Only let reindexing puts through locked bucket if their token matches that of the lock

Avoids race condition edge case where reindexing puts from an outdated
visitor may pass through a bucket lock intended for a newly created
visitor operation

Tokens are 128-bit values derived from a CSPRNG, so uniqueness is for
all intents and purposes guaranteed.

3 files changed, 25 insertions, 0 deletions

diff --git a/vespalib/src/vespa/vespalib/crypto/CMakeLists.txt b/vespalib/src/vespa/vespalib/crypto/CMakeLists.txt
index 6000156fcfa..299e3402e23 100644
--- a/vespalib/src/vespa/vespalib/crypto/CMakeLists.txt
+++ b/vespalib/src/vespa/vespalib/crypto/CMakeLists.txt
@@ -4,6 +4,7 @@ vespa_add_library(vespalib_vespalib_crypto OBJECT
     crypto_exception.cpp
     openssl_crypto_impl.cpp
     private_key.cpp
+    random.cpp
     x509_certificate.cpp
     DEPENDS
 )
diff --git a/vespalib/src/vespa/vespalib/crypto/random.cpp b/vespalib/src/vespa/vespalib/crypto/random.cpp
new file mode 100644
index 00000000000..49200706839
--- /dev/null
+++ b/vespalib/src/vespa/vespalib/crypto/random.cpp
@@ -0,0 +1,13 @@
+// Copyright Verizon Media. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
+#include "random.h"
+#include <openssl/rand.h>
+
+namespace vespalib::crypto {
+
+void random_buffer(unsigned char* buf, size_t len) noexcept {
+    if (::RAND_bytes(buf, len) != 1) {
+        abort();
+    }
+}
+
+}
diff --git a/vespalib/src/vespa/vespalib/crypto/random.h b/vespalib/src/vespa/vespalib/crypto/random.h
new file mode 100644
index 00000000000..a97f8df2bc2
--- /dev/null
+++ b/vespalib/src/vespa/vespalib/crypto/random.h
@@ -0,0 +1,11 @@
+// Copyright Verizon Media. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
+#pragma once
+#include <cstddef>
+
+namespace vespalib::crypto {
+
+// Fills `buf` with `len` bytes of cryptographically secure pseudo-random data.
+// Aborts the process if CSPRNG somehow fails.
+void random_buffer(unsigned char* buf, size_t len) noexcept;
+
+}