From fd091b04316db9dc5fafadbd6bdbe60b127408a9 Mon Sep 17 00:00:00 2001 From: Daniel Mueller Date: Thu, 2 Jan 2020 08:32:06 -0800 Subject: Update nitrokey crate to 0.4.0 This change finally updates the version of the nitrokey crate that we consume to 0.4.0. Along with that we update rand_core, one of its dependencies, to 0.5.1. Further more we add cfg-if in version 0.1.10 and getrandom in version 0.1.13, both of which are now new (non-development) dependencies. Import subrepo nitrokey/:nitrokey at e81057037e9b4f370b64c0a030a725bc6bdfb870 Import subrepo cfg-if/:cfg-if at 4484a6faf816ff8058088ad857b0c6bb2f4b02b2 Import subrepo getrandom/:getrandom at d661aa7e1b8cc80b47dabe3d2135b3b47d2858af Import subrepo rand/:rand at d877ed528248b52d947e0484364a4e1ae59ca502 --- getrandom/.cargo/config | 5 + getrandom/.gitignore | 6 + getrandom/.travis.yml | 221 ++++++++++++++++++++++++++++++ getrandom/CHANGELOG.md | 158 ++++++++++++++++++++++ getrandom/Cargo.toml | 45 +++++++ getrandom/LICENSE-APACHE | 201 ++++++++++++++++++++++++++++ getrandom/LICENSE-MIT | 26 ++++ getrandom/README.md | 78 +++++++++++ getrandom/appveyor.yml | 52 ++++++++ getrandom/benches/mod.rs | 23 ++++ getrandom/build.rs | 19 +++ getrandom/src/bsd_arandom.rs | 49 +++++++ getrandom/src/cloudabi.rs | 25 ++++ getrandom/src/dummy.rs | 14 ++ getrandom/src/error.rs | 178 ++++++++++++++++++++++++ getrandom/src/error_impls.rs | 35 +++++ getrandom/src/fuchsia.rs | 20 +++ getrandom/src/ios.rs | 31 +++++ getrandom/src/lib.rs | 282 +++++++++++++++++++++++++++++++++++++++ getrandom/src/linux_android.rs | 44 ++++++ getrandom/src/macos.rs | 34 +++++ getrandom/src/openbsd.rs | 23 ++++ getrandom/src/rdrand.rs | 90 +++++++++++++ getrandom/src/solaris_illumos.rs | 44 ++++++ getrandom/src/use_file.rs | 73 ++++++++++ getrandom/src/util.rs | 96 +++++++++++++ getrandom/src/util_libc.rs | 143 ++++++++++++++++++++ getrandom/src/vxworks.rs | 35 +++++ getrandom/src/wasi.rs | 19 +++ getrandom/src/wasm32_bindgen.rs | 113 ++++++++++++++++ getrandom/src/wasm32_stdweb.rs | 114 ++++++++++++++++ getrandom/src/windows.rs | 26 ++++ getrandom/src/windows_uwp.rs | 59 ++++++++ getrandom/tests/common.rs | 68 ++++++++++ getrandom/utils/ci/install.sh | 49 +++++++ getrandom/utils/ci/script.sh | 13 ++ 36 files changed, 2511 insertions(+) create mode 100644 getrandom/.cargo/config create mode 100644 getrandom/.gitignore create mode 100644 getrandom/.travis.yml create mode 100644 getrandom/CHANGELOG.md create mode 100644 getrandom/Cargo.toml create mode 100644 getrandom/LICENSE-APACHE create mode 100644 getrandom/LICENSE-MIT create mode 100644 getrandom/README.md create mode 100644 getrandom/appveyor.yml create mode 100644 getrandom/benches/mod.rs create mode 100644 getrandom/build.rs create mode 100644 getrandom/src/bsd_arandom.rs create mode 100644 getrandom/src/cloudabi.rs create mode 100644 getrandom/src/dummy.rs create mode 100644 getrandom/src/error.rs create mode 100644 getrandom/src/error_impls.rs create mode 100644 getrandom/src/fuchsia.rs create mode 100644 getrandom/src/ios.rs create mode 100644 getrandom/src/lib.rs create mode 100644 getrandom/src/linux_android.rs create mode 100644 getrandom/src/macos.rs create mode 100644 getrandom/src/openbsd.rs create mode 100644 getrandom/src/rdrand.rs create mode 100644 getrandom/src/solaris_illumos.rs create mode 100644 getrandom/src/use_file.rs create mode 100644 getrandom/src/util.rs create mode 100644 getrandom/src/util_libc.rs create mode 100644 getrandom/src/vxworks.rs create mode 100644 getrandom/src/wasi.rs create mode 100644 getrandom/src/wasm32_bindgen.rs create mode 100644 getrandom/src/wasm32_stdweb.rs create mode 100644 getrandom/src/windows.rs create mode 100644 getrandom/src/windows_uwp.rs create mode 100644 getrandom/tests/common.rs create mode 100644 getrandom/utils/ci/install.sh create mode 100644 