rust-lang/rust
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
Files
62652865b6029b4776a7c03efa13a37b15c9b953
rust/library/std/src/sys/unix/rand.rs

240 lines
7.7 KiB
Rust
Raw Normal View History

libstd => 2018
2019-02-11 04:23:21 +09:00
use crate::mem;
use crate::slice;
std: Remove `rand` crate and module This commit removes the `rand` crate from the standard library facade as well as the `__rand` module in the standard library. Neither of these were used in any meaningful way in the standard library itself. The only need for randomness in libstd is to initialize the thread-local keys of a `HashMap`, and that unconditionally used `OsRng` defined in the standard library anyway. The cruft of the `rand` crate and the extra `rand` support in the standard library makes libstd slightly more difficult to port to new platforms, namely WebAssembly which doesn't have any randomness at all (without interfacing with JS). The purpose of this commit is to clarify and streamline randomness in libstd, focusing on how it's only required in one location, hashmap seeds. Note that the `rand` crate out of tree has almost always been a drop-in replacement for the `rand` crate in-tree, so any usage (accidental or purposeful) of the crate in-tree should switch to the `rand` crate on crates.io. This then also has the further benefit of avoiding duplication (mostly) between the two crates!
2017-11-01 12:32:13 -07:00
pub fn hashmap_random_keys() -> (u64, u64) {
let mut v = (0, 0);
unsafe {
Format libstd/sys with rustfmt This commit applies rustfmt with rust-lang/rust's default settings to files in src/libstd/sys *that are not involved in any currently open PR* to minimize merge conflicts. THe list of files involved in open PRs was determined by querying GitHub's GraphQL API with this script: https://gist.github.com/dtolnay/aa9c34993dc051a4f344d1b10e4487e8 With the list of files from the script in outstanding_files, the relevant commands were: $ find src/libstd/sys -name '*.rs' \ | xargs rustfmt --edition=2018 --unstable-features --skip-children $ rg libstd/sys outstanding_files | xargs git checkout -- Repeating this process several months apart should get us coverage of most of the rest of the files. To confirm no funny business: $ git checkout $THIS_COMMIT^ $ git show --pretty= --name-only $THIS_COMMIT \ | xargs rustfmt --edition=2018 --unstable-features --skip-children $ git diff $THIS_COMMIT # there should be no difference
2019-11-27 10:28:39 -08:00
let view = slice::from_raw_parts_mut(&mut v as *mut _ as *mut u8, mem::size_of_val(&v));
std: Remove `rand` crate and module This commit removes the `rand` crate from the standard library facade as well as the `__rand` module in the standard library. Neither of these were used in any meaningful way in the standard library itself. The only need for randomness in libstd is to initialize the thread-local keys of a `HashMap`, and that unconditionally used `OsRng` defined in the standard library anyway. The cruft of the `rand` crate and the extra `rand` support in the standard library makes libstd slightly more difficult to port to new platforms, namely WebAssembly which doesn't have any randomness at all (without interfacing with JS). The purpose of this commit is to clarify and streamline randomness in libstd, focusing on how it's only required in one location, hashmap seeds. Note that the `rand` crate out of tree has almost always been a drop-in replacement for the `rand` crate in-tree, so any usage (accidental or purposeful) of the crate in-tree should switch to the `rand` crate on crates.io. This then also has the further benefit of avoiding duplication (mostly) between the two crates!
2017-11-01 12:32:13 -07:00
imp::fill_bytes(view);
}
Apply clippy::needless_return suggestions
2019-09-05 13:30:30 +02:00
v
Reduce duplication in std::sys::unix::rand. There were a bunch of more-of-less the same few lines for doing a fill_bytes+transmute, and I didn't want to copy-paste it yet again.
2016-07-29 07:48:52 +00:00
}
Format libstd/sys with rustfmt This commit applies rustfmt with rust-lang/rust's default settings to files in src/libstd/sys *that are not involved in any currently open PR* to minimize merge conflicts. THe list of files involved in open PRs was determined by querying GitHub's GraphQL API with this script: https://gist.github.com/dtolnay/aa9c34993dc051a4f344d1b10e4487e8 With the list of files from the script in outstanding_files, the relevant commands were: $ find src/libstd/sys -name '*.rs' \ | xargs rustfmt --edition=2018 --unstable-features --skip-children $ rg libstd/sys outstanding_files | xargs git checkout -- Repeating this process several months apart should get us coverage of most of the rest of the files. To confirm no funny business: $ git checkout $THIS_COMMIT^ $ git show --pretty= --name-only $THIS_COMMIT \ | xargs rustfmt --edition=2018 --unstable-features --skip-children $ git diff $THIS_COMMIT # there should be no difference
2019-11-27 10:28:39 -08:00
#[cfg(all(
unix,
Use getentropy(2) on macos
2020-03-21 13:47:01 +09:00
not(target_os = "macos"),
Format libstd/sys with rustfmt This commit applies rustfmt with rust-lang/rust's default settings to files in src/libstd/sys *that are not involved in any currently open PR* to minimize merge conflicts. THe list of files involved in open PRs was determined by querying GitHub's GraphQL API with this script: https://gist.github.com/dtolnay/aa9c34993dc051a4f344d1b10e4487e8 With the list of files from the script in outstanding_files, the relevant commands were: $ find src/libstd/sys -name '*.rs' \ | xargs rustfmt --edition=2018 --unstable-features --skip-children $ rg libstd/sys outstanding_files | xargs git checkout -- Repeating this process several months apart should get us coverage of most of the rest of the files. To confirm no funny business: $ git checkout $THIS_COMMIT^ $ git show --pretty= --name-only $THIS_COMMIT \ | xargs rustfmt --edition=2018 --unstable-features --skip-children $ git diff $THIS_COMMIT # there should be no difference
2019-11-27 10:28:39 -08:00
not(target_os = "ios"),
not(target_os = "openbsd"),
not(target_os = "freebsd"),
not(target_os = "netbsd"),
not(target_os = "fuchsia"),
not(target_os = "redox")
))]
rand: Rewrite OsRng in Rust for windows This removes even more rust_builtin.c code, and allows us to more gracefully handle errors (not a process panic, but a task failure).
