```
Before this commit:
```
$ make runruby
./miniruby -I./lib -I. -I.ext/common ./tool/runruby.rb --extout=.ext -- --disable-gems ./test.rb
<internal:ractor>:38: warning: Ractor is experimental, and the behavior may change in future versions of Ruby! Also there are many implementation issues.
/Users/aaron/git/ruby/lib/securerandom.rb:94:in `gen_random': can not access instance variables of classes/modules from non-main Ractors (RuntimeError)
<internal:ractor>:124:in `take': thrown by remote Ractor. (Ractor::RemoteError)
from ./test.rb:9:in `<main>'
/Users/aaron/git/ruby/lib/securerandom.rb:94:in `gen_random': can not access instance variables of classes/modules from non-main Ractors (RuntimeError)
from /Users/aaron/git/ruby/lib/securerandom.rb:155:in `random_bytes'
from /Users/aaron/git/ruby/lib/securerandom.rb:176:in `hex'
from ./test.rb:5:in `block (2 levels) in <main>'
from ./test.rb:4:in `loop'
from ./test.rb:4:in `block in <main>'
make: *** [runruby] Error
```
After this commit:
```
$ make runruby
./miniruby -I./lib -I. -I.ext/common ./tool/runruby.rb --extout=.ext -- --disable-gems ./test.rb
<internal:ractor>:38: warning: Ractor is experimental, and the behavior may change in future versions of Ruby! Also there are many implementation issues.
"3fc8885157e3911bab4b5d7619bb0308"
```
* lib/securerandom.rb: added `require 'securerandom'` to each
example, to state these methods are defined in this library and
require it explicitly. [ruby-core:85933] [Bug #14576]
[ci skip]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@63341 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* lib/securerandom.rb (Random::Formatter#choose): [DOC] fix an
example, `n` is not optional.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@60420 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
[ruby-core:68098] [Feature #10849] proposed by Andrew Butterfield.
SecureRandom.choose and SecureRandom.graph is not included.
(The implementation has SecureRandom.choose but it is private.)
I feel the method name, SecureRandom.choose, doesn't represent
the behavior well.
The actual use cases of SecureRandom.graph is not obvious.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@60297 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
`SecureRandom#gen_random` determines whether urandom is available or not
by trying `Random.urandom(n)`. But, when n = 0, `Random.urandom(0)`
always succeeds even if urandom is not available, which leads to a wrong
decision.
When failed, `Random.urandom` returns nil instead of returning a shorter
string than required. So the check for `ret.length != n` is not needed.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@59840 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
SecureRandom.gen_random_openssl still refers to Random.raw_seed, which
is renamed to Random.urandom by r57384. [Bug #9569]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57707 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* random.c (InitVM_Random): rename Random.raw_seed to
Random.urandom. A quick search seems there are no practical use
of this method than securerandom.rb so I think it's OK to rename
but if there are users of it, this hunk is subject to revert.
* test/ruby/test_rand.rb (TestRand#test_urandom): test for it.
* lib/securerandom.rb (SecureRandom.gen_random): Prefer OS-
provided CSPRNG if available. Otherwise falls back to OpenSSL.
Current preference is:
1. CSPRNG routine that the OS has; one of
- getrandom(2),
- arc4random(3), or
- CryptGenRandom()
2. /dev/urandom device
3. OpenSSL's RAND_bytes(3)
If none of above random number generators are available, you
cannot use this module. An exception is raised that case.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57384 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* random.c (obj_random_bytes): base on bytes method instead of
rand method, not to call toplevel rand method.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54968 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* lib/securerandom.rb (gen_random): Array#join returns a String,
no to_s is needed.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53999 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* random.c (rand_random_number): add a method to return a random
number like SecureRandom to Random::Formatter.
* lib/securerandom.rb (random_bytes): move to Random::Formatter,
the base method of the module.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@49596 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* lib/securerandom.rb (Random::Formatter): extract random number
formatting methods into a module.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@49595 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* random.c (random_raw_seed): extract platform dependent random
seed initialization function as a new method Random.raw_seed.
* lib/securerandom.rb (SecureRandom): use Random.raw_seed.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@49593 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* lib/securerandom.rb (SecureRandom.gen_random): separate
implementation details and select at the load time.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@48334 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* lib/securerandom.rb: set the script encoding to make a string
literal in SecureRandom::Kernel32.last_error_message single byte
encoding so msg[] works in bytes, since FormatMessage() returns
the size in TCHARs, not in characters.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@48328 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
before cheking `/dev/urandom` because we know windows doesn't have it.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@48324 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Based on a patch by @schneems [Fixes GH-518] [ci skip]
https://github.com/ruby/ruby/pull/518
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@44782 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
OpenSSL::Random.random_add instead of OpenSSL::Random.seed and
specify 0.0 as the entropy.
[ruby-core:47308] [Bug #6928]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@40072 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Hiroshi SHIBATA
Nobuyoshi Nakada
卜部昌平
Yusuke Endoh
Aaron Patterson
stomar
akr
nobu
mame
hsbt
rhe
shyouhei
naruse
normal
kosaki
usa
tenderlove
glass
zzak