Welcome! Log In Create A New Profile

[njs] Random: prioritise CCRandomGenerateBytes over getentropy on macOs.

Forum List Message List New Topic Print View

Dmitry Volyntsev

May 30, 2023 10:52PM

details: https://hg.nginx.org/njs/rev/ab54ef24feac
branches:
changeset: 2143:ab54ef24feac
user: David CARLIER <devnexen@gmail.com>
date: Sun May 28 15:36:46 2023 +0100
description:
Random: prioritise CCRandomGenerateBytes over getentropy on macOs.

It is recommended approach by Apple itself.

diffstat:

auto/getrandom | 24 +++++++++++++++++++++++-
src/njs_random.c | 13 +++++++++++++
2 files changed, 36 insertions(+), 1 deletions(-)

diffs (71 lines):

diff -r 2e8563c8143b -r ab54ef24feac auto/getrandom
--- a/auto/getrandom Fri May 26 21:54:12 2023 -0700
+++ b/auto/getrandom Sun May 28 15:36:46 2023 +0100
@@ -50,6 +50,28 @@ fi

if [ $njs_found = no ]; then

+ # macOS 10.10.
+
+ njs_feature="CCRandomGenerateBytes() in CommonCrypto/CommonRandom.h"
+ njs_feature_name=NJS_HAVE_CCRANDOMGENERATEBYTES
+ njs_feature_test="#include <CommonCrypto/CommonCryptoError.h>
+ #include <CommonCrypto/CommonRandom.h>
+
+ int main(void) {
+ char buf[4];
+
+ if (CCRandomGenerateBytes(buf, 4) != kCCSuccess) {
+ return 1;
+ }
+
+ return 0;
+ }"
+ . auto/feature
+fi
+
+
+if [ $njs_found = no ]; then
+
# OpenBSD 5.6 lacks <sys/random.h>.

njs_feature="getentropy()"
@@ -71,7 +93,7 @@ fi

if [ $njs_found = no ]; then

- # macOS 10.12.
+ # Solaris based systems.

njs_feature="getentropy() in sys/random.h"
njs_feature_name=NJS_HAVE_GETENTROPY_SYS_RANDOM
diff -r 2e8563c8143b -r ab54ef24feac src/njs_random.c
--- a/src/njs_random.c Fri May 26 21:54:12 2023 -0700
+++ b/src/njs_random.c Sun May 28 15:36:46 2023 +0100
@@ -8,6 +8,9 @@
#include <njs_main.h>
#if (NJS_HAVE_GETRANDOM)
#include <sys/random.h>
+#elif (NJS_HAVE_CCRANDOMGENERATEBYTES)
+#include <CommonCrypto/CommonCryptoError.h>
+#include <CommonCrypto/CommonRandom.h>
#elif (NJS_HAVE_LINUX_SYS_GETRANDOM)
#include <sys/syscall.h>
#include <linux/random.h>
@@ -72,6 +75,16 @@ njs_random_stir(njs_random_t *r, njs_pid

n = syscall(SYS_getrandom, &key, NJS_RANDOM_KEY_SIZE, 0);

+#elif (NJS_HAVE_CCRANDOMGENERATEBYTES)
+
+ /* Apple discourages the use of getentropy. */
+
+ n = 0;
+
+ if (CCRandomGenerateBytes(&key, NJS_RANDOM_KEY_SIZE) == kCCSuccess) {
+ n = NJS_RANDOM_KEY_SIZE;
+ }
+
#elif (NJS_HAVE_GETENTROPY || NJS_HAVE_GETENTROPY_SYS_RANDOM)

n = 0;
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-devel

Reply Quote

RSS

Subject	Author	Views	Posted
[njs] Random: prioritise CCRandomGenerateBytes over getentropy on macOs.	Dmitry Volyntsev	303	May 30, 2023 10:52PM

Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 168

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018