2014-03-19 17:53:57 -07:00
mod imp {
libstd => 2018
2019-02-11 04:23:21 +09:00
use crate::fs::File;
use crate::io::Read;
Reduce number of syscalls in `rand` In case that it is statically known that the OS doesn't support `getrandom` (non-Linux) or becomes clear at runtime that `getrandom` isn't available (`ENOSYS`), the opened fd ("/dev/urandom") isn't closed after the function, so that future calls can reuse it. This saves repeated `open`/`close` system calls at the cost of one permanently open fd. Additionally, this skips the initial zero-length `getrandom` call and directly hands the user buffer to the operating system, saving one `getrandom` syscall.
2018-08-26 21:13:44 +02:00
Use getrandom syscall for all Linux and Android targets.
2017-11-09 18:49:29 -02:00
#[cfg(any(target_os = "linux", target_os = "android"))]
linux: try to use libc getrandom to allow interposition We'll try to use a weak `getrandom` symbol first, because that allows things like `LD_PRELOAD` interposition. For example, perf measurements might want to disable randomness to get reproducible results. If the weak symbol is not found, we fall back to a raw `SYS_getrandom` call.
2020-11-05 12:38:09 -08:00
fn getrandom(buf: &mut [u8]) -> libc::ssize_t {
// A weak symbol allows interposition, e.g. for perf measurements that want to
// disable randomness for consistency. Otherwise, we'll try a raw syscall.
// (`getrandom` was added in glibc 2.25, musl 1.1.20, android API level 28)
Try weak symbols for all linux syscall! wrappers
2020-11-05 14:08:42 -08:00
syscall! {
linux: try to use libc getrandom to allow interposition We'll try to use a weak `getrandom` symbol first, because that allows things like `LD_PRELOAD` interposition. For example, perf measurements might want to disable randomness to get reproducible results. If the weak symbol is not found, we fall back to a raw `SYS_getrandom` call.
2020-11-05 12:38:09 -08:00
fn getrandom(
buffer: *mut libc::c_void,
length: libc::size_t,
flags: libc::c_uint
) -> libc::ssize_t
std::rand::OsRng: Use `getrandom` syscall on Linux `getrandom(2)` system call [1] has been added on Linux 3.17. This patch makes `OsRng` use `getrandom` if available, and use traditional `/dev/urandom` fallback if not. [1]: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c6e9d6f38894798696f23c8084ca7edbf16ee895
2014-11-06 03:53:27 +09:00
}
linux: try to use libc getrandom to allow interposition We'll try to use a weak `getrandom` symbol first, because that allows things like `LD_PRELOAD` interposition. For example, perf measurements might want to disable randomness to get reproducible results. If the weak symbol is not found, we fall back to a raw `SYS_getrandom` call.
2020-11-05 12:38:09 -08:00
unsafe { getrandom(buf.as_mut_ptr().cast(), buf.len(), libc::GRND_NONBLOCK) }
std::rand::OsRng: Use `getrandom` syscall on Linux `getrandom(2)` system call [1] has been added on Linux 3.17. This patch makes `OsRng` use `getrandom` if available, and use traditional `/dev/urandom` fallback if not. [1]: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c6e9d6f38894798696f23c8084ca7edbf16ee895
2014-11-06 03:53:27 +09:00
}
Use getrandom syscall for all Linux and Android targets.
2017-11-09 18:49:29 -02:00
#[cfg(not(any(target_os = "linux", target_os = "android")))]
Format libstd/sys with rustfmt This commit applies rustfmt with rust-lang/rust's default settings to files in src/libstd/sys *that are not involved in any currently open PR* to minimize merge conflicts. THe list of files involved in open PRs was determined by querying GitHub's GraphQL API with this script: https://gist.github.com/dtolnay/aa9c34993dc051a4f344d1b10e4487e8 With the list of files from the script in outstanding_files, the relevant commands were: $ find src/libstd/sys -name '*.rs' \ | xargs rustfmt --edition=2018 --unstable-features --skip-children $ rg libstd/sys outstanding_files | xargs git checkout -- Repeating this process several months apart should get us coverage of most of the rest of the files. To confirm no funny business: $ git checkout $THIS_COMMIT^ $ git show --pretty= --name-only $THIS_COMMIT \ | xargs rustfmt --edition=2018 --unstable-features --skip-children $ git diff $THIS_COMMIT # there should be no difference
2019-11-27 10:28:39 -08:00
fn getrandom_fill_bytes(_buf: &mut [u8]) -> bool {
false
}
std::rand::OsRng: Use `getrandom` syscall on Linux `getrandom(2)` system call [1] has been added on Linux 3.17. This patch makes `OsRng` use `getrandom` if available, and use traditional `/dev/urandom` fallback if not. [1]: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c6e9d6f38894798696f23c8084ca7edbf16ee895
2014-11-06 03:53:27 +09:00
Reduce number of syscalls in `rand` In case that it is statically known that the OS doesn't support `getrandom` (non-Linux) or becomes clear at runtime that `getrandom` isn't available (`ENOSYS`), the opened fd ("/dev/urandom") isn't closed after the function, so that future calls can reuse it. This saves repeated `open`/`close` system calls at the cost of one permanently open fd. Additionally, this skips the initial zero-length `getrandom` call and directly hands the user buffer to the operating system, saving one `getrandom` syscall.
