Skip to content

Backport securerandom #4149

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
headius merged 4 commits into from
Sep 14, 2016
Merged

Backport securerandom #4149

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
8fb4b93
avoid eager secure random initialization on every new Ruby thread all…
kares Mar 10, 2016
4e076c1
Prefer non-blocking PRNG, with failover to SHA1 and then JDK def.
headius Aug 5, 2016
2af75fa
Actually settle on SHA1PRNG if it's available. #1405
headius Sep 12, 2016
09dcb93
Provide a help string that makes sense for PRNG option.
headius Sep 13, 2016
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions core/src/main/java/org/jruby/ext/securerandom/SecureRandomLibrary.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ public static IRubyObject uuid(ThreadContext context, IRubyObject self) {
}

private static byte[] nextBytes(ThreadContext context, IRubyObject n) {
int size = n.isNil() ? 16 : (int)n.convertToInteger().getLongValue();
int size = n.isNil() ? 16 : (int) n.convertToInteger().getLongValue();

return nextBytes(context, size);
}
Expand All @@ -46,7 +46,7 @@ private static byte[] nextBytes(ThreadContext context, int size) {
if (size < 0) throw context.runtime.newArgumentError("negative argument: " + size);

byte[] bytes = new byte[size];
context.secureRandom.nextBytes(bytes);
context.getSecureRandom().nextBytes(bytes);

return bytes;
}
Expand Down
49 changes: 38 additions & 11 deletions core/src/main/java/org/jruby/runtime/ThreadContext.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,7 @@
import org.jruby.runtime.scope.ManyVarsDynamicScope;
import org.jruby.util.RecursiveComparator;
import org.jruby.util.RubyDateFormatter;
import org.jruby.util.cli.Options;
import org.jruby.util.log.Logger;
import org.jruby.util.log.LoggerFactory;

Expand Down Expand Up @@ -135,21 +136,47 @@ public static ThreadContext newContext(Ruby runtime) {

IRubyObject lastExitStatus;

public final SecureRandom secureRandom;
/**
* This fields is no longer initialized, is null by default!
* Use {@link #getSecureRandom()} instead.
* @deprecated
*/
@Deprecated
public transient SecureRandom secureRandom;

private static boolean tryPreferredPRNG = true;
private static boolean trySHA1PRNG = true;

{
SecureRandom sr;
try {
sr = trySHA1PRNG ?
SecureRandom.getInstance("SHA1PRNG") :
new SecureRandom();
} catch (Exception e) {
trySHA1PRNG = false;
sr = new SecureRandom();
@SuppressWarnings("deprecation")
public SecureRandom getSecureRandom() {
SecureRandom secureRandom = this.secureRandom;

// Try preferred PRNG, which defaults to NativePRNGNonBlocking
if (secureRandom == null && tryPreferredPRNG) {
try {
secureRandom = SecureRandom.getInstance(Options.PREFERRED_PRNG.load());
} catch (Exception e) {
tryPreferredPRNG = false;
}
}

// Try SHA1PRNG
if (secureRandom == null && trySHA1PRNG) {
try {
secureRandom = SecureRandom.getInstance("SHA1PRNG");
} catch (Exception e) {
trySHA1PRNG = false;
}
}

// Just let JDK do whatever it does
if (secureRandom == null) {
secureRandom = new SecureRandom();
}
secureRandom = sr;

this.secureRandom = secureRandom;

return secureRandom;
}

/**
Expand Down
1 change: 1 addition & 0 deletions core/src/main/java/org/jruby/util/cli/Options.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -146,6 +146,7 @@ public class Options {
public static final Option<Boolean> REIFY_VARIABLES = bool(MISCELLANEOUS, "reify.variables", false, "Attempt to expand instance vars into Java fields");
public static final Option<Boolean> PREFER_IPV4 = bool(MISCELLANEOUS, "net.preferIPv4", true, "Prefer IPv4 network stack");
public static final Option<Boolean> FCNTL_LOCKING = bool(MISCELLANEOUS, "file.flock.fcntl", true, "Use fcntl rather than flock for File#flock");
public static final Option<String> PREFERRED_PRNG = string(MISCELLANEOUS, "preferred.prng", "NativePRNGNonBlocking", "Set the preferred JDK-supported random number generator to use.");

public static final Option<Boolean> DEBUG_LOADSERVICE = bool(DEBUG, "debug.loadService", false, "Log require/load file searches.");
public static final Option<Boolean> DEBUG_LOADSERVICE_TIMING = bool(DEBUG, "debug.loadService.timing", false, "Log require/load parse+evaluate times.");
Expand Down