[core] make TSystem::GetCryptoRandom() static

Factor out calling the OS crypto random number generator into a free
function in the Base package. In turn, TSystem::GetCryptoRandom() can be
static and does not rely in gSystem being initialized.

Author: jblomer

core/base/CMakeLists.txt

@@ -16,6 +16,7 @@ if(MSVC AND MSVC_VERSION GREATER_EQUAL 1925 AND MSVC_VERSION LESS 1929)
 endif()
 
 set(BASE_HEADERS
+  ROOT/RCryptoRandom.hxx
   ROOT/RFloat16.hxx
   ROOT/TErrorDefaultHandler.hxx
   ROOT/TExecutorCRTP.hxx
@@ -118,6 +119,7 @@ set(BASE_HEADERS
 
 set(BASE_SOURCES
   src/Match.cxx
+  src/RCryptoRandom.cxx
   src/String.cxx
   src/Stringio.cxx
   src/TApplication.cxx
@@ -288,3 +290,70 @@ generateManual(rootclingMan ${CMAKE_SOURCE_DIR}/core/dictgen/src/rootcling-argpa
 endif()
 
 ROOT_ADD_TEST_SUBDIRECTORY(test)
+
+if(UNIX)
+  # Determine cryptographic random number generator
+
+  CHECK_CXX_SOURCE_COMPILES("#include <cstdlib>
+  int main() { char buf[32]; arc4random_buf(buf, 32); return 0;}" found_arc4)
+
+  if(found_arc4)
+     message(STATUS "Found arc4random_buf in stdlib.h")
+     target_compile_definitions(Core PRIVATE R__ARC4_STDLIB)
+  else()
+    set(OLD_CMAKE_REQUIRED_INCLUDES ${CMAKE_REQUIRED_INCLUDES})
+    set(OLD_CMAKE_REQUIRED_LIBRARIES ${CMAKE_REQUIRED_LIBRARIES})
+    if(DEFINED LIBBSDROOT)
+       set(CMAKE_REQUIRED_INCLUDES ${LIBBSDROOT}/include)
+       set(CMAKE_REQUIRED_LIBRARIES ${LIBBSDROOT}/lib/libbsd.so)
+    endif()
+    CHECK_CXX_SOURCE_COMPILES("#include <bsd/stdlib.h>
+    int main() { char buf[32]; arc4random_buf(buf, 32); return 0;}" found_arc4_bsd)
+    set(CMAKE_REQUIRED_INCLUDES ${OLD_CMAKE_REQUIRED_INCLUDES})
+    set(CMAKE_REQUIRED_LIBRARIES ${OLD_CMAKE_REQUIRED_LIBRARIES})
+    if(found_arc4_bsd)
+      message(STATUS "Found arc4random_buf in bsd/stdlib.h")
+      target_compile_definitions(Core PRIVATE R__ARC4_BSDLIB)
+      if(DEFINED LIBBSDROOT)
+        target_include_directories(Core PRIVATE ${LIBBSDROOT}/include)
+        target_link_libraries(Core PRIVATE ${LIBBSDROOT}/lib/libbsd.so)
+      endif()
+    else()
+      CHECK_CXX_SOURCE_COMPILES("#include <sys/random.h>
+      int main() { char buf[32]; int res = getrandom(buf, 32, GRND_NONBLOCK); return 0;}" found_getrandom)
+      if(found_getrandom)
+        message(STATUS "Found getrandom in sys/random.h")
+        target_compile_definitions(Core PRIVATE R__GETRANDOM_CLIB)
+      else()
+        CHECK_CXX_SOURCE_RUNS("
+        #include <fstream>
+
+        int main() {
+            std::ifstream urandom{\"/dev/urandom\"};
+            if (!urandom) {
+                // This will make the CMake command fail
+                return 1;
+            }
+
+            constexpr int len{32};
+            char buf[len];
+            for (int n = 0; n < len; n++) buf[n] = 0;
+            urandom.read(buf, len);
+
+            int nmatch = 0;
+            for (int n = 0; n < len; n++)
+                if (buf[n] == 0) nmatch++;
+
+            // Fail if no values have changed
+            return nmatch != len ? 0 : 1;
+        }" found_urandom)
+        if(found_urandom)
+          message(STATUS "Found random device in /dev/urandom")
+          target_compile_definitions(Core PRIVATE R__USE_URANDOM)
+        else()
+          message(FATAL_ERROR "Fail to detect cryptographic random generator")
+        endif()
+      endif()
+    endif()
+  endif()
+endif(UNIX)