2018-08-26 21:13:44 +02:00
#[cfg(any(target_os = "linux", target_os = "android"))]
std: Remove `rand` crate and module This commit removes the `rand` crate from the standard library facade as well as the `__rand` module in the standard library. Neither of these were used in any meaningful way in the standard library itself. The only need for randomness in libstd is to initialize the thread-local keys of a `HashMap`, and that unconditionally used `OsRng` defined in the standard library anyway. The cruft of the `rand` crate and the extra `rand` support in the standard library makes libstd slightly more difficult to port to new platforms, namely WebAssembly which doesn't have any randomness at all (without interfacing with JS). The purpose of this commit is to clarify and streamline randomness in libstd, focusing on how it's only required in one location, hashmap seeds. Note that the `rand` crate out of tree has almost always been a drop-in replacement for the `rand` crate in-tree, so any usage (accidental or purposeful) of the crate in-tree should switch to the `rand` crate on crates.io. This then also has the further benefit of avoiding duplication (mostly) between the two crates!
2017-11-01 12:32:13 -07:00
fn getrandom_fill_bytes(v: &mut [u8]) -> bool {
libstd => 2018
2019-02-11 04:23:21 +09:00
use crate::sync::atomic::{AtomicBool, Ordering};
use crate::sys::os::errno;
Don't leak the file descriptor in `rand`
2018-08-29 22:30:29 +02:00
static GETRANDOM_UNAVAILABLE: AtomicBool = AtomicBool::new(false);
if GETRANDOM_UNAVAILABLE.load(Ordering::Relaxed) {
Reduce number of syscalls in `rand` In case that it is statically known that the OS doesn't support `getrandom` (non-Linux) or becomes clear at runtime that `getrandom` isn't available (`ENOSYS`), the opened fd ("/dev/urandom") isn't closed after the function, so that future calls can reuse it. This saves repeated `open`/`close` system calls at the cost of one permanently open fd. Additionally, this skips the initial zero-length `getrandom` call and directly hands the user buffer to the operating system, saving one `getrandom` syscall.
2018-08-26 21:13:44 +02:00
return false;
}
std::rand::OsRng: Use `getrandom` syscall on Linux `getrandom(2)` system call [1] has been added on Linux 3.17. This patch makes `OsRng` use `getrandom` if available, and use traditional `/dev/urandom` fallback if not. [1]: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c6e9d6f38894798696f23c8084ca7edbf16ee895
2014-11-06 03:53:27 +09:00
let mut read = 0;
Trivial cleanup Remove a needless variable and simply a cfg().
2015-12-17 00:36:31 -05:00
while read < v.len() {
Fallout from stabilization.
2015-01-17 16:15:52 -08:00
let result = getrandom(&mut v[read..]);
std::rand::OsRng: Use `getrandom` syscall on Linux `getrandom(2)` system call [1] has been added on Linux 3.17. This patch makes `OsRng` use `getrandom` if available, and use traditional `/dev/urandom` fallback if not. [1]: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c6e9d6f38894798696f23c8084ca7edbf16ee895
2014-11-06 03:53:27 +09:00
if result == -1 {
let err = errno() as libc::c_int;
if err == libc::EINTR {
continue;
Fall back to `/dev/urandom` on `EPERM` for `getrandom` This can happen because of seccomp or some VMs. Fixes #52609.
2019-05-01 22:23:07 +02:00
} else if err == libc::ENOSYS || err == libc::EPERM {
// Fall back to reading /dev/urandom if `getrandom` is not
// supported on the current kernel.
//
// Also fall back in case it is disabled by something like
// seccomp or inside of virtual machines.
Reduce number of syscalls in `rand` In case that it is statically known that the OS doesn't support `getrandom` (non-Linux) or becomes clear at runtime that `getrandom` isn't available (`ENOSYS`), the opened fd ("/dev/urandom") isn't closed after the function, so that future calls can reuse it. This saves repeated `open`/`close` system calls at the cost of one permanently open fd. Additionally, this skips the initial zero-length `getrandom` call and directly hands the user buffer to the operating system, saving one `getrandom` syscall.
2018-08-26 21:13:44 +02:00
GETRANDOM_UNAVAILABLE.store(true, Ordering::Relaxed);
Fix an endless loop when `getrandom` is not available
2018-09-02 00:19:11 +02:00
return false;
rand: don't block before random pool is initialized If we attempt a read with getrandom() on Linux the syscall can block before the random pool is initialized unless the GRND_NONBLOCK flag is passed. This flag causes getrandom() to instead return EAGAIN while the pool is uninitialized. To avoid downstream users of crate or std functionality that have no ability to avoid this blocking behavior this change causes Rust to read bytes from /dev/urandom while getrandom() would block and once getrandom() is available to use that. Fixes #32953. Signed-off-by: Doug Goldstein <cardoe@cardoe.com>
2016-04-16 15:25:56 -05:00
} else if err == libc::EAGAIN {
Reduce number of syscalls in `rand` In case that it is statically known that the OS doesn't support `getrandom` (non-Linux) or becomes clear at runtime that `getrandom` isn't available (`ENOSYS`), the opened fd ("/dev/urandom") isn't closed after the function, so that future calls can reuse it. This saves repeated `open`/`close` system calls at the cost of one permanently open fd. Additionally, this skips the initial zero-length `getrandom` call and directly hands the user buffer to the operating system, saving one `getrandom` syscall.