getrandom/utils/ci/script.sh (limited to 'getrandom') diff --git a/getrandom/.cargo/config b/getrandom/.cargo/config new file mode 100644 index 0000000..291ce5e --- /dev/null +++ b/getrandom/.cargo/config @@ -0,0 +1,5 @@ +[target.wasm32-unknown-unknown] +runner = 'wasm-bindgen-test-runner' + +[target.wasm32-wasi] +runner = 'wasmtime' diff --git a/getrandom/.gitignore b/getrandom/.gitignore new file mode 100644 index 0000000..435eeee --- /dev/null +++ b/getrandom/.gitignore @@ -0,0 +1,6 @@ +/target +**/*.rs.bk +Cargo.lock +*.ts +*.js +*.wasm diff --git a/getrandom/.travis.yml b/getrandom/.travis.yml new file mode 100644 index 0000000..bdd9e72 --- /dev/null +++ b/getrandom/.travis.yml @@ -0,0 +1,221 @@ +language: rust +sudo: false + +matrix: + include: + - name: "Linux, 1.32.0" + rust: 1.32.0 + os: linux + + - name: "OSX, 1.32.0" + rust: 1.32.0 + os: osx + + - name: "Linux, stable" + rust: stable + + - name: "OSX+iOS, stable" + rust: stable + os: osx + install: + - rustup target add aarch64-apple-ios + script: + - cargo test + - cargo test --examples + - cargo build --target aarch64-apple-ios + + - name: "Linux, beta" + rust: beta + + - name: "WASM via emscripten, stdweb, wasm-bindgen and WASI" + rust: nightly + addons: + firefox: latest + chrome: stable + install: + - rustup target add wasm32-unknown-unknown + - rustup target add wasm32-unknown-emscripten + - rustup target add asmjs-unknown-emscripten + - rustup target add wasm32-wasi + # Get latest geckodriver + - export VERSION=$(curl -s https://api.github.com/repos/mozilla/geckodriver/releases/latest | jq -r ".tag_name") + - wget -O geckodriver.tar.gz https://github.com/mozilla/geckodriver/releases/download/$VERSION/geckodriver-$VERSION-linux64.tar.gz + - tar -xzf geckodriver.tar.gz + # Get latest chromedirver + - export VERSION=$(wget -q -O - https://chromedriver.storage.googleapis.com/LATEST_RELEASE) + - wget -O chromedriver.zip https://chromedriver.storage.googleapis.com/$VERSION/chromedriver_linux64.zip + - unzip chromedriver.zip + # Get cargo-web + - export VERSION=0.6.26 # Pin version for stability + - wget -O cargo-web.gz https://github.com/koute/cargo-web/releases/download/$VERSION/cargo-web-x86_64-unknown-linux-gnu.gz + - gunzip cargo-web.gz + - chmod +x cargo-web + # Get wasmtime + - export VERSION=v0.3.0 # Pin version for stability + - wget -O wasmtime.tar.xz https://github.com/CraneStation/wasmtime/releases/download/$VERSION/wasmtime-$VERSION-x86_64-linux.tar.xz + - tar -xf wasmtime.tar.xz --strip-components=1 + # Get wasm-bindgen-test-runner which matches our wasm-bindgen version + - export VERSION=$(cargo metadata --format-version=1 | jq -r '.packages[] | select ( .name == "wasm-bindgen" ) | .version') + - wget -O wasm-bindgen.tar.gz https://github.com/rustwasm/wasm-bindgen/releases/download/$VERSION/wasm-bindgen-$VERSION-x86_64-unknown-linux-musl.tar.gz + - tar -xzf wasm-bindgen.tar.gz --strip-components=1 + # Place the runner binaries in our PATH + - mv cargo-web wasmtime wasm-bindgen-test-runner $HOME/.cargo/bin + # Download and setup emscripten + - cargo web prepare-emscripten + env: EMCC_CFLAGS="-s ERROR_ON_UNDEFINED_SYMBOLS=0" + script: + # We cannot run emscripten test binaries (see rust-lang/rust#63649). + # However, we can still build and link all tests to make sure that works. + # This is actually useful as it finds stuff such as rust-random/rand#669 + - cargo web test --target wasm32-unknown-emscripten --no-run + - cargo web test --target asmjs-unknown-emscripten --no-run + # wasi tests + - cargo test --target wasm32-wasi + # stdweb tests (Node, Chrome) + - cargo web test --nodejs --target=wasm32-unknown-unknown --features=stdweb + - cargo web test --target=wasm32-unknown-unknown --features=stdweb + # wasm-bindgen tests (Node, Firefox, Chrome) + - cargo test --target wasm32-unknown-unknown --features=wasm-bindgen + - GECKODRIVER=$PWD/geckodriver cargo test --target wasm32-unknown-unknown --features=test-in-browser + - CHROMEDRIVER=$PWD/chromedriver cargo test --target wasm32-unknown-unknown --features=test-in-browser + + - name: "Linux, nightly, docs" + rust: nightly + os: linux + install: + - cargo --list | egrep "^\s*deadlinks$" -q || cargo install cargo-deadlinks + - cargo deadlinks -V + script: + - cargo test + - cargo test --benches + - cargo test --examples + # remove cached documentation, otherwise files from previous PRs can get included + - rm -rf target/doc + - cargo doc --no-deps --all --features=std,log + - cargo deadlinks --dir target/doc + # also test minimum dependency versions are usable + - cargo generate-lockfile -Z minimal-versions + - cargo test + + - name: "OSX, nightly, docs" + rust: nightly + os: osx + install: + - cargo --list | egrep "^\s*deadlinks$" -q || cargo install cargo-deadlinks + - cargo deadlinks -V + script: + - cargo test + - cargo test --benches + - cargo test --examples + # remove cached documentation, otherwise files from previous PRs can get included + - rm -rf target/doc + - cargo doc --no-deps --all --features=std,log + - cargo deadlinks --dir target/doc + # also test minimum dependency versions are usable + - cargo generate-lockfile -Z minimal-versions + - cargo test + + - name: "cross-platform build only" + rust: nightly + install: + - rustup target add x86_64-sun-solaris + - rustup target add x86_64-unknown-cloudabi + - rustup target add x86_64-unknown-freebsd + - rustup target add x86_64-fuchsia + - rustup target add x86_64-unknown-netbsd + - rustup target add x86_64-unknown-redox + - rustup target add x86_64-fortanix-unknown-sgx + # For no_std targets + - rustup component add rust-src + - cargo install cargo-xbuild || true + script: + - cargo build --target=x86_64-sun-solaris + - cargo build --target=x86_64-unknown-cloudabi + - cargo build --target=x86_64-unknown-freebsd + - cargo build --target=x86_64-fuchsia + - cargo build --target=x86_64-unknown-netbsd + - cargo build --target=x86_64-unknown-redox + - cargo build --target=x86_64-fortanix-unknown-sgx + - cargo xbuild --target=x86_64-unknown-uefi + - cargo xbuild --target=x86_64-unknown-hermit + - cargo xbuild --target=x86_64-unknown-l4re-uclibc + - cargo xbuild --target=x86_64-wrs-vxworks + # also test minimum dependency versions are usable + - cargo generate-lockfile -Z minimal-versions + - cargo build --target=x86_64-sun-solaris + - cargo build --target=x86_64-unknown-cloudabi + - cargo build --target=x86_64-unknown-freebsd + - cargo build --target=x86_64-fuchsia + - cargo build --target=x86_64-unknown-netbsd + - cargo build --target=x86_64-unknown-redox + - cargo build --target=x86_64-fortanix-unknown-sgx + - cargo xbuild --target=x86_64-unknown-uefi + - cargo xbuild --target=x86_64-unknown-hermit + - cargo xbuild --target=x86_64-unknown-l4re-uclibc + - cargo xbuild --target=x86_64-uwp-windows-gnu + + # Trust cross-built/emulated targets. We must repeat all non-default values. + - name: "Linux (MIPS, big-endian)" + env: TARGET=mips-unknown-linux-gnu + rust: stable + sudo: required + dist: trusty + services: docker + install: + - sh utils/ci/install.sh + - source ~/.cargo/env || true + script: + - bash utils/ci/script.sh + + - name: "Android (ARMv7)" + env: TARGET=armv7-linux-androideabi + rust: stable + sudo: required + dist: trusty + services: docker + install: + - sh utils/ci/install.sh + - source ~/.cargo/env || true + script: + - bash utils/ci/script.sh + + - name: "rustfmt" + rust: stable + install: + - rustup component add rustfmt + script: + - cargo fmt --all -- */*.rs --check + + allow_failures: + # Formatting errors should appear in Travis, but not break the build. + - name: "rustfmt" + +before_install: + - set -e + - rustup self update + +before_script: + - export RUSTFLAGS="-D