This is an archive of the discontinued LLVM Phabricator instance.

Differential D8134

libc++: Add support for arc4random() to random_device.
ClosedPublic

Authored by ed on Mar 7 2015, 12:12 AM.

Details

Reviewers
majnemer
jfb
Commits
rG17f5dbef9bf1: Add support for arc4random() to random_device.
rCXX231764: Add support for arc4random() to random_device.
rL231764: Add support for arc4random() to random_device.
Summary

Nuxi CloudABI (https://github.com/NuxiNL/cloudlibc) does not allow processes to access the global filesystem namespace. This breaks random_device, as it attempts to use /dev/{u,}random. This change adds support for arc4random(), which is present on CloudABI.

In my opinion it would also make sense to use arc4random() on other operating systems, such as *BSD and Mac OS X, but I'd rather leave that to the maintainers of the respective platforms. Switching to arc4random() does change the ABI.

This change also attempts to make some cleanups to the code. It adds a single #define for every random interface, instead of testing against operating systems explicitly.

Diff Detail

Repository
rL LLVM

Event Timeline

ed updated this revision to Diff 21416.Mar 7 2015, 12:12 AM
ed retitled this revision from to libc++: Add support for arc4random() to random_device..
ed updated this object.
ed edited the test plan for this revision. (Show Details)
ed added reviewers: jfb, majnemer.
ed added a subscriber: Unknown Object (MLST).
Herald added a subscriber: jfb. · View Herald TranscriptMar 7 2015, 12:12 AM
ed updated this object.Mar 7 2015, 12:13 AM
ed set the repository for this revision to rL LLVM.Mar 7 2015, 12:22 AM
jfb edited edge metadata.Mar 7 2015, 9:10 AM

arc4random was broken for a short while on FreeBSD: http://lwn.net/Articles/633805/rss
Not much can be done from libc++, but I'd avoid using it for a while on that platform so we can be reasonably certain they're fixed.

Another idea is having arc4random as a fallback on platforms where opening /dev/urandom fails and arc4random is available. The rationale is that the platforms offers a POSIX-y API but the /dev/ access was blocked by a sandbox. I'm not sure I like that approach, but I think it's worth mentioning.

test/std/numerics/rand/rand.device/ctor.pass.cpp
32 ↗(On Diff #21416)

We had a discussion about allowing any string on Windows: I think it's a bad idea. I realize it's implementation dependent, but I'd only allow /dev/urandom on new platforms if you don't offer the semantics of /dev/random.

ed updated this revision to Diff 21480.Mar 9 2015, 5:32 AM
ed edited edge metadata.

Hi JF,

In D8134#136002, @jfb wrote:

arc4random was broken for a short while on FreeBSD: http://lwn.net/Articles/633805/rss
Not much can be done from libc++, but I'd avoid using it for a while on that platform so we can be reasonably certain they're fixed.

Just for the record, as Ed Maste (emaste@FreeBSD.org) reported, arc4random() was only broken in the development track of FreeBSD. There shouldn't be any reason to not use it on supported versions of FreeBSD. For now I'll only enable this on CloudABI (because it's needed to make libc++ build).

I've updated the patch to check for /dev/urandom on all architectures now. Be sure to let me know what you think.

Thanks,
Ed

jfb added a comment.Mar 9 2015, 8:21 PM

The changes LGTM with the Windows implementation fix.

Please update the commit message to indicate that this is an API break on Windows but it's probably inconsequential: any string used to be accepted, and now only the default string in the random_device ctor is accepted.

src/random.cpp
122 ↗(On Diff #21480)

__token?

Closed by commit rL231764: Add support for arc4random() to random_device. (authored by ed). · Explain WhyMar 10 2015, 12:48 AM
This revision was automatically updated to reflect the committed changes.

Revision Contents

PathSize
libcxx/
trunk/
include/
14 lines
4 lines
src/
95 lines
test/
std/
numerics/
rand/
rand.device/
10 lines