2018-08-26 21:13:44 +02:00
return false;
std::rand::OsRng: Use `getrandom` syscall on Linux `getrandom(2)` system call [1] has been added on Linux 3.17. This patch makes `OsRng` use `getrandom` if available, and use traditional `/dev/urandom` fallback if not. [1]: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c6e9d6f38894798696f23c8084ca7edbf16ee895
2014-11-06 03:53:27 +09:00
} else {
panic!("unexpected getrandom error: {}", err);
}
} else {
cleanup depricated `uint` in rand mod and rand os
2015-01-26 19:48:29 -05:00
read += result as usize;
std::rand::OsRng: Use `getrandom` syscall on Linux `getrandom(2)` system call [1] has been added on Linux 3.17. This patch makes `OsRng` use `getrandom` if available, and use traditional `/dev/urandom` fallback if not. [1]: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c6e9d6f38894798696f23c8084ca7edbf16ee895
2014-11-06 03:53:27 +09:00
}
}
Reduce number of syscalls in `rand` In case that it is statically known that the OS doesn't support `getrandom` (non-Linux) or becomes clear at runtime that `getrandom` isn't available (`ENOSYS`), the opened fd ("/dev/urandom") isn't closed after the function, so that future calls can reuse it. This saves repeated `open`/`close` system calls at the cost of one permanently open fd. Additionally, this skips the initial zero-length `getrandom` call and directly hands the user buffer to the operating system, saving one `getrandom` syscall.
2018-08-26 21:13:44 +02:00
true
std::rand::OsRng: Use `getrandom` syscall on Linux `getrandom(2)` system call [1] has been added on Linux 3.17. This patch makes `OsRng` use `getrandom` if available, and use traditional `/dev/urandom` fallback if not. [1]: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c6e9d6f38894798696f23c8084ca7edbf16ee895
2014-11-06 03:53:27 +09:00
}
std: Remove `rand` crate and module This commit removes the `rand` crate from the standard library facade as well as the `__rand` module in the standard library. Neither of these were used in any meaningful way in the standard library itself. The only need for randomness in libstd is to initialize the thread-local keys of a `HashMap`, and that unconditionally used `OsRng` defined in the standard library anyway. The cruft of the `rand` crate and the extra `rand` support in the standard library makes libstd slightly more difficult to port to new platforms, namely WebAssembly which doesn't have any randomness at all (without interfacing with JS). The purpose of this commit is to clarify and streamline randomness in libstd, focusing on how it's only required in one location, hashmap seeds. Note that the `rand` crate out of tree has almost always been a drop-in replacement for the `rand` crate in-tree, so any usage (accidental or purposeful) of the crate in-tree should switch to the `rand` crate on crates.io. This then also has the further benefit of avoiding duplication (mostly) between the two crates!
2017-11-01 12:32:13 -07:00
pub fn fill_bytes(v: &mut [u8]) {
// getrandom_fill_bytes here can fail if getrandom() returns EAGAIN,
// meaning it would have blocked because the non-blocking pool (urandom)
Reduce number of syscalls in `rand` In case that it is statically known that the OS doesn't support `getrandom` (non-Linux) or becomes clear at runtime that `getrandom` isn't available (`ENOSYS`), the opened fd ("/dev/urandom") isn't closed after the function, so that future calls can reuse it. This saves repeated `open`/`close` system calls at the cost of one permanently open fd. Additionally, this skips the initial zero-length `getrandom` call and directly hands the user buffer to the operating system, saving one `getrandom` syscall.
2018-08-26 21:13:44 +02:00
// has not initialized in the kernel yet due to a lack of entropy. The
std: Remove `rand` crate and module This commit removes the `rand` crate from the standard library facade as well as the `__rand` module in the standard library. Neither of these were used in any meaningful way in the standard library itself. The only need for randomness in libstd is to initialize the thread-local keys of a `HashMap`, and that unconditionally used `OsRng` defined in the standard library anyway. The cruft of the `rand` crate and the extra `rand` support in the standard library makes libstd slightly more difficult to port to new platforms, namely WebAssembly which doesn't have any randomness at all (without interfacing with JS). The purpose of this commit is to clarify and streamline randomness in libstd, focusing on how it's only required in one location, hashmap seeds. Note that the `rand` crate out of tree has almost always been a drop-in replacement for the `rand` crate in-tree, so any usage (accidental or purposeful) of the crate in-tree should switch to the `rand` crate on crates.io. This then also has the further benefit of avoiding duplication (mostly) between the two crates!
2017-11-01 12:32:13 -07:00
// fallback we do here is to avoid blocking applications which could
// depend on this call without ever knowing they do and don't have a
Reduce number of syscalls in `rand` In case that it is statically known that the OS doesn't support `getrandom` (non-Linux) or becomes clear at runtime that `getrandom` isn't available (`ENOSYS`), the opened fd ("/dev/urandom") isn't closed after the function, so that future calls can reuse it. This saves repeated `open`/`close` system calls at the cost of one permanently open fd. Additionally, this skips the initial zero-length `getrandom` call and directly hands the user buffer to the operating system, saving one `getrandom` syscall.
2018-08-26 21:13:44 +02:00
// work around. The PRNG of /dev/urandom will still be used but over a
// possibly predictable entropy pool.
if getrandom_fill_bytes(v) {
return;
rand: Rewrite OsRng in Rust for windows This removes even more rust_builtin.c code, and allows us to more gracefully handle errors (not a process panic, but a task failure).
2014-03-19 17:53:57 -07:00
}
std::rand: Add OSRng, ReaderRng wrappers around the OS RNG & generic Readers respectively. The former reads from e.g. /dev/urandom, the latter just wraps any std::rt::io::Reader into an interface that implements Rng. This also adds Rng.fill_bytes for efficient implementations of the above (reading 8 bytes at a time is inefficient when you can read 1000), and removes the dependence on src/rt (i.e. rand_gen_seed) although this last one requires implementing hand-seeding of the XorShiftRng used in the scheduler on Linux/unixes, since OSRng relies on a scheduler existing to be able to read from /dev/urandom.
