Optimise getentropy (#19056)

Author: RReverser

src/library.js

@@ -2223,43 +2223,61 @@ mergeInto(LibraryManager.library, {
 
   // random.h
 
-  // TODO: consider allowing the API to get a parameter for the number of
-  // bytes.
-  $getRandomDevice: function() {
+  $initRandomFill: function() {
     if (typeof crypto == 'object' && typeof crypto['getRandomValues'] == 'function') {
       // for modern web browsers
-      var randomBuffer = new Uint8Array(1);
-      return () => { crypto.getRandomValues(randomBuffer); return randomBuffer[0]; };
+#if SHARED_MEMORY
+      // like with most Web APIs, we can't use Web Crypto API directly on shared memory,
+      // so we need to create an intermediate buffer and copy it to the destination
+      return (view) => (
+        view.set(crypto.getRandomValues(new Uint8Array(view.byteLength))),
+        // Return the original view to match modern native implementations.
+        view
+      );
+#else
+      return (view) => crypto.getRandomValues(view);
+#endif
     } else
 #if ENVIRONMENT_MAY_BE_NODE
     if (ENVIRONMENT_IS_NODE) {
       // for nodejs with or without crypto support included
       try {
         var crypto_module = require('crypto');
-        // nodejs has crypto support
-        return () => crypto_module['randomBytes'](1)[0];
+        var randomFillSync = crypto_module['randomFillSync'];
+        if (randomFillSync) {
+          // nodejs with LTS crypto support
+          return (view) => crypto_module['randomFillSync'](view);
+        }
+        // very old nodejs with the original crypto API
+        var randomBytes = crypto_module['randomBytes'];
+        return (view) => (
+          view.set(randomBytes(view.byteLength)),
+          // Return the original view to match modern native implementations.
+          view
+        );
       } catch (e) {
         // nodejs doesn't have crypto support
       }
     }
 #endif // ENVIRONMENT_MAY_BE_NODE
     // we couldn't find a proper implementation, as Math.random() is not suitable for /dev/random, see emscripten-core/emscripten/pull/7096
 #if ASSERTIONS
-    return () => abort("no cryptographic support found for randomDevice. consider polyfilling it if you want to use something insecure like Math.random(), e.g. put this in a --pre-js: var crypto = { getRandomValues: function(array) { for (var i = 0; i < array.length; i++) array[i] = (Math.random()*256)|0 } };");
+    abort("no cryptographic support found for randomDevice. consider polyfilling it if you want to use something insecure like Math.random(), e.g. put this in a --pre-js: var crypto = { getRandomValues: function(array) { for (var i = 0; i < array.length; i++) array[i] = (Math.random()*256)|0 } };");
 #else
-    return () => abort("randomDevice");
+    abort("initRandomDevice");
 #endif
   },
 
-  getentropy__deps: ['$getRandomDevice'],
+  $randomFill__deps: ['$initRandomFill'],
+  $randomFill: function(view) {
+    // Lazily init on the first invocation.
+    return (randomFill = initRandomFill())(view);
+  },
+
+  getentropy__deps: ['$randomFill'],
   getentropy__sig: 'ipp',
   getentropy: function(buffer, size) {
-    if (!_getentropy.randomDevice) {
-      _getentropy.randomDevice = getRandomDevice();
-    }
-    for (var i = 0; i < size; i++) {
-      {{{ makeSetValue('buffer', 'i', '_getentropy.randomDevice()', 'i8') }}};
-    }
+    randomFill(HEAPU8.subarray(buffer, buffer + size));
     return 0;
   },
 

src/library_fs.js

@@ -5,7 +5,7 @@
  */
 
 mergeInto(LibraryManager.library, {
-  $FS__deps: ['$getRandomDevice', '$PATH', '$PATH_FS', '$TTY', '$MEMFS', '$asyncLoad', '$intArrayFromString',
+  $FS__deps: ['$randomFill', '$PATH', '$PATH_FS', '$TTY', '$MEMFS', '$asyncLoad', '$intArrayFromString',
 #if LibraryManager.has('library_idbfs.js')
     '$IDBFS',
 #endif
@@ -1348,9 +1348,16 @@ FS.staticInit();` +
       FS.mkdev('/dev/tty', FS.makedev(5, 0));
       FS.mkdev('/dev/tty1', FS.makedev(6, 0));
       // setup /dev/[u]random
-      var random_device = getRandomDevice();
-      FS.createDevice('/dev', 'random', random_device);
-      FS.createDevice('/dev', 'urandom', random_device);
+      // use a buffer to avoid overhead of individual crypto calls per byte
+      var randomBuffer = new Uint8Array(1024), randomLeft = 0;
+      var randomByte = () => {
+        if (randomLeft === 0) {
+          randomLeft = randomFill(randomBuffer).byteLength;
+        }
+        return randomBuffer[--randomLeft];
+      };
+      FS.createDevice('/dev', 'random', randomByte);
+      FS.createDevice('/dev', 'urandom', randomByte);
       // we're not going to emulate the actual shm device,
       // just create the tmp dirs that reside in it commonly
       FS.mkdir('/dev/shm');