core/base/inc/ROOT/RCryptoRandom.hxx

@@ -0,0 +1,26 @@
+/// \file ROOT/RCryptoRandom.hxx
+/// \ingroup Base
+/// \date 2026-04-24
+
+/*************************************************************************
+ * Copyright (C) 1995-2026, Rene Brun and Fons Rademakers.               *
+ * All rights reserved.                                                  *
+ *                                                                       *
+ * For the licensing terms see $ROOTSYS/LICENSE.                         *
+ * For the list of contributors see $ROOTSYS/README/CREDITS.             *
+ *************************************************************************/
+
+#ifndef ROOT_RCryptoRandom
+#define ROOT_RCryptoRandom
+
+namespace ROOT {
+namespace Internal {
+
+/// Get random bytes from the operating system's cryptographic random number generator
+/// The requested number of bytes must not exceed 256.
+bool GetCryptoRandom(void *buf, unsigned int len);
+
+} // namespace Internal
+} // namespace ROOT
+
+#endif

core/base/inc/TSystem.h

@@ -369,7 +369,7 @@ class TSystem : public TNamed {
    void                    SetErrorStr(const char *errstr);
    const char             *GetErrorStr() const { return GetLastErrorString(); }
    virtual const char     *GetError();
-   virtual Int_t           GetCryptoRandom(void *buf, Int_t len);
+   static Int_t            GetCryptoRandom(void *buf, Int_t len);
    void                    RemoveOnExit(TObject *obj);
    virtual const char     *HostName();
    virtual void            NotifyApplicationCreated();

core/base/src/RCryptoRandom.cxx

@@ -0,0 +1,47 @@
+#include "ROOT/RConfig.hxx"
+#include "ROOT/RCryptoRandom.hxx"
+
+#ifdef WIN32
+#include "Windows4Root.h"
+#include <bcrypt.h>
+#else
+#if defined(R__ARC4_STDLIB)
+#include <cstdlib>
+#elif defined(R__ARC4_BSDLIB)
+#include <bsd/stdlib.h>
+#elif defined(R__GETRANDOM_CLIB)
+#include <sys/random.h>
+#elif defined(R__USE_URANDOM)
+#include <fstream>
+#endif
+#endif
+
+bool ROOT::Internal::GetCryptoRandom(void *buf, unsigned int len)
+{
+   if (len > 256)
+      return false;
+
+#ifdef WIN32
+
+   return BCryptGenRandom((BCRYPT_ALG_HANDLE)NULL, (PUCHAR)buf, (ULONG)len, BCRYPT_USE_SYSTEM_PREFERRED_RNG) == 0;
+
+#else // UNIX
+
+#if defined(R__ARC4_STDLIB) || defined(R__ARC4_BSDLIB)
+   arc4random_buf(buf, len);
+   return true;
+#elif defined(R__GETRANDOM_CLIB)
+   return getrandom(buf, len, GRND_NONBLOCK) == len;
+#elif defined(R__USE_URANDOM)
+   std::ifstream urandom{"/dev/urandom"};
+   if (!urandom)
+      return false;
+   urandom.read(reinterpret_cast<char *>(buf), len);
+   return urandom.good();
+#else
+#error "Reliable cryptographic random function not defined"
+   return false;
+#endif
+
+#endif
+}

core/base/src/TSystem.cxx

@@ -22,6 +22,7 @@ allows a simple partial implementation for new OS'es.
 */
 
 #include <ROOT/FoundationUtils.hxx>
+#include <ROOT/RCryptoRandom.hxx>
 #include "strlcpy.h"
 #include "TSystem.h"
 #include "TApplication.h"
@@ -258,13 +259,16 @@ const char *TSystem::GetError()
 