2013-09-22 20:51:57 +10:00
Don't leak the file descriptor in `rand`
2018-08-29 22:30:29 +02:00
// getrandom failed because it is permanently or temporarily (because
// of missing entropy) unavailable. Open /dev/urandom, read from it,
// and close it again.
let mut file = File::open("/dev/urandom").expect("failed to open /dev/urandom");
file.read_exact(v).expect("failed to read /dev/urandom")
Use getentropy(2) on macos
2020-03-21 13:47:01 +09:00
}
}
#[cfg(target_os = "macos")]
mod imp {
use crate::fs::File;
use crate::io::Read;
use crate::sys::os::errno;
use libc::{c_int, c_void, size_t};
fn getentropy_fill_bytes(v: &mut [u8]) -> bool {
weak!(fn getentropy(*mut c_void, size_t) -> c_int);
getentropy
.get()
.map(|f| {
// getentropy(2) permits a maximum buffer size of 256 bytes
for s in v.chunks_mut(256) {
let ret = unsafe { f(s.as_mut_ptr() as *mut c_void, s.len()) };
if ret == -1 {
panic!("unexpected getentropy error: {}", errno());
}
}
true
})
.unwrap_or(false)
}
pub fn fill_bytes(v: &mut [u8]) {
if getentropy_fill_bytes(v) {
return;
}
// for older macos which doesn't support getentropy
let mut file = File::open("/dev/urandom").expect("failed to open /dev/urandom");
file.read_exact(v).expect("failed to read /dev/urandom")
std::rand: Add OSRng, ReaderRng wrappers around the OS RNG & generic Readers respectively. The former reads from e.g. /dev/urandom, the latter just wraps any std::rt::io::Reader into an interface that implements Rng. This also adds Rng.fill_bytes for efficient implementations of the above (reading 8 bytes at a time is inefficient when you can read 1000), and removes the dependence on src/rt (i.e. rand_gen_seed) although this last one requires implementing hand-seeding of the XorShiftRng used in the scheduler on Linux/unixes, since OSRng relies on a scheduler existing to be able to read from /dev/urandom.
2013-09-22 20:51:57 +10:00
}
}
Use the getentropy(2) syscall on OpenBSD Rust already supports Linux's getrandom(2), which is very similar and was based on getentropy(2). This is a pretty clean, simple addition that uses the same approach as the iOS randomness API support.
2015-12-16 21:54:16 -05:00
#[cfg(target_os = "openbsd")]
mod imp {
libstd => 2018
2019-02-11 04:23:21 +09:00
use crate::sys::os::errno;
Use the getentropy(2) syscall on OpenBSD Rust already supports Linux's getrandom(2), which is very similar and was based on getentropy(2). This is a pretty clean, simple addition that uses the same approach as the iOS randomness API support.
2015-12-16 21:54:16 -05:00
std: Remove `rand` crate and module This commit removes the `rand` crate from the standard library facade as well as the `__rand` module in the standard library. Neither of these were used in any meaningful way in the standard library itself. The only need for randomness in libstd is to initialize the thread-local keys of a `HashMap`, and that unconditionally used `OsRng` defined in the standard library anyway. The cruft of the `rand` crate and the extra `rand` support in the standard library makes libstd slightly more difficult to port to new platforms, namely WebAssembly which doesn't have any randomness at all (without interfacing with JS). The purpose of this commit is to clarify and streamline randomness in libstd, focusing on how it's only required in one location, hashmap seeds. Note that the `rand` crate out of tree has almost always been a drop-in replacement for the `rand` crate in-tree, so any usage (accidental or purposeful) of the crate in-tree should switch to the `rand` crate on crates.io. This then also has the further benefit of avoiding duplication (mostly) between the two crates!
2017-11-01 12:32:13 -07:00
pub fn fill_bytes(v: &mut [u8]) {
// getentropy(2) permits a maximum buffer size of 256 bytes
for s in v.chunks_mut(256) {
Format libstd/sys with rustfmt This commit applies rustfmt with rust-lang/rust's default settings to files in src/libstd/sys *that are not involved in any currently open PR* to minimize merge conflicts. THe list of files involved in open PRs was determined by querying GitHub's GraphQL API with this script: https://gist.github.com/dtolnay/aa9c34993dc051a4f344d1b10e4487e8 With the list of files from the script in outstanding_files, the relevant commands were: $ find src/libstd/sys -name '*.rs' \ | xargs rustfmt --edition=2018 --unstable-features --skip-children $ rg libstd/sys outstanding_files | xargs git checkout -- Repeating this process several months apart should get us coverage of most of the rest of the files. To confirm no funny business: $ git checkout $THIS_COMMIT^ $ git show --pretty= --name-only $THIS_COMMIT \ | xargs rustfmt --edition=2018 --unstable-features --skip-children $ git diff $THIS_COMMIT # there should be no difference
2019-11-27 10:28:39 -08:00
let ret = unsafe { libc::getentropy(s.as_mut_ptr() as *mut libc::c_void, s.len()) };
std: Remove `rand` crate and module This commit removes the `rand` crate from the standard library facade as well as the `__rand` module in the standard library. Neither of these were used in any meaningful way in the standard library itself. The only need for randomness in libstd is to initialize the thread-local keys of a `HashMap`, and that unconditionally used `OsRng` defined in the standard library anyway. The cruft of the `rand` crate and the extra `rand` support in the standard library makes libstd slightly more difficult to port to new platforms, namely WebAssembly which doesn't have any randomness at all (without interfacing with JS). The purpose of this commit is to clarify and streamline randomness in libstd, focusing on how it's only required in one location, hashmap seeds. Note that the `rand` crate out of tree has almost always been a drop-in replacement for the `rand` crate in-tree, so any usage (accidental or purposeful) of the crate in-tree should switch to the `rand` crate on crates.io. This then also has the further benefit of avoiding duplication (mostly) between the two crates!
