Add platform detection logic for SecureRandom (#676)

* Add CMake platform detection logic for SecureRandom

Now only builds secure_random_arc4random.cc if available.

Remove firebase/firestore/base/port.h. Nothing else was in that
directory.

* Add a SecureRandom implementation that uses OpenSSL

This is usable on Linux, Windows, and Android

* Properly check return from RAND_bytes

4 files changed, 125 insertions, 3 deletions

diff --git a/Firestore/core/src/firebase/firestore/util/CMakeLists.txt b/Firestore/core/src/firebase/firestore/util/CMakeLists.txt
index 7283942..737173b 100644
--- a/Firestore/core/src/firebase/firestore/util/CMakeLists.txt
+++ b/Firestore/core/src/firebase/firestore/util/CMakeLists.txt
@@ -16,11 +16,12 @@
 # libraries in here are an implementation detail of making this a
 # mutli-platform build.
 
+include(CheckSymbolExists)
+include(CheckIncludeFiles)
+
 cc_library(
   firebase_firestore_util_base
   SOURCES
-    secure_random.h
-    secure_random_arc4random.cc
     string_printf.cc
     string_printf.h
   DEPENDS
@@ -60,15 +61,55 @@ else()
 endif()
 
 
+## secure_random
+
+check_symbol_exists(arc4random stdlib.h HAVE_ARC4RANDOM)
+cc_library(
+  firebase_firestore_util_arc4random
+  SOURCES
+    secure_random_arc4random.cc
+)
+
+get_target_property(
+  CMAKE_REQUIRED_INCLUDES
+  OpenSSL::Crypto INTERFACE_INCLUDE_DIRECTORIES
+)
+check_include_files(openssl/rand.h HAVE_OPENSSL_RAND_H)
+cc_library(
+  firebase_firestore_util_openssl
+  SOURCES
+    secure_random_openssl.cc
+  DEPENDS
+    OpenSSL::Crypto
+)
+
+if(HAVE_ARC4RANDOM)
+  list(APPEND UTIL_DEPENDS firebase_firestore_util_arc4random)
+
+elseif(HAVE_OPENSSL_RAND_H)
+  list(APPEND UTIL_DEPENDS firebase_firestore_util_openssl)
+
+else()
+  message(FATAL_ERROR "No implementation for SecureRandom available.")
+
+endif()
+
+
 ## main library
+configure_file(
+  config.h.in
+  config.h
+)
 
 cc_library(
   firebase_firestore_util
   SOURCES
     autoid.cc
     autoid.h
+    config.h
     firebase_assert.h
     log.h
+    secure_random.h
   DEPENDS
     ${UTIL_DEPENDS}
     firebase_firestore_util_base
diff --git a/Firestore/core/src/firebase/firestore/util/config.h.in b/Firestore/core/src/firebase/firestore/util/config.h.in
new file mode 100644
index 0000000..e7a0c03
--- /dev/null
+++ b/Firestore/core/src/firebase/firestore/util/config.h.in
@@ -0,0 +1,35 @@
+/*
+ * Copyright 2018 Google
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef FIRESTORE_CORE_SRC_FIREBASE_FIRESTORE_UTIL_CONFIG_H_
+#define FIRESTORE_CORE_SRC_FIREBASE_FIRESTORE_UTIL_CONFIG_H_
+
+// This header defines macros for all available platform configuration values.
+// When building with CMake, it will substitute the lines marked with
+// cmakedefine with values corresponding to the local configuration.
+//
+// On Apple platforms we support building via CocoaPods without CMake. When
+// building this way we can't test the presence of features before building so
+// predefine all the platform-support feature macros to their expected values.
+
+#cmakedefine HAVE_ARC4RANDOM 1
+#if COCOAPODS
+#  define HAVE_ARC4RANDOM 1
+#endif
+
+#cmakedefine HAVE_OPENSSL_RAND_H 1
+
+#endif  // FIRESTORE_CORE_SRC_FIREBASE_FIRESTORE_UTIL_CONFIG_H_
diff --git a/Firestore/core/src/firebase/firestore/util/secure_random_arc4random.cc b/Firestore/core/src/firebase/firestore/util/secure_random_arc4random.cc
index a76ade3..83f72b5 100644
--- a/Firestore/core/src/firebase/firestore/util/secure_random_arc4random.cc
+++ b/Firestore/core/src/firebase/firestore/util/secure_random_arc4random.cc
@@ -16,7 +16,7 @@
 
 #include "Firestore/core/src/firebase/firestore/util/secure_random.h"
 
-#include "Firestore/core/src/firebase/firestore/base/port.h"
+#include "Firestore/core/src/firebase/firestore/util/config.h"
 
 #if HAVE_ARC4RANDOM
 
diff --git a/Firestore/core/src/firebase/firestore/util/secure_random_openssl.cc b/Firestore/core/src/firebase/firestore/util/secure_random_openssl.cc
new file mode 100644
index 0000000..d3f6e63
--- /dev/null
+++ b/Firestore/core/src/firebase/firestore/util/secure_random_openssl.cc
@@ -0,0 +1,46 @@
+/*
+ * Copyright 2018 Google
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "Firestore/core/src/firebase/firestore/util/secure_random.h"
+
+#include "Firestore/core/src/firebase/firestore/util/config.h"
+
+#if HAVE_OPENSSL_RAND_H
+
+#include <openssl/err.h>
+#include <openssl/rand.h>
+
+namespace firebase {
+namespace firestore {
+namespace util {
+
+SecureRandom::result_type SecureRandom::operator()() {
+  result_type result;
+  int rc = RAND_bytes(reinterpret_cast<uint8_t*>(&result), sizeof(result));
+  if (rc <= 0) {
+    // OpenSSL's RAND_bytes can fail if there's not enough entropy. BoringSSL
+    // won't fail this way.
+    ERR_print_errors_fp(stderr);
+    abort();
+  }
+  return result;
+}
+
+}  // namespace util
+}  // namespace firestore
+}  // namespace firebase
+
+#endif  // HAVE_OPENSSL_RAND_H