base/rand_util_win.cc - Issue 141753009: Use RtlGenRandom() directly instead of going through rand_s().

Side by Side Diff: base/rand_util_win.cc

Issue 141753009: Use RtlGenRandom() directly instead of going through rand_s(). (Closed) Base URL: http://chromium.googlesource.com/chromium/src.git@master

Patch Set: Fix types. Created 6 years, 11 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "base/rand_util.h"	5 #include "base/rand_util.h"

6	6

7 #include <stdlib.h>	7 #include <stdlib.h>

	8 #include <windows.h>

8	9

9 #include "base/basictypes.h"	10 #include "base/basictypes.h"

	11 #include "base/lazy_instance.h"

10 #include "base/logging.h"	12 #include "base/logging.h"

11	13

12 namespace {	14 namespace {

	15 typedef BOOLEAN (WINAPI *RtlGenRandomPtr)(PVOID, ULONG);

13	16

14 uint32 RandUint32() {	17 class WinRandom {

15 uint32 number;	18 public:

16 CHECK_EQ(rand_s(&number), 0);	19 WinRandom()

17 return number;	20 : rtl_gen_random_(reinterpret_cast<RtlGenRandomPtr>(

18 }	21 ::GetProcAddress(::GetModuleHandle(L"advapi32.dll"),
	bradn 2014/01/22 22:31:29 Any accomodation need to be made for failure here? Any accomodation need to be made for failure here? Or is it fair to assume all that talk of it being altered or unavailable in subsequent versions is moot because srand_s uses it internally? wtc 2014/01/22 22:42:04 RtlGenRandom is already mentioned in some official Show quoted text On 2014/01/22 22:31:29, bradn wrote: > Any accomodation need to be made for failure here? > Or is it fair to assume all that talk of it being altered or unavailable in > subsequent versions is moot because srand_s uses it internally? RtlGenRandom is already mentioned in some official Microsoft blog posts, so it cannot be altered or removed without causing big problems. jschuh 2014/01/22 23:04:24 One thing I forgot. Contrary to popular belief, th One thing I forgot. Contrary to popular belief, this is officially supported, does have a proper import library, and doesn't need an explicit dynamic import. See the note at this link regarding NTSecAPI.h: http://msdn.microsoft.com/en-us/library/windows/desktop/aa387694(v=vs.85).aspx DaleCurtis 2014/01/22 23:50:51 This compiles and works using the workaround menti Show quoted text On 2014/01/22 23:04:24, Justin Schuh wrote: > One thing I forgot. Contrary to popular belief, this is officially supported, > does have a proper import library, and doesn't need an explicit dynamic import. > See the note at this link regarding NTSecAPI.h: > http://msdn.microsoft.com/en-us/library/windows/desktop/aa387694%28v=vs.85%29... This compiles and works using the workaround mentioned there.
	22 "SystemFunction036"))) {}

	23 ~WinRandom() {}

	24

	25 void RtlGenRandom(void* output, uint32 output_length) const {

	26 CHECK_EQ(rtl_gen_random_(output, output_length), TRUE);

	27 }

	28

	29 private:

	30 const RtlGenRandomPtr rtl_gen_random_;

	31 };

	32

	33 base::LazyInstance<WinRandom>::Leaky g_win_random = LAZY_INSTANCE_INITIALIZER;

19	34

20 } // namespace	35 } // namespace

21	36

22 namespace base {	37 namespace base {

23	38

24 // NOTE: This function must be cryptographically secure. http://crbug.com/140076	39 // NOTE: This function must be cryptographically secure. http://crbug.com/140076

25 uint64 RandUint64() {	40 uint64 RandUint64() {

26 uint32 first_half = RandUint32();	41 uint64 number;
	Ryan Sleevi 2014/01/22 22:12:26 Free fixup while you're here - http://src.chromium Free fixup while you're here - http://src.chromium.org/viewvc/chrome/trunk/src/base/basictypes.h?revision=24... (would have been nicer if we didn't split this out :P) Not needed in this CL though, just FYI. DaleCurtis 2014/01/22 22:27:53 I've left this one alone for now since it requires Show quoted text On 2014/01/22 22:12:26, Ryan Sleevi wrote: > Free fixup while you're here - > http://src.chromium.org/viewvc/chrome/trunk/src/base/basictypes.h?revision=24... > (would have been nicer if we didn't split this out :P) > > Not needed in this CL though, just FYI. I've left this one alone for now since it requires changing the headers and all implementations. I'll put together a separate cleanup CL to get them all.
27 uint32 second_half = RandUint32();	42 g_win_random.Pointer()->RtlGenRandom(&number, sizeof(number));