 ////////////////////////////////////////////////////////////////////////////////
 /// Return cryptographic random number
-/// Fill provided buffer with random values
+/// Fill provided buffer with random values. The number of requested random bytes must not exceed 256.
 /// Returns number of bytes written to buffer or -1 in case of error
 
-Int_t TSystem::GetCryptoRandom(void * /* buf */, Int_t /* len */)
+Int_t TSystem::GetCryptoRandom(void *buf, Int_t len)
 {
-   Error("GetCryptoRandom", "Not implemented");
-   return -1;
+   if (len < 0) {
+      return -1;
+   }
+   const auto rv = ROOT::Internal::GetCryptoRandom(buf, len);
+   return rv ? len : -1;
 }
 
 

core/base/test/CMakeLists.txt

@@ -26,6 +26,8 @@ ROOT_ADD_GTEST(CoreErrorTests TErrorTests.cxx LIBRARIES Core)
 
 ROOT_ADD_GTEST(CoreSystemTests TSystemTests.cxx LIBRARIES Core)
 
+ROOT_ADD_GTEST(CoreCryptoRandomTest CryptoRandomTest.cxx LIBRARIES Core)
+
 ROOT_ADD_GTEST(CoreColorTests TColorTests.cxx LIBRARIES Core)
 if(CMAKE_SYSTEM_NAME MATCHES "Darwin" AND CMAKE_HOST_SYSTEM_VERSION VERSION_GREATER_EQUAL 25.4)
   set_tests_properties(gtest-core-base-CoreColorTests PROPERTIES DISABLED True)

core/base/test/CryptoRandomTest.cxx

@@ -0,0 +1,39 @@
+#include "gtest/gtest.h"
+
+#include <ROOT/RCryptoRandom.hxx>
+
+TEST(TSystem, CryptoRandom)
+{
+   // test with 512 bits, longer keys may not work
+
+   const int len = 64;
+   uint8_t buf[64];
+
+   for (int n = 0; n < len; n++)
+      buf[n] = 0;
+
+   EXPECT_TRUE(ROOT::Internal::GetCryptoRandom(buf, len));
+
+   int nmatch = 0;
+
+   for (int n = 0; n < len; n++)
+      if (buf[n] == 0)
+         nmatch++;
+
+   // check that values in buffer changed
+   EXPECT_TRUE(nmatch != len);
+
+   for (int n = 0; n < len; n++)
+      buf[n] = n;
+
+   EXPECT_TRUE(ROOT::Internal::GetCryptoRandom(buf, len));
+
+   nmatch = 0;
+
+   for (int n = 0; n < len; n++)
+      if (buf[n] == n)
+         nmatch++;
+
+   // check that values in buffer changed
+   EXPECT_TRUE(nmatch != len);
+}

core/base/test/TSystemTests.cxx

@@ -56,43 +56,3 @@ TEST(TSystem, TempFileSuffix)
 
    gSystem->Unlink(fname);
 }
-
-TEST(TSystem, CryptoRandom)
-{
-   // test with 512 bits, longer keys may not work
-
-   const int len = 64;
-   uint8_t buf[64];
-
-   for (int n = 0; n < len; n++)
-      buf[n] = 0;
-
-   auto res = gSystem->GetCryptoRandom(buf, len);
-
-   EXPECT_EQ(res, len);
-
-   int nmatch = 0;
-
-   for (int n = 0; n < len; n++)
-      if (buf[n] == 0)
-         nmatch++;
-
-   // check that values in buffer changed
-   EXPECT_TRUE(nmatch != len);
-
-   for (int n = 0; n < len; n++)
-      buf[n] = n;
-
-   res = gSystem->GetCryptoRandom(buf, len);
-
-   EXPECT_EQ(res, len);
-
-   nmatch = 0;
-
-   for (int n = 0; n < len; n++)
-      if (buf[n] == n)
-         nmatch++;
-
-   // check that values in buffer changed
-   EXPECT_TRUE(nmatch != len);
-}

core/unix/CMakeLists.txt

@@ -20,68 +20,4 @@ if (CMAKE_SYSTEM_NAME MATCHES FreeBSD)
   target_link_libraries(Core PRIVATE execinfo util)
 endif()
 
