[PATCH] Add OpenSSL::Random#random_bytes and #pseudo_bytes
Reported by Stephen Veiss | July 22nd, 2008 @ 05:59 PM | in 1.0 preview
- Implements the above two methods via FFI.
- Adds OpenSSL::OpenSSLError exception class.
- Allows spec/ruby/1.8/library/openssl/random/*_spec.rb to pass.
Note that the behaviour of #pseudo_bytes does not quite match that of ext/openssl as distributed with MRI:
According to man RAND_bytes(3), the return value of RAND_bytes indicates if an error occurred. However, the return value of RAND_pseudo_bytes indicates if the returned bytes are cryptographically secure or not.
ext/openssl appears to treat both cases the same -- raising an OpenSSLError if the return value is 0. For the RAND_pseudo_bytes case, this return value indicates that the returned bytes are not cryptographically secure -- which is reasonable, as the user has specifically requested this!
I think that the behaviour of MRI's ext/openssl is a bug; however, I don't think I have access to a system where RAND_pseudo_bytes returns cryptographically insecure bytes against which to check...
RSpec output:
sveiss@stephen-veiss-macbook rbx $ ./bin/mspec -tx ./spec/ruby/1.8/library/openssl/random/*_spec.rb
......
Finished in 0.251230 seconds
2 files, 6 examples, 770 expectations, 0 failures, 0 errors
The specs which this patch passes are in the RubySpec repository, but are not yet in the frozen Rubinius specs.
Regards,
Stephen Veiss
Comments and changes to this ticket
-
Eric Hodel July 22nd, 2008 @ 10:25 PM
- → Assigned user changed from “” to “Wilson Bilkovich”
Please Login or create a free account to add a new comment.
You can update this ticket by sending an email to from your email client. (help)
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile »
Wilson Bilkovich