Drop SecureRandom in favor to Random::System

Random::System is now the secure source for random numbers. Despite the less explicit naming, it removes some duplication and source of confusion.
crystal-lang · Aug 28, 2017 · af8393f · af8393f
1 parent c9a0a23
commit af8393f
Show file tree

Hide file tree

Showing 12 changed files with 19 additions and 207 deletions.
diff --git a/spec/std/crypto/bcrypt_spec.cr b/spec/std/crypto/bcrypt_spec.cr
@@ -1,5 +1,6 @@
 require "spec"
 require "crypto/bcrypt"
+require "random/system"
 
 describe "Crypto::Bcrypt" do
   latin1_pound_sign = String.new(Bytes.new(1, 0xa3_u8))
@@ -28,16 +29,16 @@ describe "Crypto::Bcrypt" do
 
   it "validates salt size" do
     expect_raises(Crypto::Bcrypt::Error, /Invalid salt size/) do
-      Crypto::Bcrypt.new("abcd", SecureRandom.hex(7))
+      Crypto::Bcrypt.new("abcd", Random::System.hex(7))
     end
 
     expect_raises(Crypto::Bcrypt::Error, /Invalid salt size/) do
-      Crypto::Bcrypt.new("abcd", SecureRandom.hex(9))
+      Crypto::Bcrypt.new("abcd", Random::System.hex(9))
     end
   end
 
   it "validates cost" do
-    salt = SecureRandom.hex(8)
+    salt = Random::System.hex(8)
 
     expect_raises(Crypto::Bcrypt::Error, /Invalid cost/) do
       Crypto::Bcrypt.new("abcd", salt, 3)
@@ -49,7 +50,7 @@ describe "Crypto::Bcrypt" do
   end
 
   it "validates password size" do
-    salt = SecureRandom.random_bytes(16)
+    salt = Random::System.random_bytes(16)
 
     expect_raises(Crypto::Bcrypt::Error, /Invalid password size/) do
       Crypto::Bcrypt.new("".to_slice, salt)

diff --git a/spec/std/http/web_socket_spec.cr b/spec/std/http/web_socket_spec.cr
@@ -1,5 +1,6 @@
 require "spec"
 require "http/web_socket"
+require "random/system"
 
 private def assert_text_packet(packet, size, final = false)
   assert_packet packet, HTTP::WebSocket::Protocol::Opcode::TEXT, size, final: final
@@ -320,7 +321,7 @@ describe HTTP::WebSocket do
 
     ws2 = HTTP::WebSocket.new("ws://127.0.0.1:#{listen_port}")
 
-    random = SecureRandom.hex
+    random = Random::System.hex
     ws2.on_message do |str|
       str.should eq("pong #{random}")
       ws2.close
@@ -361,7 +362,7 @@ describe HTTP::WebSocket do
     client_context = OpenSSL::SSL::Context::Client.insecure
     ws2 = HTTP::WebSocket.new("127.0.0.1", port: listen_port, path: "/", tls: client_context)
 
-    random = SecureRandom.hex
+    random = Random::System.hex
     ws2.on_message do |str|
       str.should eq("pong #{random}")
       ws2.close

diff --git a/spec/std/secure_random_spec.cr b/spec/std/secure_random_spec.cr
diff --git a/src/crypto/bcrypt.cr b/src/crypto/bcrypt.cr
@@ -1,4 +1,4 @@
-require "secure_random"
+require "random/system"
 require "./subtle"
 
 # Pure Crystal implementation of the Bcrypt algorithm by Niels Provos and David
@@ -46,7 +46,7 @@ class Crypto::Bcrypt
   def self.hash_secret(password, cost = DEFAULT_COST) : String
     # We make a clone here to we don't keep a mutable reference to the original string
     passwordb = password.to_unsafe.to_slice(password.bytesize + 1).clone # include leading 0
-    saltb = SecureRandom.random_bytes(SALT_SIZE)
+    saltb = Random::System.random_bytes(SALT_SIZE)
     new(passwordb, saltb, cost).to_s
   end
 

diff --git a/src/docs_main.cr b/src/docs_main.cr
@@ -51,7 +51,6 @@ require "./option_parser"
 require "./partial_comparable"
 require "./random/**"
 require "./readline"
-require "./secure_random"
 require "./signal"
 require "./string_pool"
 require "./string_scanner"

diff --git a/src/http/multipart.cr b/src/http/multipart.cr
@@ -1,3 +1,4 @@
+require "random/system"
 require "./multipart/*"
 
 # The `HTTP::Multipart` module contains utilities for parsing MIME multipart
@@ -89,7 +90,7 @@ module HTTP::Multipart
   # HTTP::Multipart.generate_boundary # => "---------------------------dQu6bXHYb4m5zrRC3xPTGwV"
   # ```
   def self.generate_boundary
-    "--------------------------#{SecureRandom.urlsafe_base64(18)}"
+    "--------------------------#{Random::System.urlsafe_base64(18)}"
   end
 
   class Error < Exception

diff --git a/src/http/multipart/builder.cr b/src/http/multipart/builder.cr
@@ -1,5 +1,3 @@
-require "secure_random"
-
 module HTTP::Multipart
   # Builds a multipart MIME message.
   #

diff --git a/src/oauth.cr b/src/oauth.cr
@@ -1,7 +1,7 @@
 require "http/client"
 require "http/params"
 require "uri"
-require "secure_random"
+require "random/system"
 require "openssl/hmac"
 require "base64"
 require "./oauth/**"
diff --git a/src/oauth/oauth.cr b/src/oauth/oauth.cr
@@ -50,7 +50,7 @@ module OAuth
 
   private def self.oauth_header(client, request, token, token_secret, consumer_key, consumer_secret, extra_params)
     ts = Time.now.epoch.to_s
-    nonce = SecureRandom.hex
+    nonce = Random::System.hex
 
     signature = Signature.new consumer_key, consumer_secret, token, token_secret, extra_params
     signature.authorization_header request, client.tls?, ts, nonce

diff --git a/src/oauth2/access_token/mac.cr b/src/oauth2/access_token/mac.cr
@@ -1,4 +1,4 @@
-require "secure_random"
+require "random/system"
 require "openssl/hmac"
 require "base64"
 require "./access_token"
@@ -22,7 +22,7 @@ class OAuth2::AccessToken::Mac < OAuth2::AccessToken
 
   def authenticate(request : HTTP::Request, tls)
     ts = Time.now.epoch
-    nonce = "#{ts - @issued_at}:#{SecureRandom.hex}"
+    nonce = "#{ts - @issued_at}:#{Random::System.hex}"
     method = request.method
     uri = request.resource
     host, port = host_and_port request, tls

diff --git a/src/openssl/cipher.cr b/src/openssl/cipher.cr
@@ -1,3 +1,4 @@
+require "random/system"
 require "openssl"
 
 class OpenSSL::Cipher
@@ -37,12 +38,12 @@ class OpenSSL::Cipher
   end
 
   def random_key
-    key = SecureRandom.random_bytes key_len
+    key = Random::System.random_bytes key_len
     self.key = key
   end
 
   def random_iv
-    iv = SecureRandom.random_bytes iv_len
+    iv = Random::System.random_bytes iv_len
     self.iv = iv
   end
 

diff --git a/src/secure_random.cr b/src/secure_random.cr