diff --git a/rebar.config b/rebar.config index 434c16af3..27439109b 100644 --- a/rebar.config +++ b/rebar.config @@ -71,6 +71,7 @@ {if_var_match, db_type, mssql, {d, 'mssql'}}, {if_var_true, elixir, {d, 'ELIXIR_ENABLED'}}, {if_var_true, erlang_deprecated_types, {d, 'ERL_DEPRECATED_TYPES'}}, + {if_version_above, "18", {d, 'STRONG_RAND_BYTES'}}, {if_var_true, hipe, native}, {src_dirs, [asn1, src, {if_var_true, tools, tools}, diff --git a/src/cyrsasl_scram.erl b/src/cyrsasl_scram.erl index 18f52b48f..1c464e121 100644 --- a/src/cyrsasl_scram.erl +++ b/src/cyrsasl_scram.erl @@ -87,7 +87,7 @@ mech_step(#state{step = 2} = State, ClientIn) -> if is_tuple(Ret) -> Ret; true -> TempSalt = - crypto:rand_bytes(?SALT_LENGTH), + randoms:bytes(?SALT_LENGTH), SaltedPassword = scram:salted_password(Ret, TempSalt, @@ -101,7 +101,7 @@ mech_step(#state{step = 2} = State, ClientIn) -> str:substr(ClientIn, str:str(ClientIn, <<"n=">>)), ServerNonce = - jlib:encode_base64(crypto:rand_bytes(?NONCE_LENGTH)), + jlib:encode_base64(randoms:bytes(?NONCE_LENGTH)), ServerFirstMessage = iolist_to_binary( ["r=", diff --git a/src/ejabberd.erl b/src/ejabberd.erl index 6bd2422ae..5a6fc64d7 100644 --- a/src/ejabberd.erl +++ b/src/ejabberd.erl @@ -105,8 +105,6 @@ start_app([], _Type, _StartFlag) -> ok. check_app_modules(App, StartFlag) -> - {A, B, C} = p1_time_compat:timestamp(), - random:seed(A, B, C), sleep(5000), case application:get_key(App, modules) of {ok, Mods} -> @@ -140,7 +138,7 @@ exit_or_halt(Reason, StartFlag) -> end. sleep(N) -> - timer:sleep(random:uniform(N)). + timer:sleep(randoms:uniform(N)). get_module_file(App, Mod) -> BaseName = atom_to_list(Mod), diff --git a/src/ejabberd_auth_mnesia.erl b/src/ejabberd_auth_mnesia.erl index 2a4554d15..f36c9fbc7 100644 --- a/src/ejabberd_auth_mnesia.erl +++ b/src/ejabberd_auth_mnesia.erl @@ -450,7 +450,7 @@ password_to_scram(Password) -> ?SCRAM_DEFAULT_ITERATION_COUNT). password_to_scram(Password, IterationCount) -> - Salt = crypto:rand_bytes(?SALT_LENGTH), + Salt = randoms:bytes(?SALT_LENGTH), SaltedPassword = scram:salted_password(Password, Salt, IterationCount), StoredKey = diff --git a/src/ejabberd_auth_riak.erl b/src/ejabberd_auth_riak.erl index c74f1b28e..05add262e 100644 --- a/src/ejabberd_auth_riak.erl +++ b/src/ejabberd_auth_riak.erl @@ -270,7 +270,7 @@ password_to_scram(Password) -> ?SCRAM_DEFAULT_ITERATION_COUNT). password_to_scram(Password, IterationCount) -> - Salt = crypto:rand_bytes(?SALT_LENGTH), + Salt = randoms:bytes(?SALT_LENGTH), SaltedPassword = scram:salted_password(Password, Salt, IterationCount), StoredKey = diff --git a/src/ejabberd_auth_sql.erl b/src/ejabberd_auth_sql.erl index d6d945e02..93dac4f4f 100644 --- a/src/ejabberd_auth_sql.erl +++ b/src/ejabberd_auth_sql.erl @@ -406,7 +406,7 @@ password_to_scram(Password) -> ?SCRAM_DEFAULT_ITERATION_COUNT). password_to_scram(Password, IterationCount) -> - Salt = crypto:rand_bytes(?SALT_LENGTH), + Salt = randoms:bytes(?SALT_LENGTH), SaltedPassword = scram:salted_password(Password, Salt, IterationCount), StoredKey = diff --git a/src/ejabberd_s2s_out.erl b/src/ejabberd_s2s_out.erl index a30f2f438..ae3433a6a 100644 --- a/src/ejabberd_s2s_out.erl +++ b/src/ejabberd_s2s_out.erl @@ -1099,13 +1099,12 @@ get_addr_port(Server) -> ?DEBUG("srv lookup of '~s': ~p~n", [Server, HEnt#hostent.h_addr_list]), AddrList = HEnt#hostent.h_addr_list, - random:seed(p1_time_compat:timestamp()), case catch lists:map(fun ({Priority, Weight, Port, Host}) -> N = case Weight of 0 -> 0; _ -> - (Weight + 1) * random:uniform() + (Weight + 1) * randoms:uniform() end, {Priority * 65536 - N, Host, Port} end, diff --git a/src/ejabberd_service.erl b/src/ejabberd_service.erl index 9dd7c831e..26374c1f1 100644 --- a/src/ejabberd_service.erl +++ b/src/ejabberd_service.erl @@ -135,13 +135,13 @@ init([{SockMod, Socket}, Opts]) -> fun({H, Os}, D) -> P = proplists:get_value( password, Os, - p1_sha:sha(crypto:rand_bytes(20))), + p1_sha:sha(randoms:bytes(20))), dict:store(H, P, D) end, dict:new(), HOpts); false -> Pass = proplists:get_value( password, Opts, - p1_sha:sha(crypto:rand_bytes(20))), + p1_sha:sha(randoms:bytes(20))), dict:from_list([{global, Pass}]) end, %% privilege access to entities data diff --git a/src/extauth.erl b/src/extauth.erl index 50330b47b..6063d3670 100644 --- a/src/extauth.erl +++ b/src/extauth.erl @@ -102,8 +102,7 @@ call_port(Server, Msg) -> receive {eauth, Result} -> Result end. random_instance(MaxNum) -> - random:seed(p1_time_compat:timestamp()), - random:uniform(MaxNum) - 1. + randoms:uniform(MaxNum) - 1. get_instances(Server) -> ejabberd_config:get_option( diff --git a/src/mod_echo.erl b/src/mod_echo.erl index 96651aebf..da3f5cf0f 100644 --- a/src/mod_echo.erl +++ b/src/mod_echo.erl @@ -172,7 +172,7 @@ do_client_version(disabled, _From, _To) -> ok; do_client_version(enabled, From, To) -> ToS = jid:to_string(To), Random_resource = - iolist_to_binary(integer_to_list(random:uniform(100000))), + iolist_to_binary(integer_to_list(randoms:uniform(100000))), From2 = From#jid{resource = Random_resource, lresource = Random_resource}, Packet = #xmlel{name = <<"iq">>, diff --git a/src/randoms.erl b/src/randoms.erl index 52fceef4e..75bc280a2 100644 --- a/src/randoms.erl +++ b/src/randoms.erl @@ -27,14 +27,29 @@ -author('alexey@process-one.net'). --export([get_string/0]). +-export([get_string/0, uniform/0, uniform/1, bytes/1]). -export([start/0]). +-define(THRESHOLD, 16#10000000000000000). + start() -> ok. get_string() -> - R = crypto:rand_uniform(0, 16#10000000000000000), + R = crypto:rand_uniform(0, ?THRESHOLD), jlib:integer_to_binary(R). +uniform() -> + crypto:rand_uniform(0, ?THRESHOLD)/?THRESHOLD. + +uniform(N) -> + crypto:rand_uniform(0, N). + +-ifdef(STRONG_RAND_BYTES). +bytes(N) -> + crypto:strong_rand_bytes(N). +-else. +bytes(N) -> + crypto:rand_bytes(N). +-endif.