ios - OS X 的 SecRandomCopyBytes 分支安全吗？

Question

许多用户空间 CSPRNG 有一个问题，即在 fork(2) 之后，两个不同的进程可能会返回相同的随机字节流。

通过查看 dtruss，很明显 SecRandomCopyBytes 至少是从 /dev/random 播种的，但是它在做什么所以在 fork() 之后可以安全使用？

源代码如下:

#include <Security/Security.h>


int main() {
    uint8_t data[8];
    SecRandomCopyBytes(kSecRandomDefault, 8, data);
    SecRandomCopyBytes(kSecRandomDefault, 8, data);
    printf("%llu\n", *(uint64_t *)data);
}

我从 dtruss 得到以下内容(删除了不相关的内容):

open("/dev/random\0", 0x0, 0x7FFF900D76F5)       = 3 0
read(0x3, "\b\2029a6\020+\254\356\256\017\3171\222\376T\300\212\017\213\002\034w\3608\203-\214\373\244\177K\177Y\371\033\243Y\020\030*M\3264\265\027\216r\220\002\361\006\262\326\234\336\357F\035\036o\306\216\227\0", 0x40)        = 64 0
read(0x3, "\223??3\263\324\3604\314:+\362c\311\274\326\a_Ga\331\261\022\023\265C\na\211]\356)\0", 0x20)      = 32 0

Answer 1

实现其实是CCRandomCopyBytes():

http://www.opensource.apple.com/source/Security/Security-55471/libsecurity_keychain/lib/SecRandom.c

int SecRandomCopyBytes(SecRandomRef rnd, size_t count, uint8_t *bytes) {
    if (rnd != kSecRandomDefault)
        return errSecParam;
    return CCRandomCopyBytes(kCCRandomDefault, bytes, count);
}

所以实际的代码在这里:

http://www.opensource.apple.com/source/CommonCrypto/CommonCrypto-60049/lib/CommonRandom.c

CCRandomCopyBytes 的 include 中的注释声明它是 fork() 安全的:

It is inconvenient to call system random number generators directly. In the simple case of calling /dev/random, the caller has to open the device and close it in addition to managing it while it's open. This module has as its immediate raison d'être the inconvenience of doing this. It manages a file descriptor to /dev/random including the exception processing of what happens in a fork() and exec(). Call CCRandomCopyBytes() and all the fiddly bits are managed for you. Just get on with whatever you were really trying to do. [...]

在我自己的快速测试中， child 在调用 SecRandomCopyBytes() 时被杀死