2017-11-01 12:32:13 -07:00
if ret == -1 {
panic!("unexpected getentropy error: {}", errno());
Use the getentropy(2) syscall on OpenBSD Rust already supports Linux's getrandom(2), which is very similar and was based on getentropy(2). This is a pretty clean, simple addition that uses the same approach as the iOS randomness API support.
2015-12-16 21:54:16 -05:00
}
}
}
}
Add a comment explaining why SecRandomCopyBytes is not used on MacOS
2019-04-11 13:47:27 +01:00
// On iOS and MacOS `SecRandomCopyBytes` calls `CCRandomCopyBytes` with
// `kCCRandomDefault`. `CCRandomCopyBytes` manages a CSPRNG which is seeded
// from `/dev/random` and which runs on its own thread accessed via GCD.
// This seems needlessly heavyweight for the purposes of generating two u64s
// once per thread in `hashmap_random_keys`. Therefore `SecRandomCopyBytes` is
// only used on iOS where direct access to `/dev/urandom` is blocked by the
// sandbox.
Basic iOS support
2014-05-05 10:07:49 +03:00
#[cfg(target_os = "ios")]
mod imp {
libstd => 2018
2019-02-11 04:23:21 +09:00
use crate::io;
use crate::ptr;
std: Fix imports for ios target
2015-08-11 14:52:22 -05:00
use libc::{c_int, size_t};
Basic iOS support
2014-05-05 10:07:49 +03:00
Better FFI discipline
2015-08-05 17:50:18 -04:00
enum SecRandom {}
Basic iOS support
2014-05-05 10:07:49 +03:00
Update code with new lint names
2014-10-27 15:37:07 -07:00
#[allow(non_upper_case_globals)]
Use `null()`/`null_mut()` instead of `0 as *const T`/`0 as *mut T`
2015-09-03 09:49:50 +03:00
const kSecRandomDefault: *const SecRandom = ptr::null();
Basic iOS support
2014-05-05 10:07:49 +03:00
Format libstd/sys with rustfmt This commit applies rustfmt with rust-lang/rust's default settings to files in src/libstd/sys *that are not involved in any currently open PR* to minimize merge conflicts. THe list of files involved in open PRs was determined by querying GitHub's GraphQL API with this script: https://gist.github.com/dtolnay/aa9c34993dc051a4f344d1b10e4487e8 With the list of files from the script in outstanding_files, the relevant commands were: $ find src/libstd/sys -name '*.rs' \ | xargs rustfmt --edition=2018 --unstable-features --skip-children $ rg libstd/sys outstanding_files | xargs git checkout -- Repeating this process several months apart should get us coverage of most of the rest of the files. To confirm no funny business: $ git checkout $THIS_COMMIT^ $ git show --pretty= --name-only $THIS_COMMIT \ | xargs rustfmt --edition=2018 --unstable-features --skip-children $ git diff $THIS_COMMIT # there should be no difference
2019-11-27 10:28:39 -08:00
extern "C" {
fn SecRandomCopyBytes(rnd: *const SecRandom, count: size_t, bytes: *mut u8) -> c_int;
Basic iOS support
2014-05-05 10:07:49 +03:00
}
std: Remove `rand` crate and module This commit removes the `rand` crate from the standard library facade as well as the `__rand` module in the standard library. Neither of these were used in any meaningful way in the standard library itself. The only need for randomness in libstd is to initialize the thread-local keys of a `HashMap`, and that unconditionally used `OsRng` defined in the standard library anyway. The cruft of the `rand` crate and the extra `rand` support in the standard library makes libstd slightly more difficult to port to new platforms, namely WebAssembly which doesn't have any randomness at all (without interfacing with JS). The purpose of this commit is to clarify and streamline randomness in libstd, focusing on how it's only required in one location, hashmap seeds. Note that the `rand` crate out of tree has almost always been a drop-in replacement for the `rand` crate in-tree, so any usage (accidental or purposeful) of the crate in-tree should switch to the `rand` crate on crates.io. This then also has the further benefit of avoiding duplication (mostly) between the two crates!
2017-11-01 12:32:13 -07:00
pub fn fill_bytes(v: &mut [u8]) {
Format libstd/sys with rustfmt This commit applies rustfmt with rust-lang/rust's default settings to files in src/libstd/sys *that are not involved in any currently open PR* to minimize merge conflicts. THe list of files involved in open PRs was determined by querying GitHub's GraphQL API with this script: https://gist.github.com/dtolnay/aa9c34993dc051a4f344d1b10e4487e8 With the list of files from the script in outstanding_files, the relevant commands were: $ find src/libstd/sys -name '*.rs' \ | xargs rustfmt --edition=2018 --unstable-features --skip-children $ rg libstd/sys outstanding_files | xargs git checkout -- Repeating this process several months apart should get us coverage of most of the rest of the files. To confirm no funny business: $ git checkout $THIS_COMMIT^ $ git show --pretty= --name-only $THIS_COMMIT \ | xargs rustfmt --edition=2018 --unstable-features --skip-children $ git diff $THIS_COMMIT # there should be no difference
2019-11-27 10:28:39 -08:00
let ret = unsafe { SecRandomCopyBytes(kSecRandomDefault, v.len(), v.as_mut_ptr()) };
std: Remove `rand` crate and module This commit removes the `rand` crate from the standard library facade as well as the `__rand` module in the standard library. Neither of these were used in any meaningful way in the standard library itself. The only need for randomness in libstd is to initialize the thread-local keys of a `HashMap`, and that unconditionally used `OsRng` defined in the standard library anyway. The cruft of the `rand` crate and the extra `rand` support in the standard library makes libstd slightly more difficult to port to new platforms, namely WebAssembly which doesn't have any randomness at all (without interfacing with JS). The purpose of this commit is to clarify and streamline randomness in libstd, focusing on how it's only required in one location, hashmap seeds. Note that the `rand` crate out of tree has almost always been a drop-in replacement for the `rand` crate in-tree, so any usage (accidental or purposeful) of the crate in-tree should switch to the `rand` crate on crates.io. This then also has the further benefit of avoiding duplication (mostly) between the two crates!
