[libcxx-commits] [libcxx] 3064dd8 - [libcxx] Use Fuchsia-native CPRNG for std::random_device

Tue Jan 4 10:24:31 PST 2022

Author: Roland McGrath
Date: 2022-01-04T10:24:18-08:00
New Revision: 3064dd8ccffc561e0f01cfa930b9a481d90e7f4f

URL: https://github.com/llvm/llvm-project/commit/3064dd8ccffc561e0f01cfa930b9a481d90e7f4f
DIFF: https://github.com/llvm/llvm-project/commit/3064dd8ccffc561e0f01cfa930b9a481d90e7f4f.diff

LOG: [libcxx] Use Fuchsia-native CPRNG for std::random_device

Use the zx_cprng_draw system call directly rather than going
through the libc getentropy function.  The libc function is a
trivial wrapper around the system call, and is not a standard C
function.  Avoiding it reduces the Fuchsia libc ABI surface that
libc++ depends on.

Reviewed By: #libc, ldionne

Differential Revision: https://reviews.llvm.org/D116498

Added: 
    

Modified: 
    libcxx/include/__config
    libcxx/src/random.cpp

Removed: 
    


################################################################################
diff  --git a/libcxx/include/__config b/libcxx/include/__config
index 720e12eac0dda..98f011e7c6ada 100644

--- a/libcxx/include/__config
+++ b/libcxx/include/__config
@@ -354,6 +354,12 @@
 //      When this option is used, the token passed to `std::random_device`'s
 //      constructor *must* be "/dev/urandom" -- anything else is an error.
 //
+// _LIBCPP_USING_FUCHSIA_CPRNG
+//      Use Fuchsia's zx_cprng_draw() system call, which is specified to
+//      deliver high-quality entropy and cannot fail.
+//      When this option is used, the token passed to `std::random_device`'s
+//      constructor *must* be "/dev/urandom" -- anything else is an error.
+//
 // _LIBCPP_USING_NACL_RANDOM
 //      NaCl's sandbox (which PNaCl also runs in) doesn't allow filesystem access,
 //      including accesses to the special files under `/dev`. This implementation
@@ -367,8 +373,10 @@
 //      constructor *must* be "/dev/urandom" -- anything else is an error.
 #if defined(__OpenBSD__)
 #  define _LIBCPP_USING_ARC4_RANDOM
-#elif defined(__Fuchsia__) || defined(__wasi__)
+#elif defined(__wasi__)
 #  define _LIBCPP_USING_GETENTROPY
+#elif defined(__Fuchsia__)
+#  define _LIBCPP_USING_FUCHSIA_CPRNG
 #elif defined(__native_client__)
 #  define _LIBCPP_USING_NACL_RANDOM
 #elif defined(_LIBCPP_WIN32API)

diff  --git a/libcxx/src/random.cpp b/libcxx/src/random.cpp
index 286a457851549..5590db85e48ad 100644
--- a/libcxx/src/random.cpp
+++ b/libcxx/src/random.cpp
@@ -36,6 +36,8 @@
 #   endif
 #elif defined(_LIBCPP_USING_NACL_RANDOM)
 #   include <nacl/nacl_random.h>
+#elif defined(_LIBCPP_USING_FUCHSIA_CPRNG)
+#  include <zircon/syscalls.h>
 #endif
 
 
@@ -170,6 +172,27 @@ random_device::operator()()
     return r;
 }
 
+#elif defined(_LIBCPP_USING_FUCHSIA_CPRNG)
+
+random_device::random_device(const string& __token) {
+  if (__token != "/dev/urandom")
+    __throw_system_error(ENOENT, ("random device not supported " + __token).c_str());
+}
+
+random_device::~random_device() {}
+
+unsigned random_device::operator()() {
+  // Implicitly link against the vDSO system call ABI without
+  // requiring the final link to specify -lzircon explicitly when
+  // statically linking libc++.
+#  pragma comment(lib, "zircon")
+
+  // The system call cannot fail.  It returns only when the bits are ready.
+  unsigned r;
+  _zx_cprng_draw(&r, sizeof(r));
+  return r;
+}
+
 #else
 #error "Random device not implemented for this architecture"
 #endif
@@ -189,7 +212,7 @@ random_device::entropy() const noexcept
     return std::numeric_limits<result_type>::digits;
 
   return ent;
-#elif defined(__OpenBSD__)
+#elif defined(__OpenBSD__) || defined(_LIBCPP_USING_FUCHSIA_CPRNG)
   return std::numeric_limits<result_type>::digits;
 #else
   return 0;


        
