securer_randomer 0.1.5 → 0.1.6

data/.travis.yml

@@ -19,3 +19,4 @@ before_install:
 env:
   - WITH_MONKEYPATCH=false
   - WITH_MONKEYPATCH=true
+  - WITH_MONKEYPATCH=kinda

data/README.md

@@ -7,67 +7,93 @@ Ruby's SecureRandom prefers OpenSSL over other mechanisms (such as
 `/dev/urandom` and `getrandom(2)`). This has recently garnered [some][1]
 [criticism][2].
 
-[RbNaCl][3] provides Ruby bindings to a portable crypto library
-([libsodium][4]) that includes an alternative, OpenSSL-free pseudo-random
-number generator (PRNG) implementation.
+[RbNaCl][3] provides Ruby bindings to [libsodium][4], a portable crypto
+library—which is a fork of [NaCl][6] by Daniel J. Bernstein—that
+includes hooks to alternative, OpenSSL-free pseudo-random number generators
+(PRNGs) such as `getrandom(2)` on modern Linux kernels and `RtlGenRandom()` on
+Windows.
 
 This gem monkeypatches RbNaCl into SecureRandom and aims to be "bug-for-bug"
 compatible with the "stock" implementation of SecureRandom across Ruby
-versions. It also provides a nice "do what I mean" random number method that
+versions. It also provides a bonus "do what I mean" random number method that
 can be used instead of Kernel`.rand` and SecureRandom`.random_number`.
 
 ## History
 
 This gem started out as a very simple monkeypatch to
-SecureRandom`.random_bytes` and grew as I dug deeper. In newer Rubies, you need
-to patch `.gen_random` instead of `.random_bytes`, and it has no default byte
-size.
+SecureRandom`.random_bytes` and grew as I dug deeper. In newer rubies, for
+example, you need to patch `.gen_random` instead of `.random_bytes`, and it has
+a different calling signature.
 
-Generating random numbers proved to be rather tricky due to inconsistencies
-between the implementations and functionality of Kernel`.rand` and
-SecureRandom`.random_number` between Ruby versions. For example:
+Generating random numbers proved to be rather tricky due to inconsistencies of
+of Kernel`.rand` and SecureRandom`.random_number` between Ruby implementations
+and versions. For example:
 
 * `Kernel.rand(nil)` and `SecureRandom.random_number(nil)` both return a float
-  such that `{ 0.0 <= n < 1.0 }` in Ruby 2.3; but
+  `n` such that `0.0 <= n < 1.0` in Ruby 2.3; but
   `SecureRandom.random_number(nil)` throws an ArgumentError in Ruby 2.2
 * Kernel`.rand` with an inverted range (e.g. `0..-10`) returns `nil` in Ruby
   2.2+, but SecureRandom`.random_number` throws an ArgumentError in Ruby 2.2
-  and returns a float such that `{ 0.0 <= n < 1.0 }` in Ruby 2.3
+  and returns a float `n` such that `0.0 <= n < 1.0` in Ruby 2.3
 
-Tests started to accumulate so I decided it was probably a good idea to gemify
-this!
+Branching logic and tests started to accumulate so I decided it was probably a
+good idea to gemify this!
+
+### Why a monkeypatch?
+
+The concept of monkeypatching in Ruby is a sensitive subject. It has the
+potential to break things in unexpected ways and make Ruby code more difficult
+to troubleshoot, and it's these kinds of practices that give Ruby (and
+Rubyists) a bad name. It was actually way more labor-intensive to write this as
+a monkeypatch rather than landing it as a completely separate module. So why?
+
+Simply put, I do not anticipate this gem being a long-term solution! At some
+point in the hopefully-near future I would like to see the Ruby core team
+acquiesce to community pressure and modify `securerandom.rb` and `random.c` to
+not utilize OpenSSL and prefer `getrandom(2)` over `urandom`. And so my goal
+was not to write some super-maintainable, standalone piece of software, but
+rather a temporary fix that can be easily dropped into an existing project and
+easily pulled out at a later date. A monkeypatch is the best way to achieve
+this.
 
 ## Features
 
 * SecureRandom`.gen_random` (or `.random_bytes`)
 
-Monkeypatches SecureRandom such that its various formatter methods (`.uuid`,
-`.hex`, `.base64`, `.urlsafe_base64`, and `.random_bytes`) use RbNaCl for random
-byte generation instead of OpenSSL.
+  Monkeypatches SecureRandom such that its various formatter methods (`.uuid`,
+  `.hex`, `.base64`, `.urlsafe_base64`, and `.random_bytes`) use RbNaCl for random
+  byte generation instead of OpenSSL.
 