2017-11-01 12:32:13 -07:00
if ret == -1 {
Format libstd/sys with rustfmt This commit applies rustfmt with rust-lang/rust's default settings to files in src/libstd/sys *that are not involved in any currently open PR* to minimize merge conflicts. THe list of files involved in open PRs was determined by querying GitHub's GraphQL API with this script: https://gist.github.com/dtolnay/aa9c34993dc051a4f344d1b10e4487e8 With the list of files from the script in outstanding_files, the relevant commands were: $ find src/libstd/sys -name '*.rs' \ | xargs rustfmt --edition=2018 --unstable-features --skip-children $ rg libstd/sys outstanding_files | xargs git checkout -- Repeating this process several months apart should get us coverage of most of the rest of the files. To confirm no funny business: $ git checkout $THIS_COMMIT^ $ git show --pretty= --name-only $THIS_COMMIT \ | xargs rustfmt --edition=2018 --unstable-features --skip-children $ git diff $THIS_COMMIT # there should be no difference
2019-11-27 10:28:39 -08:00
panic!("couldn't generate random bytes: {}", io::Error::last_os_error());
Basic iOS support
2014-05-05 10:07:49 +03:00
}
}
}
Use the kernel arc4rand for FreeBSD OsRng. This means that /dev/urandom doesn't have to be opened.
2016-08-14 08:27:11 +00:00
Use any() in code shared between FreeBSD and NetBSD
2019-11-04 17:34:29 +00:00
#[cfg(any(target_os = "freebsd", target_os = "netbsd"))]
Use the kernel arc4rand for FreeBSD OsRng. This means that /dev/urandom doesn't have to be opened.
2016-08-14 08:27:11 +00:00
mod imp {
libstd => 2018
2019-02-11 04:23:21 +09:00
use crate::ptr;
Use the kernel arc4rand for FreeBSD OsRng. This means that /dev/urandom doesn't have to be opened.
2016-08-14 08:27:11 +00:00
std: Remove `rand` crate and module This commit removes the `rand` crate from the standard library facade as well as the `__rand` module in the standard library. Neither of these were used in any meaningful way in the standard library itself. The only need for randomness in libstd is to initialize the thread-local keys of a `HashMap`, and that unconditionally used `OsRng` defined in the standard library anyway. The cruft of the `rand` crate and the extra `rand` support in the standard library makes libstd slightly more difficult to port to new platforms, namely WebAssembly which doesn't have any randomness at all (without interfacing with JS). The purpose of this commit is to clarify and streamline randomness in libstd, focusing on how it's only required in one location, hashmap seeds. Note that the `rand` crate out of tree has almost always been a drop-in replacement for the `rand` crate in-tree, so any usage (accidental or purposeful) of the crate in-tree should switch to the `rand` crate on crates.io. This then also has the further benefit of avoiding duplication (mostly) between the two crates!
2017-11-01 12:32:13 -07:00
pub fn fill_bytes(v: &mut [u8]) {
let mib = [libc::CTL_KERN, libc::KERN_ARND];
// kern.arandom permits a maximum buffer size of 256 bytes
for s in v.chunks_mut(256) {
let mut s_len = s.len();
let ret = unsafe {
Format libstd/sys with rustfmt This commit applies rustfmt with rust-lang/rust's default settings to files in src/libstd/sys *that are not involved in any currently open PR* to minimize merge conflicts. THe list of files involved in open PRs was determined by querying GitHub's GraphQL API with this script: https://gist.github.com/dtolnay/aa9c34993dc051a4f344d1b10e4487e8 With the list of files from the script in outstanding_files, the relevant commands were: $ find src/libstd/sys -name '*.rs' \ | xargs rustfmt --edition=2018 --unstable-features --skip-children $ rg libstd/sys outstanding_files | xargs git checkout -- Repeating this process several months apart should get us coverage of most of the rest of the files. To confirm no funny business: $ git checkout $THIS_COMMIT^ $ git show --pretty= --name-only $THIS_COMMIT \ | xargs rustfmt --edition=2018 --unstable-features --skip-children $ git diff $THIS_COMMIT # there should be no difference
2019-11-27 10:28:39 -08:00
libc::sysctl(
mib.as_ptr(),
mib.len() as libc::c_uint,
s.as_mut_ptr() as *mut _,
&mut s_len,
ptr::null(),
0,
)
std: Remove `rand` crate and module This commit removes the `rand` crate from the standard library facade as well as the `__rand` module in the standard library. Neither of these were used in any meaningful way in the standard library itself. The only need for randomness in libstd is to initialize the thread-local keys of a `HashMap`, and that unconditionally used `OsRng` defined in the standard library anyway. The cruft of the `rand` crate and the extra `rand` support in the standard library makes libstd slightly more difficult to port to new platforms, namely WebAssembly which doesn't have any randomness at all (without interfacing with JS). The purpose of this commit is to clarify and streamline randomness in libstd, focusing on how it's only required in one location, hashmap seeds. Note that the `rand` crate out of tree has almost always been a drop-in replacement for the `rand` crate in-tree, so any usage (accidental or purposeful) of the crate in-tree should switch to the `rand` crate on crates.io. This then also has the further benefit of avoiding duplication (mostly) between the two crates!