-CHECK_CXX_SOURCE_COMPILES("#include <cstdlib>
-int main() { char buf[32]; arc4random_buf(buf, 32); return 0;}" found_arc4)
-
-if(found_arc4)
-   message(STATUS "Found arc4random_buf in stdlib.h")
-   target_compile_definitions(Core PRIVATE R__ARC4_STDLIB)
-else()
-  set(OLD_CMAKE_REQUIRED_INCLUDES ${CMAKE_REQUIRED_INCLUDES})
-  set(OLD_CMAKE_REQUIRED_LIBRARIES ${CMAKE_REQUIRED_LIBRARIES})
-  if(DEFINED LIBBSDROOT)
-     set(CMAKE_REQUIRED_INCLUDES ${LIBBSDROOT}/include)
-     set(CMAKE_REQUIRED_LIBRARIES ${LIBBSDROOT}/lib/libbsd.so)
-  endif()
-  CHECK_CXX_SOURCE_COMPILES("#include <bsd/stdlib.h>
-  int main() { char buf[32]; arc4random_buf(buf, 32); return 0;}" found_arc4_bsd)
-  set(CMAKE_REQUIRED_INCLUDES ${OLD_CMAKE_REQUIRED_INCLUDES})
-  set(CMAKE_REQUIRED_LIBRARIES ${OLD_CMAKE_REQUIRED_LIBRARIES})
-  if(found_arc4_bsd)
-    message(STATUS "Found arc4random_buf in bsd/stdlib.h")
-    target_compile_definitions(Core PRIVATE R__ARC4_BSDLIB)
-    if(DEFINED LIBBSDROOT)
-      target_include_directories(Core PRIVATE ${LIBBSDROOT}/include)
-      target_link_libraries(Core PRIVATE ${LIBBSDROOT}/lib/libbsd.so)
-    endif()
-  else()
-    CHECK_CXX_SOURCE_COMPILES("#include <sys/random.h>
-    int main() { char buf[32]; int res = getrandom(buf, 32, GRND_NONBLOCK); return 0;}" found_getrandom)
-    if(found_getrandom)
-      message(STATUS "Found getrandom in sys/random.h")
-      target_compile_definitions(Core PRIVATE R__GETRANDOM_CLIB)
-    else()
-      CHECK_CXX_SOURCE_RUNS("
-      #include <fstream>
-
-      int main() {
-          std::ifstream urandom{\"/dev/urandom\"};
-          if (!urandom) {
-              // This will make the CMake command fail
-              return 1;
-          }
-      
-          constexpr int len{32};
-          char buf[len];
-          for (int n = 0; n < len; n++) buf[n] = 0;
-          urandom.read(buf, len);
-      
-          int nmatch = 0;
-          for (int n = 0; n < len; n++)
-              if (buf[n] == 0) nmatch++;
-      
-          // Fail if no values have changed
-          return nmatch != len ? 0 : 1;
-      }" found_urandom)
-      if(found_urandom)
-        message(STATUS "Found random device in /dev/urandom")
-        target_compile_definitions(Core PRIVATE R__USE_URANDOM)
-      else()
-        message(FATAL_ERROR "Fail to detect cryptographic random generator")
-      endif()
-    endif()
-  endif()
-endif()
-
-
 ROOT_INSTALL_HEADERS()

core/unix/inc/TUnixSystem.h

@@ -78,7 +78,6 @@ class TUnixSystem : public TSystem {
    void              SetProgname(const char *name) override;
    void              SetDisplay() override;
    const char       *GetError() override;
-   Int_t             GetCryptoRandom(void *buf, Int_t len) override;
    const char       *HostName() override;
 
    //---- EventLoop --------------------------------------------