diff options
Diffstat (limited to 'src/mongo/crypto')
-rw-r--r-- | src/mongo/crypto/mechanism_scram.h | 12 | ||||
-rw-r--r-- | src/mongo/crypto/symmetric_crypto.cpp | 15 |
2 files changed, 23 insertions, 4 deletions
diff --git a/src/mongo/crypto/mechanism_scram.h b/src/mongo/crypto/mechanism_scram.h index 5e0265679ea..fcb16331830 100644 --- a/src/mongo/crypto/mechanism_scram.h +++ b/src/mongo/crypto/mechanism_scram.h @@ -102,9 +102,15 @@ public: } static std::vector<std::uint8_t> generateSecureRandomSalt() { - std::vector<std::uint8_t> salt(saltLength()); - SecureRandom().fill(salt.data(), salt.size()); - return salt; + // Express salt length as a number of quad words, rounded up. + constexpr auto qwords = (saltLength() + sizeof(std::int64_t) - 1) / sizeof(std::int64_t); + std::array<std::int64_t, qwords> userSalt; + + std::unique_ptr<SecureRandom> sr(SecureRandom::create()); + std::generate(userSalt.begin(), userSalt.end(), [&sr] { return sr->nextInt64(); }); + return std::vector<std::uint8_t>(reinterpret_cast<std::uint8_t*>(userSalt.data()), + reinterpret_cast<std::uint8_t*>(userSalt.data()) + + saltLength()); } private: diff --git a/src/mongo/crypto/symmetric_crypto.cpp b/src/mongo/crypto/symmetric_crypto.cpp index 0a6bbc2e916..32d888cfbbb 100644 --- a/src/mongo/crypto/symmetric_crypto.cpp +++ b/src/mongo/crypto/symmetric_crypto.cpp @@ -48,7 +48,12 @@ namespace mongo { namespace crypto { +namespace { +std::unique_ptr<SecureRandom> random; +} // namespace + MONGO_INITIALIZER(CreateKeyEntropySource)(InitializerContext* context) { + random = std::unique_ptr<SecureRandom>(SecureRandom::create()); return Status::OK(); } @@ -85,8 +90,16 @@ std::string getStringFromCipherMode(aesMode mode) { SymmetricKey aesGenerate(size_t keySize, SymmetricKeyId keyId) { invariant(keySize == sym256KeySize); + SecureVector<uint8_t> key(keySize); - SecureRandom().fill(key->data(), key->size()); + + size_t offset = 0; + while (offset < keySize) { + std::uint64_t randomValue = random->nextInt64(); + memcpy(key->data() + offset, &randomValue, sizeof(randomValue)); + offset += sizeof(randomValue); + } + return SymmetricKey(std::move(key), aesAlgorithm, std::move(keyId)); } |