From 63e70b67eb93f78eae8122ce31443d394dcbd196 Mon Sep 17 00:00:00 2001
From: Ed Schouten <ed@80386.nl>
Date: Tue, 10 Mar 2015 07:46:06 +0000
Subject: [PATCH] Add support for arc4random() to random_device.

Nuxi CloudABI (https://github.com/NuxiNL/cloudlibc) does not allow
processes to access the global filesystem namespace. This breaks
random_device, as it attempts to use /dev/{u,}random. This change adds
support for arc4random(), which is present on CloudABI.

In my opinion it would also make sense to use arc4random() on other
operating systems, such as *BSD and Mac OS X, but I'd rather leave that
to the maintainers of the respective platforms. Switching to
arc4random() does change the ABI.

This change also attempts to make some cleanups to the code. It adds a
single #define for every random interface, instead of testing against
operating systems explicitly.

As discussed, also validate the token argument to be equal to
"/dev/urandom" on all systems that only provide pseudo-random numbers.
This should cause little to no breakage, as "/dev/urandom" is also the
default argument value.

Reviewed by: jfb
Differential Revision: http://reviews.llvm.org/D8134


git-svn-id: https://llvm.org/svn/llvm-project/libcxx/trunk@231764 91177308-0d34-0410-b5e6-96231b3b80d8
---
 include/__config                              |  14 ++-
 include/random                                |   4 +-
 src/random.cpp                                | 111 +++++++++++-------
 .../numerics/rand/rand.device/ctor.pass.cpp   |  10 +-
 4 files changed, 86 insertions(+), 53 deletions(-)

diff --git a/include/__config b/include/__config
index b109ad77..00dfa9fc 100644
--- a/include/__config
+++ b/include/__config
@@ -110,12 +110,22 @@
 # endif
 #endif // __sun__
 
-#if defined(__native_client__)
+#if defined(__CloudABI__)
+  // Certain architectures provide arc4random(). Prefer using
+  // arc4random() over /dev/{u,}random to make it possible to obtain
+  // random data even when using sandboxing mechanisms such as chroots,
+  // Capsicum, etc.
+# define _LIBCPP_USING_ARC4_RANDOM
+#elif defined(__native_client__)
   // NaCl's sandbox (which PNaCl also runs in) doesn't allow filesystem access,
   // including accesses to the special files under /dev. C++11's
   // std::random_device is instead exposed through a NaCl syscall.
 # define _LIBCPP_USING_NACL_RANDOM
-#endif // defined(__native_client__)
+#elif defined(_WIN32)
+# define _LIBCPP_USING_WIN32_RANDOM
+#else
+# define _LIBCPP_USING_DEV_RANDOM
+#endif
 
 #if !defined(_LIBCPP_LITTLE_ENDIAN) || !defined(_LIBCPP_BIG_ENDIAN)
 # include <endian.h>
diff --git a/include/random b/include/random
index bccf92a3..64382a3d 100644
--- a/include/random
+++ b/include/random
@@ -3475,9 +3475,9 @@ typedef shuffle_order_engine<minstd_rand0, 256>                         knuth_b;
 
 class _LIBCPP_TYPE_VIS random_device
 {
-#if !(defined(_WIN32) || defined(_LIBCPP_USING_NACL_RANDOM))
+#ifdef _LIBCPP_USING_DEV_RANDOM
     int __f_;
-#endif // !(defined(_WIN32) || defined(_LIBCPP_USING_NACL_RANDOM))
+#endif // defined(_LIBCPP_USING_DEV_RANDOM)
 public:
     // types
     typedef unsigned result_type;
diff --git a/src/random.cpp b/src/random.cpp
index 0a1d2a58..4ab424ea 100644
--- a/src/random.cpp
+++ b/src/random.cpp
@@ -7,11 +7,10 @@
 //
 //===----------------------------------------------------------------------===//
 
-#if defined(_WIN32)
+#if defined(_LIBCPP_USING_WIN32_RANDOM)
 // Must be defined before including stdlib.h to enable rand_s().
 #define _CRT_RAND_S
-#include <stdio.h>
-#endif // defined(_WIN32)
+#endif // defined(_LIBCPP_USING_WIN32_RANDOM)
 
 #include "random"
 #include "system_error"
@@ -19,46 +18,27 @@
 #if defined(__sun__)
 #define rename solaris_headers_are_broken
 #endif // defined(__sun__)
-#if !defined(_WIN32)
+
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+#if defined(_LIBCPP_USING_DEV_RANDOM)
 #include <fcntl.h>
 #include <unistd.h>
-#endif // !defined(_WIN32)
-#include <errno.h>
-#if defined(_LIBCPP_USING_NACL_RANDOM)
+#elif defined(_LIBCPP_USING_NACL_RANDOM)
 #include <nacl/nacl_random.h>
-#endif // defined(_LIBCPP_USING_NACL_RANDOM)
+#endif
+
 