Diff 21553

libcxx/trunk/include/__config

Show First 20 LinesShow All 104 Lines▼ Show 20 Lines
# define _LIBCPP_LITTLE_ENDIAN 1 # define _LIBCPP_LITTLE_ENDIAN 1
# define _LIBCPP_BIG_ENDIAN 0 # define _LIBCPP_BIG_ENDIAN 0
# else # else
# define _LIBCPP_LITTLE_ENDIAN 0 # define _LIBCPP_LITTLE_ENDIAN 0
# define _LIBCPP_BIG_ENDIAN 1 # define _LIBCPP_BIG_ENDIAN 1
# endif # endif
#endif // __sun__ #endif // __sun__
#if defined(__native_client__) #if defined(__CloudABI__)
// Certain architectures provide arc4random(). Prefer using
// arc4random() over /dev/{u,}random to make it possible to obtain
// random data even when using sandboxing mechanisms such as chroots,
// Capsicum, etc.
# define _LIBCPP_USING_ARC4_RANDOM
#elif defined(__native_client__)
// NaCl's sandbox (which PNaCl also runs in) doesn't allow filesystem access, // NaCl's sandbox (which PNaCl also runs in) doesn't allow filesystem access,
// including accesses to the special files under /dev. C++11's // including accesses to the special files under /dev. C++11's
// std::random_device is instead exposed through a NaCl syscall. // std::random_device is instead exposed through a NaCl syscall.
# define _LIBCPP_USING_NACL_RANDOM # define _LIBCPP_USING_NACL_RANDOM
#endif // defined(__native_client__) #elif defined(_WIN32)
# define _LIBCPP_USING_WIN32_RANDOM
#else
# define _LIBCPP_USING_DEV_RANDOM
#endif
#if !defined(_LIBCPP_LITTLE_ENDIAN) || !defined(_LIBCPP_BIG_ENDIAN) #if !defined(_LIBCPP_LITTLE_ENDIAN) || !defined(_LIBCPP_BIG_ENDIAN)
# include <endian.h> # include <endian.h>
# if __BYTE_ORDER == __LITTLE_ENDIAN # if __BYTE_ORDER == __LITTLE_ENDIAN
# define _LIBCPP_LITTLE_ENDIAN 1 # define _LIBCPP_LITTLE_ENDIAN 1
# define _LIBCPP_BIG_ENDIAN 0 # define _LIBCPP_BIG_ENDIAN 0
# elif __BYTE_ORDER == __BIG_ENDIAN # elif __BYTE_ORDER == __BIG_ENDIAN
# define _LIBCPP_LITTLE_ENDIAN 0 # define _LIBCPP_LITTLE_ENDIAN 0
▲ Show 20 LinesShow All 585 LinesShow Last 20 Lines

libcxx/trunk/include/random

Show First 20 LinesShow All 3,469 Lines▼ Show 20 Lines
} }
typedef shuffle_order_engine<minstd_rand0, 256> knuth_b; typedef shuffle_order_engine<minstd_rand0, 256> knuth_b;
// random_device // random_device
class _LIBCPP_TYPE_VIS random_device class _LIBCPP_TYPE_VIS random_device
{ {
#if !(defined(_WIN32) || defined(_LIBCPP_USING_NACL_RANDOM)) #ifdef _LIBCPP_USING_DEV_RANDOM
int __f_; int __f_;
#endif // !(defined(_WIN32) || defined(_LIBCPP_USING_NACL_RANDOM)) #endif // defined(_LIBCPP_USING_DEV_RANDOM)
public: public:
// types // types
typedef unsigned result_type; typedef unsigned result_type;
// generator characteristics // generator characteristics
static _LIBCPP_CONSTEXPR const result_type _Min = 0; static _LIBCPP_CONSTEXPR const result_type _Min = 0;
static _LIBCPP_CONSTEXPR const result_type _Max = 0xFFFFFFFFu; static _LIBCPP_CONSTEXPR const result_type _Max = 0xFFFFFFFFu;
▲ Show 20 LinesShow All 3,240 LinesShow Last 20 Lines