warnings" + +script: + - cargo test + - cargo test --examples + +after_script: set +e + +cache: + cargo: true + directories: + - .local/share/cargo-web + +before_cache: + # Travis can't cache files that are not readable by "others" + - chmod -R a+r $HOME/.cargo + +notifications: + email: + on_success: never + +branches: + only: + - master diff --git a/getrandom/CHANGELOG.md b/getrandom/CHANGELOG.md new file mode 100644 index 0000000..2f6e9f4 --- /dev/null +++ b/getrandom/CHANGELOG.md @@ -0,0 +1,158 @@ +# Changelog +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## [0.1.13] - 2019-08-25 +### Added +- VxWorks targets support. [#86] + +### Changed +- If zero-length slice is passed to the `getrandom` function, always return +`Ok(())` immediately without doing any calls to the underlying operating +system. [#104] +- Use the `kern.arandom` sysctl on NetBSD. [#115] + +### Fixed +- Bump `cfg-if` minimum version from 0.1.0 to 0.1.2. [#112] +- Typos and bad doc links. [#117] + +[#86]: https://github.com/rust-random/getrandom/pull/86 +[#104]: https://github.com/rust-random/getrandom/pull/104 +[#112]: https://github.com/rust-random/getrandom/pull/112 +[#115]: https://github.com/rust-random/getrandom/pull/115 +[#117]: https://github.com/rust-random/getrandom/pull/117 + +## [0.1.12] - 2019-08-18 +### Changed +- Update wasi dependency from v0.5 to v0.7. [#100] + +[#100]: https://github.com/rust-random/getrandom/pull/100 + +## [0.1.11] - 2019-08-25 +### Fixed +- Implement `std`-dependent traits for selected targets even if `std` +feature is disabled. (backward compatibility with v0.1.8) [#96] + +[#96]: https://github.com/rust-random/getrandom/pull/96 + +## [0.1.10] - 2019-08-18 [YANKED] +### Changed +- Use the dummy implementation on `wasm32-unknown-unknown` even with the +disabled `dummy` feature. [#90] + +### Fixed +- Fix CSP error for `wasm-bindgen`. [#92] + +[#90]: https://github.com/rust-random/getrandom/pull/90 +[#92]: https://github.com/rust-random/getrandom/pull/92 + +## [0.1.9] - 2019-08-14 [YANKED] +### Changed +- Remove `std` dependency for opening and reading files. [#58] +- Use `wasi` isntead of `libc` on WASI target. [#64] +- By default emit a compile-time error when built for an unsupported target. +This behaviour can be disabled by using the `dummy` feature. [#71] + +### Added +- Add support for UWP targets. [#69] +- Add unstable `rustc-dep-of-std` feature. [#78] + +[#58]: https://github.com/rust-random/getrandom/pull/58 +[#64]: https://github.com/rust-random/getrandom/pull/64 +[#69]: https://github.com/rust-random/getrandom/pull/69 +[#71]: https://github.com/rust-random/getrandom/pull/71 +[#78]: https://github.com/rust-random/getrandom/pull/78 + +## [0.1.8] - 2019-07-29 +### Changed +- Explicitly specify types to arguments of 'libc::syscall'. [#74] + +[#74]: https://github.com/rust-random/getrandom/pull/74 + +## [0.1.7] - 2019-07-29 +### Added +- Support for hermit and l4re. [#61] +- `Error::raw_os_error` method, `Error::INTERNAL_START` and +`Error::CUSTOM_START` constants. Use `libc` for retrieving OS error descriptions. [#54] + +### Changed +- Remove `lazy_static` dependency and use custom structures for lock-free +initialization. [#51] [#52] +- Try `getrandom()` first on FreeBSD. [#57] + +### Removed +- Bitrig support. [#56] + +### Deprecated +- `Error::UNKNOWN`, `Error::UNAVAILABLE`. [#54] + +[#51]: https://github.com/rust-random/getrandom/pull/51 +[#52]: https://github.com/rust-random/getrandom/pull/52 +[#54]: https://github.com/rust-random/getrandom/pull/54 +[#56]: https://github.com/rust-random/getrandom/pull/56 +[#57]: https://github.com/rust-random/getrandom/pull/57 +[#61]: https://github.com/rust-random/getrandom/pull/61 + +## [0.1.6] - 2019-06-30 +### Changed +- Minor change of RDRAND AMD bug handling. [#48] + +[#48]: https://github.com/rust-random/getrandom/pull/48 + +## [0.1.5] - 2019-06-29 +### Fixed +- Use shared `File` instead of shared file descriptor. [#44] +- Workaround for RDRAND hardware bug present on some AMD CPUs. [#43] + +### Changed +- Try `getentropy` and then fallback to `/dev/random` on macOS. [#38] + +[#38]: https://github.com/rust-random/getrandom/issues/38 +[#43]: https://github.com/rust-random/getrandom/pull/43 +[#44]: https://github.com/rust-random/getrandom/issues/44 + +## [0.1.4] - 2019-06-28 +### Added +- Add support for `x86_64-unknown-uefi` target by using RDRAND with CPUID +feature detection. [#30] + +### Fixed +- Fix long buffer issues on Windows and Linux. [#31] [#32] +- Check `EPERM` in addition to `ENOSYS` on Linux. [#37] + +### Changed +- Improve efficiency by sharing file descriptor across threads. [#13] +- Remove `cloudabi`, `winapi`, and `fuchsia-cprng` dependencies. [#40] +- Improve RDRAND implementation. [#24] +- Don't block during syscall detection on Linux. [#26] +- Increase consistency with libc implementation on FreeBSD. [#36] +- Apply `rustfmt`. [#39] + +[#30]: https://github.com/rust-random/getrandom/pull/30 +[#13]: https://github.com/rust-random/getrandom/issues/13 +[#40]: https://github.com/rust-random/getrandom/pull/40 +[#26]: https://github.com/rust-random/getrandom/pull/26 +[#24]: https://github.com/rust-random/getrandom/pull/24 +[#39]: https://github.com/rust-random/getrandom/pull/39 +[#36]: https://github.com/rust-random/getrandom/pull/36 +[#31]: https://github.com/rust-random/getrandom/issues/31 +[#32]: https://github.com/rust-random/getrandom/issues/32 +[#37]: https://github.com/rust-random/getrandom/issues/37 + +## [0.1.3] - 2019-05-15 +- Update for `wasm32-unknown-wasi` being renamed to `wasm32-wasi`, and for + WASI being categorized as an OS. + +## [0.1.2] - 2019-04-06 +- Add support for `wasm32-unknown-wasi` target. + +## [0.1.1] - 2019-04-05 +- Enable std functionality for CloudABI by default. + +## [0.1.0] - 2019-03-23 +Publish initial implementation. + +## [0.0.0] - 2019-01-19 +Publish an empty template library. diff --git a/getrandom/Cargo.toml b/getrandom/Cargo.toml new file mode 100644 index 0000000..b159674 --- /dev/null +++ b/getrandom/Cargo.toml @@ -0,0 +1,45 @@ +[package] +name = "getrandom" +version = "0.1.13" +edition = "2018" +authors = ["The Rand Project Developers"] +license = "MIT OR Apache-2.0" +description = "A small cross-platform library for retrieving random data from system source" +documentation = "https://docs.rs/getrandom" +repository = "https://github.com/rust-random/getrandom" +categories = ["os", "no-std"] +exclude = ["utils/*", ".*", "appveyor.yml"] + +[badges] +travis-ci = { repository = "rust-random/getrandom" } +appveyor = { repository = "rust-random/getrandom" } + +[dependencies] +log = { version = "0.4", optional = true } +cfg-if = "0.1.2" + +# When built as part of libstd +compiler_builtins = { version = "0.1", optional = true } +core = { version = "1.0", optional = true, package = "rustc-std-workspace-core" } + +[target.'cfg(unix)'.dependencies] +libc = { version = "0.2.64", default-features = false } + +[target.'cfg(target_os = "wasi")'.dependencies] +wasi = "0.7" + +[target.wasm32-unknown-unknown.dependencies] +wasm-bindgen = { version = "0.2.29", optional = true } +stdweb = { version = "0.4.18", optional = true } + +[target.wasm32-unknown-unknown.dev-dependencies] +wasm-bindgen-test = "0.2" + +[features] +std = [] +# Enables dummy implementation for unsupported targets +dummy = [] +# Unstable feature to support being a libstd dependency +rustc-dep-of-std = ["compiler_builtins", "core"] +# Unstable feature for testing +test-in-browser = ["wasm-bindgen"] diff --git a/getrandom/LICENSE-APACHE b/getrandom/LICENSE-APACHE new file mode 100644 index 0000000..17d7468 --- /dev/null +++ b/getrandom/LICENSE-APACHE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + https://www.apache.org/licenses/ + +TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + +1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + +2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + +3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + +4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + +5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + +6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + +7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + +8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + +9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + +END OF TERMS AND CONDITIONS + +APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + +Copyright [yyyy] [name of copyright owner] + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + https://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/getrandom/LICENSE-MIT b/getrandom/LICENSE-MIT new file mode 100644 index 0000000..d93b5ba --- /dev/null +++ b/getrandom/LICENSE-MIT @@ -0,0 +1,26 @@ +Copyright 2018 Developers of the Rand project +Copyright (c) 2014 The Rust Project Developers + +Permission is hereby granted, free of charge, to any +person obtaining a copy of this software and associated +documentation files (the "Software"), to deal in the +Software without restriction, including without +limitation the rights to use, copy, modify, merge, +publish, distribute, sublicense, and/or sell copies of +the Software, and to permit persons to whom the Software +is furnished to do so, subject to the following +conditions: + +The above copyright notice and this permission notice +shall be included in all copies or substantial portions +of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF +ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED +TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A +PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT +SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY +CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION +OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR +IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER +DEALINGS IN THE SOFTWARE. diff --git a/getrandom/README.md b/getrandom/README.md new file mode 100644 index 0000000..01bbfb5 --- /dev/null +++ b/getrandom/README.md @@ -0,0 +1,78 @@ +# getrandom + +[![Build Status](https://travis-ci.org/rust-random/getrandom.svg?branch=master)](https://travis-ci.org/rust-random/getrandom) +[![Build Status](https://ci.appveyor.com/api/projects/status/github/rust-random/getrandom?svg=true)](https://ci.appveyor.com/project/rust-random/getrandom) +[![Crate](https://img.shields.io/crates/v/getrandom.svg)](https://crates.io/crates/getrandom) +[![Documentation](https://docs.rs/getrandom/badge.svg)](https://docs.rs/getrandom) +[![Dependency status](https://deps.rs/repo/github/rust-random/getrandom/status.svg)](https://deps.rs/repo/github/rust-random/getrandom) + + +A Rust library for retrieving random data from (operating) system source. It is +assumed that system always provides high-quality cryptographically secure random +data, ideally backed by hardware entropy sources. This crate derives its name +from Linux's `getrandom` function, but is cross platform, roughly supporting +the same set of platforms as Rust's `std` lib. + +This is a low-level API. Most users should prefer using high-level random-number +library like [`rand`]. + +[`rand`]: https://crates.io/crates/rand + +## Usage + +Add this to your `Cargo.toml`: + +```toml +[dependencies] +getrandom = "0.1" +``` + +Then invoke the `getrandom` function: + +```rust +fn get_random_buf() -> Result<[u8; 32], getrandom::Error> { + let mut buf = [0u8; 32]; + getrandom::getrandom(&mut buf)?; + Ok(buf) +} +``` + +## Features + +This library is `no_std` for every supported target. However, getting randomness +usually requires calling