diff options
| author | James Wahlin <james.wahlin@mongodb.com> | 2019-10-02 14:48:40 +0000 |
|---|---|---|
| committer | evergreen <evergreen@mongodb.com> | 2019-10-02 14:48:40 +0000 |
| commit | a40b196bd3cecd0b66a6323f57e6f08efe0af392 (patch) | |
| tree | 32ffa94f852e91e2b5d4cac3ea8728998b3837e0 /src/mongo/crypto | |
| parent | 3175a30264d26b31309e9a4abfb69d9f14136702 (diff) | |
| download | mongo-a40b196bd3cecd0b66a6323f57e6f08efe0af392.tar.gz | |
Revert "SERVER-43641 upgrade random.h"
This reverts commit 96da177c6ae7b7ed0f29983ad033d8a59524b0b2.
Diffstat (limited to 'src/mongo/crypto')
| -rw-r--r-- | src/mongo/crypto/mechanism_scram.h | 12 | ||||
| -rw-r--r-- | src/mongo/crypto/symmetric_crypto.cpp | 15 |
2 files changed, 23 insertions, 4 deletions
diff --git a/src/mongo/crypto/mechanism_scram.h b/src/mongo/crypto/mechanism_scram.h index 5e0265679ea..fcb16331830 100644 --- a/src/mongo/crypto/mechanism_scram.h +++ b/src/mongo/crypto/mechanism_scram.h @@ -102,9 +102,15 @@ public: } static std::vector<std::uint8_t> generateSecureRandomSalt() { - std::vector<std::uint8_t> salt(saltLength()); - SecureRandom().fill(salt.data(), salt.size()); - return salt; + // Express salt length as a number of quad words, rounded up. + constexpr auto qwords = (saltLength() + sizeof(std::int64_t) - 1) / sizeof(std::int64_t); + std::array<std::int64_t, qwords> userSalt; + + std::unique_ptr<SecureRandom> sr(SecureRandom::create()); + std::generate(userSalt.begin(), userSalt.end(), [&sr] { return sr->nextInt64(); }); + return std::vector<std::uint8_t>(reinterpret_cast<std::uint8_t*>(userSalt.data()), + reinterpret_cast<std::uint8_t*>(userSalt.data()) + + saltLength()); } private: diff --git a/src/mongo/crypto/symmetric_crypto.cpp b/src/mongo/crypto/symmetric_crypto.cpp index 0a6bbc2e916..32d888cfbbb 100644 --- a/src/mongo/crypto/symmetric_crypto.cpp +++ b/src/mongo/crypto/symmetric_crypto.cpp @@ -48,7 +48,12 @@ namespace mongo { namespace crypto { +namespace { +std::unique_ptr<SecureRandom> random; +} // namespace + MONGO_INITIALIZER(CreateKeyEntropySource)(InitializerContext* context) { + random = std::unique_ptr<SecureRandom>(SecureRandom::create()); return Status::OK(); } @@ -85,8 +90,16 @@ std::string getStringFromCipherMode(aesMode mode) { SymmetricKey aesGenerate(size_t keySize, SymmetricKeyId keyId) { invariant(keySize == sym256KeySize); + SecureVector<uint8_t> key(keySize); - SecureRandom().fill(key->data(), key->size()); + + size_t offset = 0; + while (offset < keySize) { + std::uint64_t randomValue = random->nextInt64(); + memcpy(key->data() + offset, &randomValue, sizeof(randomValue)); + offset += sizeof(randomValue); + } + return SymmetricKey(std::move(key), aesAlgorithm, std::move(keyId)); } |