Project

General

Profile

Download (5.24 KB)

Feature #3129 » 0001-rand-macOs-handling-update.patch

devnexen, 2022-01-02 09:59

View differences:

src/CMakeLists.txt
152 152 
check_function_exists(getrandom HAVE_GETRANDOM)
153 153 
set(CMAKE_EXTRA_INCLUDE_FILES)
154 154 

  		




  
  155
  
    
check_include_files(CommonCrypto/CommonRandom.h HAVE_COMMONCRYPTO_COMMONRANDOM_H)

  		




  
  156
  
    
set(CMAKE_EXTRA_INCLUDE_FILES CommonCrypto/CommonRandom.h)

  		




  
  157
  
    
check_function_exists(CCRandomGenerateBytes HAVE_CCRANDOMGENERATEBYTES)

  		




  
  158
  
    
set(CMAKE_EXTRA_INCLUDE_FILES)

  		




  
  159
  
    

  		




  155
  160
  
    
set(CMAKE_EXTRA_INCLUDE_FILES time.h)

  		




  156
  161
  
    
check_function_exists(timegm HAVE_TIMEGM)

  		




  157
  162
  
    
set(CMAKE_EXTRA_INCLUDE_FILES)

  		












  

    
      src/config.h.cmake
    
  





  13
  13
  
    
#endif

  		




  14
  14
  
    

  		




  15
  15
  
    
/* System */

  		




  
  16
  
    
#cmakedefine  HAVE_COMMONCRYPTO_COMMONRANDOM_H

  		




  16
  17
  
    
#cmakedefine  HAVE_DLFCN_H

  		




  
  18
  
    
#cmakedefine  HAVE_LINUX_RANDOM_H

  		




  17
  19
  
    
#cmakedefine  HAVE_PORT_H

  		




  18
  20
  
    
#cmakedefine  HAVE_SYS_DEVPOLL_H

  		




  19
  21
  
    
#cmakedefine  HAVE_SYS_EPOLL_H

  		




  ......




  120
  122
  
    
#cmakedefine  SIZEOF_OFF_T ${SIZEOF_OFF_T}

  		




  121
  123
  
    

  		




  122
  124
  
    
/* Functions */

  		




  
  125
  
    
#cmakedefine  HAVE_ARC4RANDOM_BUF

  		




  
  126
  
    
#cmakedefine  HAVE_CCRANDOMGENERATEBYTES

  		




  123
  127
  
    
#cmakedefine  HAVE_CHROOT

  		




  124
  128
  
    
#cmakedefine  HAVE_EPOLL_CTL

  		




  125
  129
  
    
#cmakedefine  HAVE_FORK

  		




  
  130
  
    
#cmakedefine  HAVE_GETRANDOM

  		




  126
  131
  
    
#cmakedefine  HAVE_GETRLIMIT

  		




  127
  132
  
    
#cmakedefine  HAVE_GETUID

  		




  128
  133
  
    
#cmakedefine  HAVE_GMTIME_R

  		












  

    
      src/meson.build
    
  





  108
  108
  
    
	))

  		




  109
  109
  
    
endif

  		




  110
  110
  
    

  		




  
  111
  
    
conf_data.set('HAVE_COMMONCRYPTO_COMMONRANDOM_H', compiler.has_header('CommonCrypto/CommonRandom.h'))

  		




  
  112
  
    
if conf_data.get('HAVE_COMMONCRYPTO_COMMONRANDOM_H')

  		




  
  113
  
    
	conf_data.set('HAVE_CCRANDOMGENERATEBYTES', compiler.has_function(

  		




  
  114
  
    
		'CCRandomGenerateBytes',

  		




  
  115
  
    
		args: defs,

  		




  
  116
  
    
		prefix: '#include <CommonCrypto/CommonRandom.h>'

  		




  
  117
  
    
	))

  		




  
  118
  
    
endif

  		




  
  119
  
    

  		




  111
  120
  
    
conf_data.set('SIZEOF_LONG', compiler.sizeof('long', args: defs))

  		




  112
  121
  
    
conf_data.set('SIZEOF_OFF_T', compiler.sizeof('off_t', args: defs))

  		




  113
  122
  
    

  		












  

    
      src/rand.c
    
  





  78
  78
  
    
#include <sys/syscall.h>

  		




  79
  79
  
    
#include <linux/random.h>

  		




  80
  80
  
    
#endif

  		




  
  81
  
    
#ifdef HAVE_COMMONCRYPTO_COMMONRANDOM_H

  		




  
  82
  
    
#include <CommonCrypto/CommonRandom.h>

  		




  
  83
  
    
#endif

  		




  81
  84
  
    
#ifdef RNDGETENTCNT

  		




  82
  85
  
    
#include <sys/ioctl.h>

  		




  83
  86
  
    
#endif

  		




  ......