some external system API. This means most platforms +will require linking against system libraries (i.e. `libc` for Unix, +`Advapi32.dll` for Windows, Security framework on iOS, etc...). + +The `log` library is supported as an optional dependency. If enabled, error +reporting will be improved on some platforms. + +For the `wasm32-unknown-unknown` target, one of the following features should be +enabled: + +- [`wasm-bindgen`](https://crates.io/crates/wasm_bindgen) +- [`stdweb`](https://crates.io/crates/stdweb) + +By default, compiling `getrandom` for an unsupported target will result in +a compilation error. If you want to build an application which uses `getrandom` +for such target, you can either: +- Use [`[replace]`][replace] or [`[patch]`][patch] section in your `Cargo.toml` +to switch to a custom implementation with a support of your target. +- Enable the `dummy` feature to have getrandom use an implementation that always +fails at run-time on unsupported targets. + +[replace]: https://doc.rust-lang.org/cargo/reference/manifest.html#the-replace-section +[patch]: https://doc.rust-lang.org/cargo/reference/manifest.html#the-patch-section + +## Minimum Supported Rust Version + +This crate requires Rust 1.32.0 or later. + +# License + +The `getrandom` library is distributed under either of + + * [Apache License, Version 2.0](LICENSE-APACHE) + * [MIT license](LICENSE-MIT) + +at your option. diff --git a/getrandom/appveyor.yml b/getrandom/appveyor.yml new file mode 100644 index 0000000..7a34e32 --- /dev/null +++ b/getrandom/appveyor.yml @@ -0,0 +1,52 @@ +environment: + + # At the time this was added AppVeyor was having troubles with checking + # revocation of SSL certificates of sites like static.rust-lang.org and what + # we think is crates.io. The libcurl HTTP client by default checks for + # revocation on Windows and according to a mailing list [1] this can be + # disabled. + # + # The `CARGO_HTTP_CHECK_REVOKE` env var here tells cargo to disable SSL + # revocation checking on Windows in libcurl. Note, though, that rustup, which + # we're using to download Rust here, also uses libcurl as the default backend. + # Unlike Cargo, however, rustup doesn't have a mechanism to disable revocation + # checking. To get rustup working we set `RUSTUP_USE_HYPER` which forces it to + # use the Hyper instead of libcurl backend. Both Hyper and libcurl use + # schannel on Windows but it appears that Hyper configures it slightly + # differently such that revocation checking isn't turned on by default. + # + # [1]: https://curl.haxx.se/mail/lib-2016-03/0202.html + RUSTUP_USE_HYPER: 1 + CARGO_HTTP_CHECK_REVOKE: false + + matrix: + - TARGET: x86_64-pc-windows-msvc + CHANNEL: 1.32.0 + - TARGET: x86_64-pc-windows-msvc + CHANNEL: stable + - TARGET: x86_64-pc-windows-msvc + CHANNEL: nightly + - TARGET: i686-pc-windows-msvc + CHANNEL: nightly + - TARGET: x86_64-pc-windows-gnu + CHANNEL: nightly + - TARGET: i686-pc-windows-gnu + CHANNEL: nightly + +install: + - appveyor DownloadFile https://win.rustup.rs/ -FileName rustup-init.exe + - rustup-init.exe -y --default-host %TARGET% --default-toolchain %CHANNEL% + - set PATH=%PATH%;C:\Users\appveyor\.cargo\bin + - rustc -V + - cargo -V + +build: false + +test_script: + - set RUSTFLAGS=-D warnings + - cargo test + - cargo test --examples + +branches: + only: + - master diff --git a/getrandom/benches/mod.rs b/getrandom/benches/mod.rs new file mode 100644 index 0000000..07953f1 --- /dev/null +++ b/getrandom/benches/mod.rs @@ -0,0 +1,23 @@ +#![feature(test)] +extern crate getrandom; +extern crate test; + +#[bench] +fn bench_64(b: &mut test::Bencher) { + let mut buf = [0u8; 64]; + b.iter(|| { + getrandom::getrandom(&mut buf[..]).unwrap(); + test::black_box(&buf); + }); + b.bytes = buf.len() as u64; +} + +#[bench] +fn bench_65536(b: &mut test::Bencher) { + let mut buf = [0u8; 65536]; + b.iter(|| { + getrandom::getrandom(&mut buf[..]).unwrap(); + test::black_box(&buf); + }); + b.bytes = buf.len() as u64; +} diff --git a/getrandom/build.rs b/getrandom/build.rs new file mode 100644 index 0000000..1beb4ed --- /dev/null +++ b/getrandom/build.rs @@ -0,0 +1,19 @@ +#![deny(warnings)] + +use std::env; + +fn main() { + let target = env::var("TARGET").expect("TARGET was not set"); + if target.contains("-uwp-windows-") { + // for BCryptGenRandom + println!