vendor/libsodium/src/libsodium/randombytes/sysrandom/randombytes_sysrandom.c in rbnacl-libsodium-1.0.13 vs vendor/libsodium/src/libsodium/randombytes/sysrandom/randombytes_sysrandom.c in rbnacl-libsodium-1.0.15

@@ -22,20 +22,31 @@
 #  include <sys/syscall.h>
 # endif
 # include <poll.h>
 #endif
 
+#include "core.h"
+#include "private/common.h"
 #include "randombytes.h"
 #include "randombytes_sysrandom.h"
 #include "utils.h"
 
 #ifdef _WIN32
 /* `RtlGenRandom` is used over `CryptGenRandom` on Microsoft Windows based systems:
  *  - `CryptGenRandom` requires pulling in `CryptoAPI` which causes unnecessary
  *     memory overhead if this API is not being used for other purposes
  *  - `RtlGenRandom` is thus called directly instead. A detailed explanation
  *     can be found here: https://blogs.msdn.microsoft.com/michael_howard/2005/01/14/cryptographically-secure-random-number-on-windows-without-using-cryptoapi/
+ *
+ * In spite of the disclaimer on the `RtlGenRandom` documentation page that was
+ * written back in the Windows XP days, this function is here to stay. The CRT
+ * function `rand_s()` directly depends on it, so touching it would break many
+ * applications released since Windows XP.
+ *
+ * Also note that Rust, Firefox and BoringSSL (thus, Google Chrome and everything
+ * based on Chromium) also depend on it, and that libsodium allows the RNG to be
+ * replaced without patching nor recompiling the library.
  */
 # include <windows.h>
 # define RtlGenRandom SystemFunction036
 # if defined(__cplusplus)
 extern "C"
@@ -66,11 +77,11 @@
 }
 
 static void
 randombytes_sysrandom_buf(void * const buf, const size_t size)
 {
-    return arc4random_buf(buf, size);
+    arc4random_buf(buf, size);
 }
 
 static int
 randombytes_sysrandom_close(void)
 {
@@ -154,11 +165,11 @@
 # ifndef USE_BLOCKING_RANDOM
         "/dev/urandom",
 # endif
         "/dev/random", NULL
     };
-    const char **      device = devices;
+    const char       **device = devices;
     int                fd;
 
 # if defined(__linux__) && !defined(USE_BLOCKING_RANDOM) && !defined(NO_BLOCKING_RANDOM_POLL)
     if (randombytes_block_on_dev_random() != 0) {
         return -1;
@@ -251,11 +262,11 @@
     }
 # endif
 
     if ((stream.random_data_source_fd =
          randombytes_sysrandom_random_dev_open()) == -1) {
-        abort(); /* LCOV_EXCL_LINE */
+        sodium_misuse(); /* LCOV_EXCL_LINE */
     }
     errno = errno_save;
 }
 
 #else /* _WIN32 */
@@ -321,24 +332,25 @@
 #endif
 #ifndef _WIN32
 # if defined(SYS_getrandom) && defined(__NR_getrandom)
     if (stream.getrandom_available != 0) {
         if (randombytes_linux_getrandom(buf, size) != 0) {
-            abort();
+            sodium_misuse(); /* LCOV_EXCL_LINE */
         }
         return;
     }
 # endif
     if (stream.random_data_source_fd == -1 ||
         safe_read(stream.random_data_source_fd, buf, size) != (ssize_t) size) {
-        abort(); /* LCOV_EXCL_LINE */
+        sodium_misuse(); /* LCOV_EXCL_LINE */
     }
 #else
-    if (size > (size_t) 0xffffffff) {
-        abort(); /* LCOV_EXCL_LINE */
+    COMPILER_ASSERT(randombytes_BYTES_MAX <= 0xffffffffUL);
+    if (size > (size_t) 0xffffffffUL) {
+        sodium_misuse(); /* LCOV_EXCL_LINE */
     }
     if (! RtlGenRandom((PVOID) buf, (ULONG) size)) {
-        abort(); /* LCOV_EXCL_LINE */
+        sodium_misuse(); /* LCOV_EXCL_LINE */
     }
 #endif
 }
 
 static uint32_t