  240
  243
  
    
        u = ((unsigned int)xsubi[0] << 16) | xsubi[1];

  		




  241
  244
  
    
    }

  		




  242
  245
  
    
    else {

  		




  243
  
  
    
      #ifdef HAVE_ARC4RANDOM_BUF

  		




  
  246
  
    
      #if defined(HAVE_CCRANDOMGENERATEBYTES)

  		




  
  247
  
    
	/* purposely intended to be considered in priority above the arc4random api

  		




  
  248
  
    
	 * on macOs releases supporting this call (from Yosemite)

  		




  
  249
  
    
	 * indeed arc4random while reliable on BSD has two little flaws in macOs case:

  		




  
  250
  
    
	 * - one of them can't occur here (when size is 0 from macOs 10.15)

  		




  
  251
  
    
	 * - internally arc4random_buf uses ccrng_generate which returns a success status

  		




  
  252
  
    
	 *   but is silently ignored to respect the "no fail" arc4random interface contract.

  		




  
  253
  
    
	 *   While it occurs rarely concretally, we re taking precautions here to cathc possible

  		




  
  254
  
    
	 *   failures and falling back to the classic rand() api.

  		




  
  255
  
    
	 */

  		




  
  256
  
    
        if (CCRandomGenerateBytes(&u, sizeof(u)) != kCCSuccess)

  		




  
  257
  
    
		goto li_rand_fallback;

  		




  
  258
  
    
	if (CCRandomGenerateBytes(xsubi, sizeof(xsubi)) != kCCSuccess)

  		




  
  259
  
    
		goto li_rand_fallback;

  		




  
  260
  
    
	return;

  		




  
  261
  
    
      #elif defined(HAVE_ARC4RANDOM_BUF)

  		




  244
  262
  
    
        u = arc4random();

  		




  245
  263
  
    
        arc4random_buf(xsubi, sizeof(xsubi));

  		




  
  264
  
    
	return;

  		




  246
  265
  
    
      #elif defined(__COVERITY__)

  		




  247
  266
  
    
        /* Coverity Scan ignores(?) annotation below,

  		




  248
  267
  
    
         * so hide fallback path from Coverity Scan */

  		




  249
  268
  
    
        u = (unsigned int)(time(NULL) ^ getpid());

  		




  250
  
  
    
      #else

  		




  
  269
  
    
      #endif

  		




  
  270
  
    
li_rand_fallback:

  		




  251
  271
  
    
        /* NOTE: not cryptographically random !!! */

  		




  252
  272
  
    
        srand((unsigned int)(time(NULL) ^ getpid()));

  		




  253
  273
  
    
        for (u = 0; u < sizeof(unsigned short); ++u)

  		




  254
  274
  
    
            /* coverity[dont_call : FALSE] */

  		




  255
  275
  
    
            xsubi[u] = (unsigned short)(rand() & 0xFFFF);

  		




  256
  276
  
    
        u = ((unsigned int)xsubi[0] << 16) | xsubi[1];

  		




  257
  
  
    
      #endif

  		




  258
  277
  
    
    }

  		




  259
  278
  
    
    srand(u);   /*(initialize just in case rand() used elsewhere)*/

  		




  260
  279
  
    
  #ifdef HAVE_SRANDOM

  		




  ......




  373
  392
  
    
    if (SECSuccess == PK11_GenerateRandom((unsigned char *)&i, sizeof(i)))

  		




  374
  393
  
    
        return i;

  		




  375
  394
  
    
  #endif

  		




  376
  
  
    
  #ifdef HAVE_ARC4RANDOM_BUF

  		




  
  395
  
    
  #if defined(HAVE_CCRANDOMGENERATEBYTES)

  		




  
  396
  
    
    int i;

  		




  
  397
  
    
    if (CCRandomGenerateBytes(&i, sizeof(i)) != kCCSuccess)

  		




  
  398
  
    
        return (int)random();

  		




  
  399
  
    
    return i;

  		




  
  400
  
    
  #elif defined(HAVE_ARC4RANDOM_BUF)

  		




  377
  401
  
    
    return (int)arc4random();

  		




  378
  402
  
    
  #elif defined(__COVERITY__)

  		




  379
  403
  
    
    /* li_rand_pseudo() is not intended for cryptographic use */

  		















  (2-2/2)