 * SecureRandom`.random_number`
 
-Monkeypatches SecureRandom such that it uses SecurerRandomer`.kernel_rand`
-instead of OpenSSL (or Kernel`.rand`) to generate random numbers from numeric
-types and ranges. It is bug-for-bug compatible with "stock" SecureRandom,
-meaning it "chokes" on the same inputs and throws the same exception types.
+  Monkeypatches SecureRandom such that it uses SecurerRandomer`.kernel_rand`
+  instead of OpenSSL to generate random numbers from numeric types and ranges. It
+  is bug-for-bug compatible with "stock" SecureRandom, meaning it "chokes" on the
+  same inputs and throws the same exception types.
+
+  If you prefer to use Kernel`.rand` instead of SecurerRandomer`.kernel_rand`,
+  add this statement to your bootup process after requiring SecurerRandomer:
+
+  ```ruby
+  SecurerRandomer::KERNEL_RAND = Kernel.method(:rand)
+  ```
 
 * SecurerRandomer`.kernel_rand`
 
-A bug-for-bug reimplementation of Kernel`.rand`&mdash;meaning it "chokes" on
-the same inputs and throws the same exception types&mdash;that uses RbNaCl as
-its source of entropy.
+  A bug-for-bug reimplementation of Kernel`.rand`&mdash;meaning it "chokes" on
+  the same inputs and throws the same exception types&mdash;that uses RbNaCl as
+  its source of entropy.
 
 * SecurerRandomer`.rand`
 
-An idealistic, "do what I mean" random number method that accepts a variety of
-inputs and returns what you might expect. Whereas `Kernel.rand(-5.6)` returns
-an integer such that `{ 0 <= n < 5 }` and `SecureRandom.random_number(-5.6)`
-returns a float such that `{ 0.0 <= n < 1.0 }`, **`SecurerRandomer.rand(-5.6)`
-returns a float such that `{ 0 >= n > -5.6 }`**. Whereas `Kernel.rand(10..0)`
-returns `nil` and `SecureRandom.random_number(10..0)` returns a float such that
-`{ 0.0 <= n < 1.0 }` (in Ruby 2.3), **`SecurerRandomer.rand(10..0)` returns an
-integer such that `{ 10 >= n >= 0 }`**.
+  An idealistic, "do what I mean" random number method that accepts a variety of
+  inputs and returns what you might expect. Whereas `Kernel.rand(-5.6)` returns
+  an integer `n` such that `0 <= n < 5` and `SecureRandom.random_number(-5.6)`
+  returns a float `n` such that `0.0 <= n < 1.0`, **`SecurerRandomer.rand(-5.6)`
+  returns a float `n` such that `0 >= n > -5.6`**. Whereas `Kernel.rand(10..0)`
+  returns `nil` and `SecureRandom.random_number(10..0)` returns a float `n` such
+  that `0.0 <= n < 1.0` (in Ruby 2.3), **`SecurerRandomer.rand(10..0)` returns an
+  integer `n` such that `10 >= n >= 0`**.
 
 ## Installation
 
@@ -100,9 +126,8 @@ and 2.3, and JRuby 1.7 and 9.0 (both under Oracle Java 8).
 
 I am neither a cryptologist nor a cryptographer. Although I'm fairly confident
 in the test suite, serious bugs affecting compatibility, randomness, and
-performance may be present. If you're cautious, I would recommend using the
-monkeypatched SecureRandom formatter methods for random data and Kernel`.rand`
-for random numbers. Bug reports are welcome.
+performance may be present. If you're cautious, I would recommend setting
+`SecurerRandomer::KERNEL_RAND = Kernel.method(:rand)` as described above.
 
 ## Development
 
@@ -123,3 +148,4 @@ The gem is available as open source under the terms of the [MIT License](http://
 [3]: https://github.com/cryptosphere/rbnacl
 [4]: https://github.com/jedisct1/libsodium
 [5]: https://github.com/cryptosphere/rbnacl-libsodium
+[6]: http://nacl.cr.yp.to

data/lib/securer_randomer/monkeypatch/secure_random.rb

@@ -1,6 +1,8 @@
 # frozen_string_literal: true
 
 module SecureRandom
+  KERNEL_RAND = SecurerRandomer.method(:kernel_rand)
+
   if respond_to?(:gen_random)
     def self.gen_random(n)
       RbNaCl::Random.random_bytes(n)
@@ -31,7 +33,7 @@ module SecureRandom
 
       raise TypeError unless arg
 
-      SecurerRandomer.rand(arg, true)
+      KERNEL_RAND.call(arg)
     rescue TypeError
       raise ArgumentError, "invalid argument - #{n}"
     end
@@ -42,7 +44,7 @@ module SecureRandom
       raise ArgumentError, "comparison of Fixnum with #{n} failed" unless n.is_a?(Numeric)
       raise FLOAT_ERROR if n.is_a?(Float) and n > 0
 
