random.c: SecRandomCopyBytes

* random.c (fill_random_bytes_syscall): use SecRandomCopyBytes in
  Security framework on macOS 10.7 or later.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@64596 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

2 files changed, 28 insertions, 0 deletions

diff --git a/configure.ac b/configure.ac
index 92713f3a3b..9328fa532d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -3309,6 +3309,14 @@ AS_CASE(["$target_os"],
 	],
     [darwin*], [
 	RUBY_APPEND_OPTION(CFLAGS, -pipe)
+	AC_COMPILE_IFELSE([
+	    AC_LANG_BOOL_COMPILE_TRY([@%:@include <AvailabilityMacros.h>],
+		[MAC_OS_X_VERSION_MIN_REQUIRED >= MAC_OS_X_VERSION_10_7])],
+	    [dnl
+		RUBY_APPEND_OPTION(XLDFLAGS, [-framework Security])
+		RUBY_APPEND_OPTION(LIBRUBYARG_STATIC, [-framework Security])
+	    ]dnl
+	)
 	RUBY_APPEND_OPTION(XLDFLAGS, [-framework Foundation])
 	RUBY_APPEND_OPTION(LIBRUBYARG_STATIC, [-framework Foundation])
 	],
diff --git a/random.c b/random.c
index 0b0038cac8..4add8868fb 100644
--- a/random.c
+++ b/random.c
@@ -470,6 +470,26 @@ fill_random_bytes_urandom(void *seed, size_t size)
 #endif
 
 #if 0
+#elif defined __APPLE__ && MAC_OS_X_VERSION_MIN_REQUIRED >= MAC_OS_X_VERSION_10_7
+#include <Security/Security.h>
+
+static int
+fill_random_bytes_syscall(void *seed, size_t size, int unused)
+{
+    int status = SecRandomCopyBytes(kSecRandomDefault, size, seed);
+
+    if (status != errSecSuccess) {
+# if 0
+        CFStringRef s = SecCopyErrorMessageString(status, NULL);
+        const char *m = s ? CFStringGetCStringPtr(s, kCFStringEncodingUTF8) : NULL;
+        fprintf(stderr, "SecRandomCopyBytes failed: %d: %s\n", status,
+                m ? m : "unknown");
+        if (s) CFRelease(s);
+# endif
+        return -1;
+    }
+    return 0;
+}
 #elif defined(HAVE_ARC4RANDOM_BUF)
 static int
 fill_random_bytes_syscall(void *buf, size_t size, int unused)