SecureRandom update to match Ruby 2.3 #4656
Conversation
|
Looks good to me. How big is the diff with MRI stdlib securerandom now? I'm guessing this is a library they might plan to gemify, so we'll probably have to address that soon. Perhaps this should be registered as an internal extension for now, so we can just |
|
yeah, but its confusing the stdlib repo is a few years stale and contains an old securerandom.rb 3,6c3,5
< begin
< require 'openssl'
< rescue LoadError
< end
---
>
> require 'jruby'
> org.jruby.ext.securerandom.SecureRandomLibrary.load JRuby.runtime
50,80d48
< module SecureRandom
< if defined?(OpenSSL::Random) && /mswin|mingw/ !~ RUBY_PLATFORM
< def self.gen_random(n)
< @pid = 0 unless defined?(@pid)
< pid = $$
< unless @pid == pid
< now = Process.clock_gettime(Process::CLOCK_REALTIME, :nanosecond)
< ary = [now, @pid, pid]
< OpenSSL::Random.random_add(ary.join("").to_s, 0.0)
< seed = Random.raw_seed(16)
< if (seed)
< OpenSSL::Random.random_add(seed, 16)
< end
< @pid = pid
< end
< return OpenSSL::Random.random_bytes(n)
< end
< else
< def self.gen_random(n)
< ret = Random.raw_seed(n)
< unless ret
< raise NotImplementedError, "No random device"
< end
< unless ret.length == n
< raise NotImplementedError, "Unexpected partial read from random device: only #{ret.length} for #{n} bytes"
< end
< ret
< end
< end
< end
<
176d143
< =begin
194,219c161,162
< if 0 < n
< if defined? OpenSSL::BN
< OpenSSL::BN.rand_range(n).to_i
< else
< hex = n.to_s(16)
< hex = '0' + hex if (hex.length & 1) == 1
< bin = [hex].pack("H*")
< mask = bin[0].ord
< mask |= mask >> 1
< mask |= mask >> 2
< mask |= mask >> 4
< begin
< rnd = random_bytes(bin.length)
< rnd[0] = (rnd[0].ord & mask).chr
< end until rnd < bin
< rnd.unpack("H*")[0].hex
< end
< else
< # assumption: Float::MANT_DIG <= 64
< if defined? OpenSSL::BN
< i64 = OpenSSL::BN.rand(64, -1).to_i
< else
< i64 = random_bytes(8).unpack("Q")[0]
< end
< Math.ldexp(i64 >> (64-Float::MANT_DIG), -Float::MANT_DIG)
< end
---
> # implemented natively in JRuby (just like in MRI)
> raise NotImplementedError("#{__method__}(#{n})")
221d163
< =end
250a193,197
> # NOTE: JRuby's SecureRandom native part implement some of the methods from Random::Formatter
> # - SecureRandom.random_bytes(n=nil)
> # - SecureRandom.hex(n=nil)
> # - SecureRandom.uuid
> # - SecureRandom.random_number(n=0)... is it preferable if removals are put back (JRuby had some modifications previous so I did not care much)? |
|
I think we should consider MRI repo the canonical source for these libraries until they've officially completed gemifying each library. I just brought it up to keep in mind. This particular library diverges so much from MRI (at least in impl) that I'm not concerned about maintaining a diff. |
securerandom.rb imported from MRI's 2.3 stable line
re-implemented
random_number(native in C-Ruby now) in Java to handle rangesresolves #4607