Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SecureRandom: use getrandom (linux) and /dev/urandom #2959

Merged
merged 2 commits into from
Sep 1, 2016
Merged

SecureRandom: use getrandom (linux) and /dev/urandom #2959

merged 2 commits into from
Sep 1, 2016
+110 −12

Conversation

ysbaddaden
Copy link
Contributor

The implementation follows libsodium's sysrandom implementation, but limited to getrandom(2) (linux) and /dev/urandom since we don't support the other platforms yet (Windows, OpenBSD) and the arc4random functions don't seem safe on FreeBSD (?).

closes #2792

jhass
jhass reviewed Jul 6, 2016
View reviewed changes
src/secure_random.cr
return buf
end

ifdef !without_openssl
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should use {% if !flag?(:without_openssl) %} already.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I checked and we don't use the flag? macro method but ifdef everywhere in the core/stdlib.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Until bd01fb2 ;)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Damn, it got merged just after I branched!

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It sill has some gotchas:

class variable '@@getrandom_available' of SecureRandom must be Bool, not Nil

I can't restrict the class variable to only exist for linux targets anymore.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Errata: 0.18.7 failed, but master was capable to compile it.

@ysbaddaden ysbaddaden force-pushed the std-securerandom-getrandom-urandom branch from 86a3e7b to a985671 Compare July 6, 2016 09:36
@ysbaddaden
Copy link
Contributor Author

It seems that the CI build fail because crystal tool format changes src/secure_random.cr but running it locally doesn't change anything?

@jhass
Copy link
Member

jhass commented Jul 6, 2016

Bet that's 104c9b9 Time to rebase! ;)

@ysbaddaden ysbaddaden force-pushed the std-securerandom-getrandom-urandom branch from a985671 to 3f75853 Compare July 6, 2016 10:07
@ysbaddaden
Copy link
Contributor Author

Rebased to use the flag? macro.

@ysbaddaden
Use getrandom and /dev/urandom to generate random bytes
e776bce 
The implementation follows libsodium's sysrandom implementation, but
limited to `getrandom(2)` (linux) and `/dev/urandom` since we don't
support the other platforms yet (Windows, OpenBSD) and the `arc4random`
functions don't seem safe on FreeBSD (?).

closes crystal-lang#2792
@ysbaddaden ysbaddaden force-pushed the std-securerandom-getrandom-urandom branch from 3f75853 to e776bce Compare July 6, 2016 10:16
@ysbaddaden
Copy link
Contributor Author

Green :)

@asterite
Copy link
Member

asterite commented Jul 6, 2016

Before merging this please let @waj take a look at this. Thanks!

@jhass jhass assigned waj Jul 6, 2016
rugk
rugk reviewed Jul 7, 2016
View reviewed changes
src/secure_random.cr
# implementation and uses `getrandom` on Linux (when provided by the kernel),
# then tries to read from `/dev/urandom`.
#
# Unlike libsodium, this implementation eventually falls back to using the RNG
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See https://twitter.com/jedisct1/status/750980890340237313:

But why?

@ysbaddaden
Copy link
Contributor Author

@waj bump. I'd love to have this in 0.19 :-)

@jhass jhass added this to the 0.19.0 milestone Jul 25, 2016
@asterite
Copy link
Member

asterite commented Sep 1, 2016

I reviewed this and it looks good (plus travis passes). Let's merge. Thank you!

@asterite asterite merged commit 78e5206 into crystal-lang:master Sep 1, 2016
@ysbaddaden
Copy link
Contributor Author

Woot!

@ysbaddaden ysbaddaden deleted the std-securerandom-getrandom-urandom branch November 7, 2016 13:48
@jgaskins jgaskins mentioned this pull request Apr 6, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@waj waj

Labels
topic:stdlib
Projects
None yet
Milestone
0.19.0
Development

Successfully merging this pull request may close these issues.

SecureRandom.random_bytes should use /dev/urandom by default
6 participants
@ysbaddaden @jhass @asterite @refi64 @rugk @waj