Project

General

Profile

Feature #3129 » 0001-rand-macOs-handling-update.patch

devnexen, 2022-01-02 09:55

View differences:

src/CMakeLists.txt
152 152
check_function_exists(getrandom HAVE_GETRANDOM)
153 153
set(CMAKE_EXTRA_INCLUDE_FILES)
154 154

  
155
check_include_files(CommonCrypto/CommonRandom.h HAVE_COMMONCRYPTO_COMMONRANDOM_H)
156
set(CMAKE_EXTRA_INCLUDE_FILES CommonCrypto/CommonRandom.h)
157
check_function_exists(CCRandomGenerateBytes HAVE_CCRANDOMGENERATEBYTES)
158
set(CMAKE_EXTRA_INCLUDE_FILES)
159

  
155 160
set(CMAKE_EXTRA_INCLUDE_FILES time.h)
156 161
check_function_exists(timegm HAVE_TIMEGM)
157 162
set(CMAKE_EXTRA_INCLUDE_FILES)
src/config.h.cmake
13 13
#endif
14 14

  
15 15
/* System */
16
#cmakedefine  HAVE_COMMONCRYPTO_COMMONRANDOM_H
16 17
#cmakedefine  HAVE_DLFCN_H
18
#cmakedefine  HAVE_LINUX_RANDOM_H
17 19
#cmakedefine  HAVE_PORT_H
18 20
#cmakedefine  HAVE_SYS_DEVPOLL_H
19 21
#cmakedefine  HAVE_SYS_EPOLL_H
......
120 122
#cmakedefine  SIZEOF_OFF_T ${SIZEOF_OFF_T}
121 123

  
122 124
/* Functions */
125
#cmakedefine  HAVE_ARC4RANDOM_BUF
126
#cmakedefine  HAVE_CCRANDOMGENERATEBYTES
123 127
#cmakedefine  HAVE_CHROOT
124 128
#cmakedefine  HAVE_EPOLL_CTL
125 129
#cmakedefine  HAVE_FORK
130
#cmakedefine  HAVE_GETRANDOM
126 131
#cmakedefine  HAVE_GETRLIMIT
127 132
#cmakedefine  HAVE_GETUID
128 133
#cmakedefine  HAVE_GMTIME_R
src/meson.build
108 108
	))
109 109
endif
110 110

  
111
conf_data.set('HAVE_COMMONCRYPTO_COMMONRANDOM_H', compiler.has_header('CommonCrypto/CommonRandom.h'))
112
if conf_data.get('HAVE_COMMONCRYPTO_COMMONRANDOM_H')
113
	conf_data.set('HAVE_CCRANDOMGENERATEBYTES', compiler.has_function(
114
		'CCRandomGenerateBytes',
115
		args: defs,
116
		prefix: '#include <CommonCrypto/CommonRandom.h>'
117
	))
118
endif
119

  
111 120
conf_data.set('SIZEOF_LONG', compiler.sizeof('long', args: defs))
112 121
conf_data.set('SIZEOF_OFF_T', compiler.sizeof('off_t', args: defs))
113 122

  
src/rand.c
78 78
#include <sys/syscall.h>
79 79
#include <linux/random.h>
80 80
#endif
81
#ifdef HAVE_COMMONCRYPTO_COMMONRANDOM_H
82
#include <CommonCrypto/CommonRandom.h>
83
#endif
81 84
#ifdef RNDGETENTCNT
82 85
#include <sys/ioctl.h>
83 86
#endif
......
240 243
        u = ((unsigned int)xsubi[0] << 16) | xsubi[1];
241 244
    }
242 245
    else {
243
      #ifdef HAVE_ARC4RANDOM_BUF
246
      #if defined(HAVE_CCRANDOMGENERATEBYTES)
247
	/* purposely intended to be considered in priority above the arc4random api
248
	 * on macOs releases supporting this call (from Yosemite)
249
	 * indeed arc4random while reliable on BSD has two little flaws in macOs case:
250
	 * - one of them can't occur here (when size is 0 from macOs 10.15)
251
	 * - internally arc4random_buf uses ccrng_generate which returns a success status
252
	 *   but is silently ignored to respect the "no fail" arc4random interface contract.
253
	 *   While it occurs rarely concretally, we re taking precautions here to cathc possible
254
	 *   failures and falling back to the classic rand() api.
255
	 */
256
        if (CCRandomGenerateBytes(&u, sizeof(u)) != kCCSuccess)
257
		goto li_rand_fallback;
258
	if (CCRandomGenerateBytes(xsubi, sizeof(xsubi)) != kCCSuccess)
259
		goto li_rand_fallback;
260
      #elif defined(HAVE_ARC4RANDOM_BUF)
244 261
        u = arc4random();
245 262
        arc4random_buf(xsubi, sizeof(xsubi));
263
	return;
246 264
      #elif defined(__COVERITY__)
247 265
        /* Coverity Scan ignores(?) annotation below,
248 266
         * so hide fallback path from Coverity Scan */
249 267
        u = (unsigned int)(time(NULL) ^ getpid());
250
      #else
268
      #endif
269
li_rand_fallback:
251 270
        /* NOTE: not cryptographically random !!! */
252 271
        srand((unsigned int)(time(NULL) ^ getpid()));
253 272
        for (u = 0; u < sizeof(unsigned short); ++u)
254 273
            /* coverity[dont_call : FALSE] */
255 274
            xsubi[u] = (unsigned short)(rand() & 0xFFFF);
256 275
        u = ((unsigned int)xsubi[0] << 16) | xsubi[1];
257
      #endif
258 276
    }
259 277
    srand(u);   /*(initialize just in case rand() used elsewhere)*/
260 278
  #ifdef HAVE_SRANDOM
......
373 391
    if (SECSuccess == PK11_GenerateRandom((unsigned char *)&i, sizeof(i)))
374 392
        return i;
375 393
  #endif
376
  #ifdef HAVE_ARC4RANDOM_BUF
394
  #if defined(HAVE_CCRANDOMGENERATEBYTES)
395
    int i;
396
    if (CCRandomGenerateBytes(&i, sizeof(i)) != kCCSuccess)
397
        return (int)random();
398
    return i;
399
  #elif defined(HAVE_ARC4RANDOM_BUF)
377 400
    return (int)arc4random();
378 401
  #elif defined(__COVERITY__)
379 402
    /* li_rand_pseudo() is not intended for cryptographic use */
(1-1/2)