From 1e1d908c12c86a108b45ef81b598b0b3f6fafbd0 Mon Sep 17 00:00:00 2001
From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Date: Fri, 17 Mar 2017 22:25:10 +0900
Subject: [PATCH] nghttpx: Eliminate global std::random_device

---
 src/shrpx.cc                    | 7 ++-----
 src/shrpx_connection_handler.cc | 8 ++++++--
 src/shrpx_worker.cc             | 9 +++------
 src/shrpx_worker.h              | 3 ++-
 src/shrpx_worker_process.cc     | 7 ++-----
 src/util.cc                     | 2 ++
 src/util.h                      | 3 +++
 7 files changed, 20 insertions(+), 19 deletions(-)

diff --git a/src/shrpx.cc b/src/shrpx.cc
index e6c0d7f9..3d553eb6 100644
--- a/src/shrpx.cc
+++ b/src/shrpx.cc
@@ -172,10 +172,6 @@ struct InheritedAddr {
   bool used;
 };
 
-namespace {
-std::random_device rd;
-} // namespace
-
 namespace {
 void signal_cb(struct ev_loop *loop, ev_signal *w, int revents);
 } // namespace
@@ -2914,7 +2910,8 @@ int process_options(Config *config,
     auto iov = make_byte_ref(config->balloc, SHRPX_OBFUSCATED_NODE_LENGTH + 2);
     auto p = iov.base;
     *p++ = '_';
-    std::mt19937 gen(rd());
+    std::random_device rd;
+    auto gen = util::make_mt19937(rd);
     p = util::random_alpha_digit(p, p + SHRPX_OBFUSCATED_NODE_LENGTH, gen);
     *p = '\0';
     fwdconf.by_obfuscated = StringRef{iov.base, p};
diff --git a/src/shrpx_connection_handler.cc b/src/shrpx_connection_handler.cc
index 0de4e4c3..29d67ca0 100644
--- a/src/shrpx_connection_handler.cc
+++ b/src/shrpx_connection_handler.cc
@@ -232,9 +232,11 @@ int ConnectionHandler::create_single_worker() {
     all_ssl_ctx_.push_back(session_cache_ssl_ctx);
   }
 
+  std::random_device rd;
+
   single_worker_ = make_unique<Worker>(
       loop_, sv_ssl_ctx, cl_ssl_ctx, session_cache_ssl_ctx, cert_tree_.get(),
-      ticket_keys_, this, config->conn.downstream);
+      ticket_keys_, this, config->conn.downstream, util::make_mt19937(rd));
 #ifdef HAVE_MRUBY
   if (single_worker_->create_mruby_context() != 0) {
     return -1;
@@ -276,6 +278,8 @@ int ConnectionHandler::create_worker_thread(size_t num) {
     ++num;
   }
 
+  std::random_device rd;
+
   for (size_t i = 0; i < num; ++i) {
     auto loop = ev_loop_new(config->ev_loop_flags);
 
@@ -291,7 +295,7 @@ int ConnectionHandler::create_worker_thread(size_t num) {
     }
     auto worker = make_unique<Worker>(
         loop, sv_ssl_ctx, cl_ssl_ctx, session_cache_ssl_ctx, cert_tree_.get(),
-        ticket_keys_, this, config->conn.downstream);
+        ticket_keys_, this, config->conn.downstream, util::make_mt19937(rd));
 #ifdef HAVE_MRUBY
     if (worker->create_mruby_context() != 0) {
       return -1;
diff --git a/src/shrpx_worker.cc b/src/shrpx_worker.cc
index 22d24f2e..74b30c5a 100644
--- a/src/shrpx_worker.cc
+++ b/src/shrpx_worker.cc
@@ -109,17 +109,14 @@ bool match_shared_downstream_addr(
 }
 } // namespace
 
-namespace {
-std::random_device rd;
-} // namespace
-
 Worker::Worker(struct ev_loop *loop, SSL_CTX *sv_ssl_ctx, SSL_CTX *cl_ssl_ctx,
                SSL_CTX *tls_session_cache_memcached_ssl_ctx,
                ssl::CertLookupTree *cert_tree,
                const std::shared_ptr<TicketKeys> &ticket_keys,
                ConnectionHandler *conn_handler,
-               std::shared_ptr<DownstreamConfig> downstreamconf)
-    : randgen_(rd()),
+               std::shared_ptr<DownstreamConfig> downstreamconf,
+               std::mt19937 randgen)
+    : randgen_(std::move(randgen)),
       worker_stat_{},
       dns_tracker_(loop),
       loop_(loop),
diff --git a/src/shrpx_worker.h b/src/shrpx_worker.h
index 9b77eb5b..8c94cdc2 100644
--- a/src/shrpx_worker.h
+++ b/src/shrpx_worker.h
@@ -223,7 +223,8 @@ public:
          ssl::CertLookupTree *cert_tree,
          const std::shared_ptr<TicketKeys> &ticket_keys,
          ConnectionHandler *conn_handler,
-         std::shared_ptr<DownstreamConfig> downstreamconf);
+         std::shared_ptr<DownstreamConfig> downstreamconf,
+         std::mt19937 randgen);
   ~Worker();
   void run_async();
   void wait();
diff --git a/src/shrpx_worker_process.cc b/src/shrpx_worker_process.cc
index 51e493a2..2e1aa708 100644
--- a/src/shrpx_worker_process.cc
+++ b/src/shrpx_worker_process.cc
@@ -392,10 +392,6 @@ void nb_child_cb(struct ev_loop *loop, ev_child *w, int revents) {
 } // namespace
 #endif // HAVE_NEVERBLEED
 
-namespace {
-std::random_device rd;
-} // namespace
-
 int worker_process_event_loop(WorkerProcessConfig *wpconf) {
   int rv;
   std::array<char, STRERROR_BUFSIZE> errbuf;
@@ -416,7 +412,8 @@ int worker_process_event_loop(WorkerProcessConfig *wpconf) {
 
   auto loop = EV_DEFAULT;
 
-  auto gen = std::mt19937(rd());
+  std::random_device rd;
+  auto gen = util::make_mt19937(rd);
 
   ConnectionHandler conn_handler(loop, gen);
 
diff --git a/src/util.cc b/src/util.cc
index d7bc8075..e31af042 100644
--- a/src/util.cc
+++ b/src/util.cc
@@ -1452,6 +1452,8 @@ StringRef extract_host(const StringRef &hostport) {
   return StringRef{std::begin(hostport), p};
 }
 
+std::mt19937 make_mt19937(std::random_device &rd) { return std::mt19937(rd()); }
+
 } // namespace util
 
 } // namespace nghttp2
diff --git a/src/util.h b/src/util.h
index a3c7c384..123fd5df 100644
--- a/src/util.h
+++ b/src/util.h
@@ -744,6 +744,9 @@ int sha256(uint8_t *buf, const StringRef &s);
 // NULL-terminated.
 StringRef extract_host(const StringRef &hostport);
 
+// Returns new std::mt19937 object, seeded by |rd|.
+std::mt19937 make_mt19937(std::random_device &rd);
+
 } // namespace util
 
 } // namespace nghttp2