Issue briansmith#316 - Replace /dev/urandom usage on *BSD

Now OpenBSD and FreeBSD utilizes `arc4rand_buf()` function in their C stdlib. - Implement GFp_sysrand_chunk() in sysrand.c for OpenBSD and FreeBSD. - On OpenBSD and FreeBSD, mk/ring.mk now uses `-D_BSD_SOURCE` in `CPPFLAGS` instead of `-D_XOPEN_SOURCE=700`. TODOs: - Update docs. - Remove debug print. - Ensure FreeBSD's arc4rand_buf() is as safe as OpenBSD's. I agree to license my contributions to each file under the terms given at the top of each file I changed.
tatsuya6502 · Oct 23, 2016 · 321d710 · 321d710
1 parent 4102ae7
commit 321d710
Show file tree

Hide file tree

Showing 4 changed files with 61 additions and 13 deletions.
diff --git a/crypto/rand/sysrand.c b/crypto/rand/sysrand.c
@@ -105,4 +105,24 @@ int GFp_sysrand_chunk(void *out, size_t requested) {
   return 1;
 }
 
+#elif defined(__OpenBSD__) || defined(__FreeBSD__)
+
+#include <limits.h>
+#include <stdlib.h>
+
+// DEBUG:
+#include <stdio.h>
+
+const size_t GFp_sysrand_chunk_max_len = ULONG_MAX;
+
+int GFp_sysrand_chunk(void *out, size_t requested) {
+    // DEBUG:
+    printf("calling arc4rand_buf()\n");
+
+    assert(requested <= GFp_sysrand_chunk_max_len);
+    // This function never fails so let's always return 1.
+    arc4random_buf(out, requested);
+    return 1;
+}
+
 #endif
diff --git a/mk/ring.mk b/mk/ring.mk
@@ -14,7 +14,12 @@
 
 RING_PREFIX ?= ring/
 
-RING_CPPFLAGS = -I$(RING_PREFIX)include -D_XOPEN_SOURCE=700
+RING_CPPFLAGS = -I$(RING_PREFIX)include
+ifneq (, $(filter openbsd freebsd, $(TARGET_SYS)))
+RING_CPPFLAGS += -D_BSD_SOURCE
+else
+RING_CPPFLAGS += -D_XOPEN_SOURCE=700
+endif
 
 RING_SRCS = $(addprefix $(RING_PREFIX), \
   crypto/aes/aes.c \

diff --git a/src/lib.rs b/src/lib.rs
@@ -97,9 +97,10 @@
 #[cfg(feature = "internal_benches")]
 extern crate test as bench;
 
-#[cfg(any(all(unix,
-              any(not(target_os = "linux"),
-                  feature = "dev_urandom_fallback"))))]
+#[cfg(all(unix,
+          any(not(target_os = "linux"), feature = "dev_urandom_fallback"),
+          not(any(target_os = "openbsd",
+                  target_os = "freebsd"))))]
 #[macro_use]
 extern crate lazy_static;
 

diff --git a/src/rand.rs b/src/rand.rs
@@ -25,8 +25,11 @@
 //! (seccomp filters on Linux in particular). See `SystemRandom`'s
 //! documentation for more details.
 
-
-#[cfg(any(target_os = "linux", windows, test))]
+#[cfg(any(target_os = "linux",
+          target_os = "openbsd",
+          target_os = "freebsd",
+          windows,
+          test))]
 use c;
 
 #[cfg(test)]
@@ -107,17 +110,25 @@ impl SecureRandom for SystemRandom {
     }
 }
 
-#[cfg(not(any(target_os = "linux", windows)))]
+#[cfg(not(any(target_os = "linux",
+              target_os = "openbsd",
+              target_os = "freebsd",
+              windows)))]
 use self::urandom::fill as fill_impl;
 
 #[cfg(any(all(target_os = "linux", not(feature = "dev_urandom_fallback")),
+          target_os = "openbsd",
+          target_os = "freebsd",
           windows))]
 use self::sysrand::fill as fill_impl;
 
 #[cfg(all(target_os = "linux", feature = "dev_urandom_fallback"))]
 use self::sysrand_or_urandom::fill as fill_impl;
 
-#[cfg(any(target_os = "linux", windows))]
+#[cfg(any(target_os = "linux",
+          target_os = "openbsd",
+          target_os = "freebsd",
+          windows))]
 mod sysrand {
     use {bssl, error};
 
@@ -134,8 +145,10 @@ mod sysrand {
 
 // Keep the `cfg` conditions in sync with the conditions in lib.rs.
 #[cfg(all(unix,
-          not(all(target_os = "linux",
-                  not(feature = "dev_urandom_fallback")))))]
+          not(any(all(target_os = "linux",
+                      not(feature = "dev_urandom_fallback")),
+                  target_os = "openbsd",
+                  target_os = "freebsd"))))]
 mod urandom {
     extern crate std;
     use error;
@@ -215,7 +228,10 @@ pub unsafe extern fn RAND_bytes(rng: *mut RAND, dest: *mut u8,
 }
 
 
-#[cfg(any(target_os = "linux", windows))]
+#[cfg(any(windows,
+          target_os = "linux",
+          target_os = "openbsd",
+          target_os = "freebsd"))]
 extern {
     static GFp_sysrand_chunk_max_len: c::size_t;
     fn GFp_sysrand_chunk(buf: *mut u8, len: c::size_t) -> c::int;
@@ -333,10 +349,16 @@ mod tests {
         }
     }
 
-    #[cfg(any(target_os = "linux", windows))]
+    #[cfg(any(target_os = "linux",
+              target_os = "openbsd",
+              target_os = "freebsd",
+              windows))]
     fn max_chunk_len() -> usize { unsafe { super::GFp_sysrand_chunk_max_len } }
 
-    #[cfg(not(any(target_os = "linux", windows)))]
+    #[cfg(not(any(target_os = "linux",
+                  target_os = "openbsd",
+                  target_os = "freebsd",
+                  windows)))]
     fn max_chunk_len() -> usize {
         use core;
         core::usize::MAX