diff options
| author | Billy Donahue <billy.donahue@mongodb.com> | 2019-10-02 04:42:39 +0000 |
|---|---|---|
| committer | evergreen <evergreen@mongodb.com> | 2019-10-02 04:42:39 +0000 |
| commit | 96da177c6ae7b7ed0f29983ad033d8a59524b0b2 (patch) | |
| tree | 87a713b2be96453134555b1856e5f7dea07a1b0f /src/mongo/crypto | |
| parent | 059656a32ed8ed7e780c4b12bb3c4e101c1f90f4 (diff) | |
| download | mongo-96da177c6ae7b7ed0f29983ad033d8a59524b0b2.tar.gz | |
SERVER-43641 upgrade random.h
Respecify PseudoRandom and SecureRandom as template instances of
a `mongo::RandomBase<Urbg>` (Urbg is a UniformRandomBitGenerator).
They will only vary in which algorithm they use for their source
bits, and should otherwise support the same exact operations (e.g.
`nextCanonicalDouble`).
Fix range and stats errors in the implementations of those
RandomBase methods, and specify them in terms of the vetted
`<random>` facilities.
Test uniformity of nextInt32(max), which uses an inappropriate
( x % max) operation. Verify that refactor fixes this issue.
Just keep a shared urandom file descriptor open.
SecureRandom add fill, remove create, fix callers
Obsoletes SERVER-43643 Re: SecureRandom 8kiB buffering
Diffstat (limited to 'src/mongo/crypto')
| -rw-r--r-- | src/mongo/crypto/mechanism_scram.h | 12 | ||||
| -rw-r--r-- | src/mongo/crypto/symmetric_crypto.cpp | 15 |
2 files changed, 4 insertions, 23 deletions
diff --git a/src/mongo/crypto/mechanism_scram.h b/src/mongo/crypto/mechanism_scram.h index fcb16331830..5e0265679ea 100644 --- a/src/mongo/crypto/mechanism_scram.h +++ b/src/mongo/crypto/mechanism_scram.h @@ -102,15 +102,9 @@ public: } static std::vector<std::uint8_t> generateSecureRandomSalt() { - // Express salt length as a number of quad words, rounded up. - constexpr auto qwords = (saltLength() + sizeof(std::int64_t) - 1) / sizeof(std::int64_t); - std::array<std::int64_t, qwords> userSalt; - - std::unique_ptr<SecureRandom> sr(SecureRandom::create()); - std::generate(userSalt.begin(), userSalt.end(), [&sr] { return sr->nextInt64(); }); - return std::vector<std::uint8_t>(reinterpret_cast<std::uint8_t*>(userSalt.data()), - reinterpret_cast<std::uint8_t*>(userSalt.data()) + - saltLength()); + std::vector<std::uint8_t> salt(saltLength()); + SecureRandom().fill(salt.data(), salt.size()); + return salt; } private: diff --git a/src/mongo/crypto/symmetric_crypto.cpp b/src/mongo/crypto/symmetric_crypto.cpp index 32d888cfbbb..0a6bbc2e916 100644 --- a/src/mongo/crypto/symmetric_crypto.cpp +++ b/src/mongo/crypto/symmetric_crypto.cpp @@ -48,12 +48,7 @@ namespace mongo { namespace crypto { -namespace { -std::unique_ptr<SecureRandom> random; -} // namespace - MONGO_INITIALIZER(CreateKeyEntropySource)(InitializerContext* context) { - random = std::unique_ptr<SecureRandom>(SecureRandom::create()); return Status::OK(); } @@ -90,16 +85,8 @@ std::string getStringFromCipherMode(aesMode mode) { SymmetricKey aesGenerate(size_t keySize, SymmetricKeyId keyId) { invariant(keySize == sym256KeySize); - SecureVector<uint8_t> key(keySize); - - size_t offset = 0; - while (offset < keySize) { - std::uint64_t randomValue = random->nextInt64(); - memcpy(key->data() + offset, &randomValue, sizeof(randomValue)); - offset += sizeof(randomValue); - } - + SecureRandom().fill(key->data(), key->size()); return SymmetricKey(std::move(key), aesAlgorithm, std::move(keyId)); } |