Backport #20466 - macOS use SecRandomCopyBytes instead of getentropy (#21389)

iffy · Varriount · ringabout · web-flow · commit 5c36f24da228 · 2023-03-02T14:26:04.000-05:00
* On macOS use SecRandomCopyBytes instead of getentropy (which is only available on macOS 10.12+)

* Change passL to passl

---------

Co-authored-by: Clay Sweetser &lt;Varriount@users.noreply.github.com&gt;
Co-authored-by: ringabout &lt;43030857+ringabout@users.noreply.github.com&gt;
diff --git a/lib/std/sysrand.nim b/lib/std/sysrand.nim
@@ -20,7 +20,7 @@
 ## | :---                 | ----:                 |
 ## | Windows              | `BCryptGenRandom`_    |
 ## | Linux                | `getrandom`_          |
-## | MacOSX               | `getentropy`_         |
+## | MacOSX               | `SecRandomCopyBytes`_ |
 ## | iOS                  | `SecRandomCopyBytes`_ |
 ## | OpenBSD              | `getentropy openbsd`_ |
 ## | FreeBSD              | `getrandom freebsd`_  |
@@ -63,7 +63,7 @@ when defined(posix):
   import posix
 
 const
-  batchImplOS = defined(freebsd) or defined(openbsd) or defined(zephyr) or (defined(macosx) and not defined(ios))
+  batchImplOS = defined(freebsd) or defined(openbsd) or defined(zephyr)
   batchSize {.used.} = 256
 
 when batchImplOS:
@@ -228,8 +228,8 @@ elif defined(freebsd):
   proc getRandomImpl(p: pointer, size: int): int {.inline.} =
     result = getrandom(p, csize_t(size), 0)
 
-elif defined(ios):
-  {.passL: "-framework Security".}
+elif defined(ios) or defined(macosx):
+  {.passl: "-framework Security".}
 
   const errSecSuccess = 0 ## No error.
 
@@ -251,19 +251,6 @@ elif defined(ios):
 
     result = secRandomCopyBytes(nil, csize_t(size), addr dest[0])
 
-elif defined(macosx):
-  const sysrandomHeader = """#include <Availability.h>
-#include <sys/random.h>
-"""
-
-  proc getentropy(p: pointer, size: csize_t): cint {.importc: "getentropy", header: sysrandomHeader.}
-    # getentropy() fills a buffer with random data, which can be used as input
-    # for process-context pseudorandom generators like arc4random(3).
-    # The maximum buffer size permitted is 256 bytes.
-
-  proc getRandomImpl(p: pointer, size: int): int {.inline.} =
-    result = getentropy(p, csize_t(size)).int
-
 else:
   template urandomImpl(result: var int, dest: var openArray[byte]) =
     let size = dest.len