28 return (static_cast<uint64>(first_half) << 32) + second_half;	43 return number;

29 }	44 }

30	45

31 void RandBytes(void* output, size_t output_length) {	46 void RandBytes(void* output, size_t output_length) {

32 uint64 random_int;	47 char* output_ptr = static_cast<char*>(output);

33 const size_t random_int_size = sizeof(random_int);	48 const WinRandom* win_random_ptr = g_win_random.Pointer();

34 for (size_t i = 0; i < output_length; i += random_int_size) {	49 while (output_length > 0) {

35 random_int = base::RandUint64();	50 const uint32 output_bytes_this_pass =
	Ryan Sleevi 2014/01/22 22:12:26 use uint32_t and use stdint.h - https://code.googl use uint32_t and use stdint.h - https://code.google.com/p/chromium/codesearch#chromium/src/base/basictypes.h&... DaleCurtis 2014/01/22 22:27:53 Thanks for the pointer. I didn't realize this was Show quoted text On 2014/01/22 22:12:26, Ryan Sleevi wrote: > use uint32_t and use stdint.h - > https://code.google.com/p/chromium/codesearch#chromium/src/base/basictypes.h&... Thanks for the pointer. I didn't realize this was the new hotness. Done.
36 size_t copy_count = std::min(output_length - i, random_int_size);	51 std::min(output_length, static_cast<size_t>(kuint32max));
	Ryan Sleevi 2014/01/22 22:12:26 note: Don't you need a cast here, since you're pro note: Don't you need a cast here, since you're providing two size_t types to std::min(), it returns a size_t (the C++03 25.3.7 definition only takes one type - T - not a return type) const uint32_t output_bytes_this_pass = static_cast<uint32_t>(std::min(...)) DaleCurtis 2014/01/22 22:27:53 Done. Show quoted text On 2014/01/22 22:12:26, Ryan Sleevi wrote: > note: Don't you need a cast here, since you're providing two size_t types to > std::min(), it returns a size_t (the C++03 25.3.7 definition only takes one type > - T - not a return type) > > const uint32_t output_bytes_this_pass = static_cast<uint32_t>(std::min(...)) Done. DaleCurtis 2014/01/22 23:50:51 Sadly this doesn't seem to work with MSVC, it refu Show quoted text On 2014/01/22 22:27:53, DaleCurtis wrote: > On 2014/01/22 22:12:26, Ryan Sleevi wrote: > > note: Don't you need a cast here, since you're providing two size_t types to > > std::min(), it returns a size_t (the C++03 25.3.7 definition only takes one > type > > - T - not a return type) > > > > const uint32_t output_bytes_this_pass = static_cast<uint32_t>(std::min(...)) > > Done. Sadly this doesn't seem to work with MSVC, it refused to compile indicating that the type was ambiguously "size_t" or "unsigned long". jschuh 2014/01/23 17:24:13 I think the explicit cast is actually correct, as Show quoted text On 2014/01/22 23:50:51, DaleCurtis wrote: > On 2014/01/22 22:27:53, DaleCurtis wrote: > > On 2014/01/22 22:12:26, Ryan Sleevi wrote: > > > note: Don't you need a cast here, since you're providing two size_t types to > > > std::min(), it returns a size_t (the C++03 25.3.7 definition only takes one > > type > > > - T - not a return type) > > > > > > const uint32_t output_bytes_this_pass = static_cast<uint32_t>(std::min(...)) > > > > Done. > > Sadly this doesn't seem to work with MSVC, it refused to compile indicating that > the type was ambiguously "size_t" or "unsigned long". I think the explicit cast is actually correct, as MSVC has ramped up its warnings for 64-bit unsafe coercions.
37 memcpy(((uint8*)output) + i, &random_int, copy_count);	52 win_random_ptr->RtlGenRandom(output_ptr, output_bytes_this_pass);

	53 output_length -= output_bytes_this_pass;

	54 output_ptr += output_bytes_this_pass;

38 }	55 }

39 }	56 }

40	57

41 } // namespace base	58 } // namespace base

OLD	NEW

« no previous file with comments | « no previous file | no next file » | no next file with comments »