libcxx/trunk/src/random.cpp

//===-------------------------- random.cpp --------------------------------===// //===-------------------------- random.cpp --------------------------------===//
// //
// The LLVM Compiler Infrastructure // The LLVM Compiler Infrastructure
// //
// This file is dual licensed under the MIT and the University of Illinois Open // This file is dual licensed under the MIT and the University of Illinois Open
// Source Licenses. See LICENSE.TXT for details. // Source Licenses. See LICENSE.TXT for details.
// //
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
#if defined(_WIN32) #if defined(_LIBCPP_USING_WIN32_RANDOM)
// Must be defined before including stdlib.h to enable rand_s(). // Must be defined before including stdlib.h to enable rand_s().
#define _CRT_RAND_S #define _CRT_RAND_S
#include <stdio.h> #endif // defined(_LIBCPP_USING_WIN32_RANDOM)
#endif // defined(_WIN32)
#include "random" #include "random"
#include "system_error" #include "system_error"
#if defined(__sun__) #if defined(__sun__)
#define rename solaris_headers_are_broken #define rename solaris_headers_are_broken
#endif // defined(__sun__) #endif // defined(__sun__)
#if !defined(_WIN32)
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
#if defined(_LIBCPP_USING_DEV_RANDOM)
#include <fcntl.h> #include <fcntl.h>
#include <unistd.h> #include <unistd.h>
#endif // !defined(_WIN32) #elif defined(_LIBCPP_USING_NACL_RANDOM)
#include <errno.h>
#if defined(_LIBCPP_USING_NACL_RANDOM)
#include <nacl/nacl_random.h> #include <nacl/nacl_random.h>
#endif // defined(_LIBCPP_USING_NACL_RANDOM) #endif
_LIBCPP_BEGIN_NAMESPACE_STD _LIBCPP_BEGIN_NAMESPACE_STD
#if defined(_WIN32) #if defined(_LIBCPP_USING_ARC4_RANDOM)
random_device::random_device(const string&) random_device::random_device(const string& __token)
{ {
if (__token != "/dev/urandom")
__throw_system_error(ENOENT, ("random device not supported " + __token).c_str());
} }
random_device::~random_device() random_device::~random_device()
{ {
} }
unsigned unsigned
random_device::operator()() random_device::operator()()
{ {
return arc4random();
}
#elif defined(_LIBCPP_USING_DEV_RANDOM)
random_device::random_device(const string& __token)
: __f_(open(__token.c_str(), O_RDONLY))
{
if (__f_ < 0)
__throw_system_error(errno, ("random_device failed to open " + __token).c_str());
}
random_device::~random_device()
{
close(__f_);
}
unsigned
random_device::operator()()
{
unsigned r; unsigned r;
errno_t err = rand_s(&r); size_t n = sizeof(r);
if (err) char* p = reinterpret_cast<char*>(&r);
__throw_system_error(err, "random_device rand_s failed."); while (n > 0)
{
ssize_t s = read(__f_, p, n);
if (s == 0)
__throw_system_error(ENODATA, "random_device got EOF");
if (s == -1)
{
if (errno != EINTR)
__throw_system_error(errno, "random_device got an unexpected error");
continue;
}
n -= static_cast<size_t>(s);
p += static_cast<size_t>(s);
}
return r; return r;
} }
#elif defined(_LIBCPP_USING_NACL_RANDOM) #elif defined(_LIBCPP_USING_NACL_RANDOM)
random_device::random_device(const string& __token) random_device::random_device(const string& __token)
{ {
if (__token != "/dev/urandom") if (__token != "/dev/urandom")
Show All 16 Linesrandom_device::operator()()
int error = nacl_secure_random(&r, n, &bytes_written); int error = nacl_secure_random(&r, n, &bytes_written);
if (error != 0) if (error != 0)
__throw_system_error(error, "random_device failed getting bytes"); __throw_system_error(error, "random_device failed getting bytes");
else if (bytes_written != n) else if (bytes_written != n)
__throw_runtime_error("random_device failed to obtain enough bytes"); __throw_runtime_error("random_device failed to obtain enough bytes");
return r; return r;
} }
#else // !defined(_WIN32) && !defined(_LIBCPP_USING_NACL_RANDOM) #elif defined(_LIBCPP_USING_WIN32_RANDOM)
random_device::random_device(const string& __token) random_device::random_device(const string& __token)
: __f_(open(__token.c_str(), O_RDONLY))
{ {
if (__f_ < 0) if (__token != "/dev/urandom")
__throw_system_error(errno, ("random_device failed to open " + __token).c_str()); __throw_system_error(ENOENT, ("random device not supported " + __token).c_str());
} }
random_device::~random_device() random_device::~random_device()
{ {
close(__f_);
} }
unsigned unsigned
random_device::operator()() random_device::operator()()
{ {
unsigned r; unsigned r;
size_t n = sizeof(r); errno_t err = rand_s(&r);
char* p = reinterpret_cast<char*>(&r); if (err)
while (n > 0) __throw_system_error(err, "random_device rand_s failed.");
{
ssize_t s = read(__f_, p, n);
if (s == 0)
__throw_system_error(ENODATA, "random_device got EOF");
if (s == -1)
{
if (errno != EINTR)
__throw_system_error(errno, "random_device got an unexpected error");
continue;
}
n -= static_cast<size_t>(s);
p += static_cast<size_t>(s);
}
return r; return r;
} }
#endif // defined(_WIN32) || defined(_LIBCPP_USING_NACL_RANDOM) #else
#error "Random device not implemented for this architecture"
#endif
double double
random_device::entropy() const _NOEXCEPT random_device::entropy() const _NOEXCEPT
{ {
return 0; return 0;
} }
_LIBCPP_END_NAMESPACE_STD _LIBCPP_END_NAMESPACE_STD

libcxx/trunk/test/std/numerics/rand/rand.device/ctor.pass.cpp

Show All 17 Lines
// therefore aren't required to accept any string, but the default shouldn't // therefore aren't required to accept any string, but the default shouldn't
// throw. // throw.
#include <random> #include <random>
#include <cassert> #include <cassert>
#include <unistd.h> #include <unistd.h>
bool is_valid_random_device(const std::string &token) { bool is_valid_random_device(const std::string &token) {
#if defined(_WIN32) #if defined(_LIBCPP_USING_DEV_RANDOM)
return true;
#elif defined(_LIBCPP_USING_NACL_RANDOM)
return token == "/dev/urandom";
#else // !defined(_WIN32) && !defined(_LIBCPP_USING_NACL_RANDOM)
// Not an exhaustive list: they're the only tokens that are tested below. // Not an exhaustive list: they're the only tokens that are tested below.
return token == "/dev/urandom" || token == "/dev/random"; return token == "/dev/urandom" || token == "/dev/random";
#endif // defined(_WIN32) || defined(_LIBCPP_USING_NACL_RANDOM) #else
return token == "/dev/urandom";
#endif
} }
void check_random_device_valid(const std::string &token) { void check_random_device_valid(const std::string &token) {
std::random_device r(token); std::random_device r(token);
} }
void check_random_device_invalid(const std::string &token) { void check_random_device_invalid(const std::string &token) {
try { try {
▲ Show 20 LinesShow All 44 LinesShow Last 20 Lines