-      SecurerRandomer.rand(n > 0 ? n : 0, true)
+      KERNEL_RAND.call(n > 0 ? n : 0)
     end
   end
 end

data/lib/securer_randomer/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module SecurerRandomer
-  VERSION = '0.1.5' # rubocop:disable Style/MutableConstant
+  VERSION = '0.1.6' # rubocop:disable Style/MutableConstant
 end

data/securer_randomer.gemspec

@@ -26,5 +26,5 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency 'rspec-given', '~> 3.8.0'
   spec.add_development_dependency 'rubocop', '~> 0.39.0'
 
-  spec.add_runtime_dependency 'rbnacl', '~> 3.3.0'
+  spec.add_runtime_dependency 'rbnacl', '~> 3.3'
 end

metadata

@@ -1,110 +1,123 @@
 --- !ruby/object:Gem::Specification
 name: securer_randomer
 version: !ruby/object:Gem::Version
-  version: 0.1.5
+  version: 0.1.6
+  prerelease: 
 platform: ruby
 authors:
 - Mike Pastore
-autorequire:
+autorequire: 
 bindir: exe
 cert_chain: []
-date: 2016-05-11 00:00:00.000000000 Z
+date: 2016-05-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
+  name: bundler
   requirement: !ruby/object:Gem::Requirement
+    none: false
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '1.11'
-  name: bundler
-  prerelease: false
   type: :development
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
+    none: false
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '1.11'
 - !ruby/object:Gem::Dependency
+  name: rake
   requirement: !ruby/object:Gem::Requirement
+    none: false
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: 11.1.1
-  name: rake
-  prerelease: false
   type: :development
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
+    none: false
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: 11.1.1
 - !ruby/object:Gem::Dependency
+  name: rspec
   requirement: !ruby/object:Gem::Requirement
+    none: false
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '3.0'
-  name: rspec
-  prerelease: false
   type: :development
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
+    none: false
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '3.0'
 - !ruby/object:Gem::Dependency
+  name: rspec-given
   requirement: !ruby/object:Gem::Requirement
+    none: false
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: 3.8.0
-  name: rspec-given
-  prerelease: false
   type: :development
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
+    none: false
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: 3.8.0
 - !ruby/object:Gem::Dependency
+  name: rubocop
   requirement: !ruby/object:Gem::Requirement
+    none: false
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: 0.39.0
-  name: rubocop
-  prerelease: false
   type: :development
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
+    none: false
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: 0.39.0
 - !ruby/object:Gem::Dependency
+  name: rbnacl
   requirement: !ruby/object:Gem::Requirement
+    none: false
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
-        version: 3.3.0
-  name: rbnacl
-  prerelease: false
+        version: '3.3'
   type: :runtime
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
+    none: false
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
-        version: 3.3.0
-description:
+        version: '3.3'
+description: 
 email:
 - mike@oobak.org
 executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- ".gitignore"
-- ".rspec"
-- ".rubocop.yml"
-- ".travis.yml"
+- .gitignore
+- .rspec
+- .rubocop.yml
+- .travis.yml
 - Gemfile
 - LICENSE.txt
 - README.md
@@ -119,25 +132,29 @@ files:
 homepage: https://github.com/mwpastore/securer_randomer
 licenses:
 - MIT
-metadata: {}
-post_install_message:
+post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
   requirements:
-  - - ">="
+  - - ! '>='
     - !ruby/object:Gem::Version
       version: 1.9.3
 required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
   requirements:
-  - - ">="
+  - - ! '>='
     - !ruby/object:Gem::Version
       version: '0'
+      segments:
+      - 0
+      hash: 1367148123343509472
 requirements: []
-rubyforge_project:
-rubygems_version: 2.4.8
-signing_key:
-specification_version: 4
+rubyforge_project: 
+rubygems_version: 1.8.23.2
+signing_key: 
+specification_version: 3
 summary: Monkeypatch SecureRandom with RbNaCl
 test_files: []

checksums.yaml

@@ -1,7 +0,0 @@
----
-SHA1:
-  metadata.gz: 7cba7c11c88f376cd4e607ce3257ead37f85627a
-  data.tar.gz: 9b8f50ff4c3ded6e183525eec67e92f3384ed856
-SHA512:
-  metadata.gz: eb8dc02d517df6ccc33c3ef75faec746f6ed659d8185115bb147cef400d575212637ebc44df23a68fa430f5472a2020086b023cdcb4f186530935d140caf4602
-  data.tar.gz: f0c6807fad93b80a32318642b16a8ebbb4b43ef090743dbd737283bce4610ddf99a4d5f298ce03a9be682d7e590d1369144fb0f06527200172c293262bcc4e23