Add support for getentropy in d8 (#24185)

hoodmane · web-flow · commit 5cdadd65a5ae · 2025-04-25T23:42:36.000Z
Use `os.system` to read from `/dev/urandom` and then base 64 encode the
result. Then use `base64Decode` to read the result. Only works when
`--enable-os-system` is passed to d8.
diff --git a/src/closure-externs/closure-externs.js b/src/closure-externs/closure-externs.js
@@ -268,3 +268,6 @@ Navigator.prototype.webkitGetUserMedia = function(
  * @type {symbol}
  */
 Symbol.dispose;
+
+// Common between node-externs and v8-externs
+var os = {};
diff --git a/src/closure-externs/v8-externs.js b/src/closure-externs/v8-externs.js
@@ -32,3 +32,10 @@ var scriptArgs = [];
  * @suppress {duplicate}
  */
 var quit = function(status) {};
+
+/**
+ * @param {string} cmd
+ * @param {Array.<string>=} args
+ * @return {string}
+ */
+os.system = function (cmd, args) {};
diff --git a/src/lib/libwasi.js b/src/lib/libwasi.js
@@ -567,6 +567,9 @@ var WasiLibrary = {
 
   // random.h
 
+#if ENVIRONMENT_MAY_BE_SHELL
+  $initRandomFill__deps: ['$base64Decode'],
+#endif
   $initRandomFill: () => {
 #if ENVIRONMENT_MAY_BE_NODE && MIN_NODE_VERSION < 190000
     // This block is not needed on v19+ since crypto.getRandomValues is builtin
@@ -576,6 +579,18 @@ var WasiLibrary = {
     }
 #endif // ENVIRONMENT_MAY_BE_NODE
 
+#if ENVIRONMENT_MAY_BE_SHELL
+    if (ENVIRONMENT_IS_SHELL) {
+      return (view) => {
+        if (!os.system) {
+          throw new Error('randomFill not supported on d8 unless --enable-os-system is passed');
+        }
+        const b64 = os.system('sh', ['-c', `head -c${view.byteLength} /dev/urandom | base64 --wrap=0`]);
+        view.set(base64Decode(b64));
+      };
+    }
+#endif
+
 #if SHARED_MEMORY
     // like with most Web APIs, we can't use Web Crypto API directly on shared memory,
     // so we need to create an intermediate buffer and copy it to the destination
diff --git a/src/modules.mjs b/src/modules.mjs
@@ -77,7 +77,7 @@ function calculateLibraries() {
     libraries.push('libmemoryprofiler.js');
   }
 
-  if (SUPPORT_BASE64_EMBEDDING) {
+  if (SUPPORT_BASE64_EMBEDDING || ENVIRONMENT_MAY_BE_SHELL) {
     libraries.push('libbase64.js');
   }
 
diff --git a/test/test_other.py b/test/test_other.py
@@ -16026,3 +16026,21 @@ def test_js_base64_api(self):
     baseline_size = os.path.getsize('baseline.js')
     js_api_size = os.path.getsize('hello_world.js')
     self.assertLess(js_api_size, baseline_size)
+
+  @requires_v8
+  def test_getentropy_d8(self):
+    create_file('main.c', '''
+      #include <assert.h>
+      #include <unistd.h>
+
+      int main() {
+        char buf[100];
+        assert(getentropy(buf, sizeof(buf)) == 0);
+        return 0;
+      }
+    ''')
+
+    msg = 'randomFill not supported on d8 unless --enable-os-system is passed'
+    self.do_runf('main.c', msg, assert_returncode=1)
+    self.v8_args += ['--enable-os-system']
+    self.do_runf('main.c')
diff --git a/third_party/closure-compiler/node-externs/os.js b/third_party/closure-compiler/node-externs/os.js
@@ -27,7 +27,6 @@
  END_NODE_INCLUDE
  */
     
-var os = {};
 
 /**
  * @return {string}

Original file line number	Diff line number	Diff line change
`@@ -77,7 +77,7 @@ function calculateLibraries() {`
`77`	`77`	`libraries.push('libmemoryprofiler.js');`
`78`	`78`	`}`
`79`	`79`
`80`		`- if (SUPPORT_BASE64_EMBEDDING) {`
	`80`	`+ if (SUPPORT_BASE64_EMBEDDING \|\| ENVIRONMENT_MAY_BE_SHELL) {`
`81`	`81`	`libraries.push('libbase64.js');`
`82`	`82`	`}`
`83`	`83`