[njs] Random: prioritise CCRandomGenerateBytes over getentropy on macOs.

Dmitry Volyntsev xeioex at nginx.com
Wed May 31 02:50:20 UTC 2023 

details:   https://hg.nginx.org/njs/rev/ab54ef24feac
branches:  
changeset: 2143:ab54ef24feac
user:      David CARLIER <devnexen at gmail.com>
date:      Sun May 28 15:36:46 2023 +0100
description:
Random: prioritise CCRandomGenerateBytes over getentropy on macOs.

It is recommended approach by Apple itself.

diffstat:

 auto/getrandom   |  24 +++++++++++++++++++++++-
 src/njs_random.c |  13 +++++++++++++
 2 files changed, 36 insertions(+), 1 deletions(-)

diffs (71 lines):

diff -r 2e8563c8143b -r ab54ef24feac auto/getrandom
--- a/auto/getrandom	Fri May 26 21:54:12 2023 -0700
+++ b/auto/getrandom	Sun May 28 15:36:46 2023 +0100
@@ -50,6 +50,28 @@ fi
 
 if [ $njs_found = no ]; then
 
+    # macOS 10.10.
+
+    njs_feature="CCRandomGenerateBytes() in CommonCrypto/CommonRandom.h"
+    njs_feature_name=NJS_HAVE_CCRANDOMGENERATEBYTES
+    njs_feature_test="#include <CommonCrypto/CommonCryptoError.h>
+                      #include <CommonCrypto/CommonRandom.h>
+
+                      int main(void) {
+                          char  buf[4];
+
+                          if (CCRandomGenerateBytes(buf, 4) != kCCSuccess) {
+                              return 1;
+                          }
+
+                          return 0;
+                      }"
+    . auto/feature
+fi
+
+
+if [ $njs_found = no ]; then
+
     # OpenBSD 5.6 lacks <sys/random.h>.
 
     njs_feature="getentropy()"
@@ -71,7 +93,7 @@ fi
 
 if [ $njs_found = no ]; then
 
-    # macOS 10.12.
+    # Solaris based systems.
 
     njs_feature="getentropy() in sys/random.h"
     njs_feature_name=NJS_HAVE_GETENTROPY_SYS_RANDOM
diff -r 2e8563c8143b -r ab54ef24feac src/njs_random.c
--- a/src/njs_random.c	Fri May 26 21:54:12 2023 -0700
+++ b/src/njs_random.c	Sun May 28 15:36:46 2023 +0100
@@ -8,6 +8,9 @@
 #include <njs_main.h>
 #if (NJS_HAVE_GETRANDOM)
 #include <sys/random.h>
+#elif (NJS_HAVE_CCRANDOMGENERATEBYTES)
+#include <CommonCrypto/CommonCryptoError.h>
+#include <CommonCrypto/CommonRandom.h>
 #elif (NJS_HAVE_LINUX_SYS_GETRANDOM)
 #include <sys/syscall.h>
 #include <linux/random.h>
@@ -72,6 +75,16 @@ njs_random_stir(njs_random_t *r, njs_pid
 
     n = syscall(SYS_getrandom, &key, NJS_RANDOM_KEY_SIZE, 0);
 
+#elif (NJS_HAVE_CCRANDOMGENERATEBYTES)
+
+    /* Apple discourages the use of getentropy. */
+
+    n = 0;
+
+    if (CCRandomGenerateBytes(&key, NJS_RANDOM_KEY_SIZE) == kCCSuccess) {
+        n = NJS_RANDOM_KEY_SIZE;
+    }
+
 #elif (NJS_HAVE_GETENTROPY || NJS_HAVE_GETENTROPY_SYS_RANDOM)
 
     n = 0;

More information about the nginx-devel mailing list