2017-11-01 12:32:13 -07:00
};
if ret == -1 || s_len != s.len() {
Format libstd/sys with rustfmt This commit applies rustfmt with rust-lang/rust's default settings to files in src/libstd/sys *that are not involved in any currently open PR* to minimize merge conflicts. THe list of files involved in open PRs was determined by querying GitHub's GraphQL API with this script: https://gist.github.com/dtolnay/aa9c34993dc051a4f344d1b10e4487e8 With the list of files from the script in outstanding_files, the relevant commands were: $ find src/libstd/sys -name '*.rs' \ | xargs rustfmt --edition=2018 --unstable-features --skip-children $ rg libstd/sys outstanding_files | xargs git checkout -- Repeating this process several months apart should get us coverage of most of the rest of the files. To confirm no funny business: $ git checkout $THIS_COMMIT^ $ git show --pretty= --name-only $THIS_COMMIT \ | xargs rustfmt --edition=2018 --unstable-features --skip-children $ git diff $THIS_COMMIT # there should be no difference
2019-11-27 10:28:39 -08:00
panic!(
"kern.arandom sysctl failed! (returned {}, s.len() {}, oldlenp {})",
ret,
s.len(),
s_len
);
Use the kernel arc4rand for FreeBSD OsRng. This means that /dev/urandom doesn't have to be opened.
2016-08-14 08:27:11 +00:00
}
}
}
}
Add support for kernel randomness for Fuchsia Wire up cprng syscall as provider for rand::os::OsRng on Fuchsia.
2016-10-24 16:42:57 -07:00
#[cfg(target_os = "fuchsia")]
mod imp {
The Magenta kernel is now called Zircon.
2017-09-15 12:38:08 -07:00
#[link(name = "zircon")]
Format libstd/sys with rustfmt This commit applies rustfmt with rust-lang/rust's default settings to files in src/libstd/sys *that are not involved in any currently open PR* to minimize merge conflicts. THe list of files involved in open PRs was determined by querying GitHub's GraphQL API with this script: https://gist.github.com/dtolnay/aa9c34993dc051a4f344d1b10e4487e8 With the list of files from the script in outstanding_files, the relevant commands were: $ find src/libstd/sys -name '*.rs' \ | xargs rustfmt --edition=2018 --unstable-features --skip-children $ rg libstd/sys outstanding_files | xargs git checkout -- Repeating this process several months apart should get us coverage of most of the rest of the files. To confirm no funny business: $ git checkout $THIS_COMMIT^ $ git show --pretty= --name-only $THIS_COMMIT \ | xargs rustfmt --edition=2018 --unstable-features --skip-children $ git diff $THIS_COMMIT # there should be no difference
2019-11-27 10:28:39 -08:00
extern "C" {
[fuchsia] Update zx_cprng_draw to target semantics This change is the final step in improving the semantics of zx_cprng_draw. Now the syscall always generates the requested number of bytes. If the syscall would have failed to generate the requested number of bytes, the syscall either terminates the entire operating system or terminates the calling process, depending on whether the error is a result of the kernel misbehaving or the userspace program misbehaving.
2018-06-27 08:56:19 -07:00
fn zx_cprng_draw(buffer: *mut u8, len: usize);
Add support for kernel randomness for Fuchsia Wire up cprng syscall as provider for rand::os::OsRng on Fuchsia.
2016-10-24 16:42:57 -07:00
}
std: Remove `rand` crate and module This commit removes the `rand` crate from the standard library facade as well as the `__rand` module in the standard library. Neither of these were used in any meaningful way in the standard library itself. The only need for randomness in libstd is to initialize the thread-local keys of a `HashMap`, and that unconditionally used `OsRng` defined in the standard library anyway. The cruft of the `rand` crate and the extra `rand` support in the standard library makes libstd slightly more difficult to port to new platforms, namely WebAssembly which doesn't have any randomness at all (without interfacing with JS). The purpose of this commit is to clarify and streamline randomness in libstd, focusing on how it's only required in one location, hashmap seeds. Note that the `rand` crate out of tree has almost always been a drop-in replacement for the `rand` crate in-tree, so any usage (accidental or purposeful) of the crate in-tree should switch to the `rand` crate on crates.io. This then also has the further benefit of avoiding duplication (mostly) between the two crates!
2017-11-01 12:32:13 -07:00
pub fn fill_bytes(v: &mut [u8]) {
[fuchsia] Update zx_cprng_draw to target semantics This change is the final step in improving the semantics of zx_cprng_draw. Now the syscall always generates the requested number of bytes. If the syscall would have failed to generate the requested number of bytes, the syscall either terminates the entire operating system or terminates the calling process, depending on whether the error is a result of the kernel misbehaving or the userspace program misbehaving.
2018-06-27 08:56:19 -07:00
unsafe { zx_cprng_draw(v.as_mut_ptr(), v.len()) }
Add support for kernel randomness for Fuchsia Wire up cprng syscall as provider for rand::os::OsRng on Fuchsia.
2016-10-24 16:42:57 -07:00
}
}
redox: convert to target_family unix
2019-04-07 08:39:54 -06:00
#[cfg(target_os = "redox")]
mod imp {
use crate::fs::File;
use crate::io::Read;
pub fn fill_bytes(v: &mut [u8]) {
// Open rand:, read from it, and close it again.
let mut file = File::open("rand:").expect("failed to open rand:");
file.read_exact(v).expect("failed to read rand:")
}
}
Reference in New Issue Copy Permalink