 _LIBCPP_BEGIN_NAMESPACE_STD
 
-#if defined(_WIN32)
-
-random_device::random_device(const string&)
-{
-}
-
-random_device::~random_device()
-{
-}
-
-unsigned
-random_device::operator()()
-{
-    unsigned r;
-    errno_t err = rand_s(&r);
-    if (err)
-        __throw_system_error(err, "random_device rand_s failed.");
-    return r;
-}
-
-#elif defined(_LIBCPP_USING_NACL_RANDOM)
+#if defined(_LIBCPP_USING_ARC4_RANDOM)
 
 random_device::random_device(const string& __token)
 {
     if (__token != "/dev/urandom")
         __throw_system_error(ENOENT, ("random device not supported " + __token).c_str());
-    int error = nacl_secure_random_init();
-    if (error)
-        __throw_system_error(error, ("random device failed to open " + __token).c_str());
 }
 
 random_device::~random_device()
@@ -68,18 +48,10 @@ random_device::~random_device()
 unsigned
 random_device::operator()()
 {
-    unsigned r;
-    size_t n = sizeof(r);
-    size_t bytes_written;
-    int error = nacl_secure_random(&r, n, &bytes_written);
-    if (error != 0)
-        __throw_system_error(error, "random_device failed getting bytes");
-    else if (bytes_written != n)
-        __throw_runtime_error("random_device failed to obtain enough bytes");
-    return r;
+    return arc4random();
 }
 
-#else // !defined(_WIN32) && !defined(_LIBCPP_USING_NACL_RANDOM)
+#elif defined(_LIBCPP_USING_DEV_RANDOM)
 
 random_device::random_device(const string& __token)
     : __f_(open(__token.c_str(), O_RDONLY))
@@ -116,7 +88,60 @@ random_device::operator()()
     return r;
 }
 
-#endif // defined(_WIN32) || defined(_LIBCPP_USING_NACL_RANDOM)
+#elif defined(_LIBCPP_USING_NACL_RANDOM)
+
+random_device::random_device(const string& __token)
+{
+    if (__token != "/dev/urandom")
+        __throw_system_error(ENOENT, ("random device not supported " + __token).c_str());
+    int error = nacl_secure_random_init();
+    if (error)
+        __throw_system_error(error, ("random device failed to open " + __token).c_str());
+}
+
+random_device::~random_device()
+{
+}
+
+unsigned
+random_device::operator()()
+{
+    unsigned r;
+    size_t n = sizeof(r);
+    size_t bytes_written;
+    int error = nacl_secure_random(&r, n, &bytes_written);
+    if (error != 0)
+        __throw_system_error(error, "random_device failed getting bytes");
+    else if (bytes_written != n)
+        __throw_runtime_error("random_device failed to obtain enough bytes");
+    return r;
+}
+
+#elif defined(_LIBCPP_USING_WIN32_RANDOM)
+
+random_device::random_device(const string& __token)
+{
+    if (__token != "/dev/urandom")
+        __throw_system_error(ENOENT, ("random device not supported " + __token).c_str());
+}
+
+random_device::~random_device()
+{
+}
+
+unsigned
+random_device::operator()()
+{
+    unsigned r;
+    errno_t err = rand_s(&r);
+    if (err)
+        __throw_system_error(err, "random_device rand_s failed.");
+    return r;
+}
+
+#else
+#error "Random device not implemented for this architecture"
+#endif
 
 double
 random_device::entropy() const _NOEXCEPT
diff --git a/test/std/numerics/rand/rand.device/ctor.pass.cpp b/test/std/numerics/rand/rand.device/ctor.pass.cpp
index 2d9bc2ff..97f46b26 100644
--- a/test/std/numerics/rand/rand.device/ctor.pass.cpp
+++ b/test/std/numerics/rand/rand.device/ctor.pass.cpp
@@ -23,14 +23,12 @@
 #include <unistd.h>
 
 bool is_valid_random_device(const std::string &token) {
-#if defined(_WIN32)
-  return true;
-#elif defined(_LIBCPP_USING_NACL_RANDOM)
-  return token == "/dev/urandom";
-#else  // !defined(_WIN32) && !defined(_LIBCPP_USING_NACL_RANDOM)
+#if defined(_LIBCPP_USING_DEV_RANDOM)
   // Not an exhaustive list: they're the only tokens that are tested below.
   return token == "/dev/urandom" || token == "/dev/random";
-#endif // defined(_WIN32) || defined(_LIBCPP_USING_NACL_RANDOM)
+#else
+  return token == "/dev/urandom";
+#endif
 }
 
 void check_random_device_valid(const std::string &token) {