("cargo:rustc-link-lib=bcrypt"); + // to work around unavailability of `target_vendor` on Rust 1.33 + println!("cargo:rustc-cfg=getrandom_uwp"); + } else if target.contains("windows") { + // for RtlGenRandom (aka SystemFunction036) + println!("cargo:rustc-link-lib=advapi32"); + } else if target.contains("apple-ios") { + // for SecRandomCopyBytes and kSecRandomDefault + println!("cargo:rustc-link-lib=framework=Security"); + } +} diff --git a/getrandom/src/bsd_arandom.rs b/getrandom/src/bsd_arandom.rs new file mode 100644 index 0000000..eb564ff --- /dev/null +++ b/getrandom/src/bsd_arandom.rs @@ -0,0 +1,49 @@ +// Copyright 2018 Developers of the Rand project. +// +// Licensed under the Apache License, Version 2.0 or the MIT license +// , at your +// option. This file may not be copied, modified, or distributed +// except according to those terms. + +//! Implementation for FreeBSD and NetBSD +use crate::util_libc::sys_fill_exact; +use crate::Error; +use core::ptr; + +fn kern_arnd(buf: &mut [u8]) -> libc::ssize_t { + static MIB: [libc::c_int; 2] = [libc::CTL_KERN, libc::KERN_ARND]; + let mut len = buf.len(); + let ret = unsafe { + libc::sysctl( + MIB.as_ptr(), + MIB.len() as libc::c_uint, + buf.as_mut_ptr() as *mut _, + &mut len, + ptr::null(), + 0, + ) + }; + if ret == -1 { + error!("sysctl kern.arandom: syscall failed"); + -1 + } else { + len as libc::ssize_t + } +} + +pub fn getrandom_inner(dest: &mut [u8]) -> Result<(), Error> { + #[cfg(target_os = "freebsd")] + { + use crate::util_libc::Weak; + static GETRANDOM: Weak = unsafe { Weak::new("getrandom\0") }; + type GetRandomFn = + unsafe extern "C" fn(*mut u8, libc::size_t, libc::c_uint) -> libc::ssize_t; + + if let Some(fptr) = GETRANDOM.ptr() { + let func: GetRandomFn = unsafe { core::mem::transmute(fptr) }; + return sys_fill_exact(dest, |buf| unsafe { func(buf.as_mut_ptr(), buf.len(), 0) }); + } + } + sys_fill_exact(dest, kern_arnd) +} diff --git a/getrandom/src/cloudabi.rs b/getrandom/src/cloudabi.rs new file mode 100644 index 0000000..d3d0928 --- /dev/null +++ b/getrandom/src/cloudabi.rs @@ -0,0 +1,25 @@ +// Copyright 2018 Developers of the Rand project. +// +// Licensed under the Apache License, Version 2.0 or the MIT license +// , at your +// option. This file may not be copied, modified, or distributed +// except according to those terms. + +//! Implementation for CloudABI +use crate::Error; +use core::num::NonZeroU32; + +extern "C" { + fn cloudabi_sys_random_get(buf: *mut u8, buf_len: usize) -> u16; +} + +pub fn getrandom_inner(dest: &mut [u8]) -> Result<(), Error> { + let errno = unsafe { cloudabi_sys_random_get(dest.as_mut_ptr(), dest.len()) }; + if let Some(code) = NonZeroU32::new(errno as u32) { + error!("cloudabi_sys_random_get: failed with {}", errno); + Err(Error::from(code)) + } else { + Ok(()) // Zero means success for CloudABI + } +} diff --git a/getrandom/src/dummy.rs b/getrandom/src/dummy.rs new file mode 100644 index 0000000..0c24ba0 --- /dev/null +++ b/getrandom/src/dummy.rs @@ -0,0 +1,14 @@ +// Copyright 2018 Developers of the Rand project. +// +// Licensed under the Apache License, Version 2.0 or the MIT license +// , at your +// option. This file may not be copied, modified, or distributed +// except according to those terms. + +//! A dummy implementation for unsupported targets which always fails +use crate::{error::UNSUPPORTED, Error}; + +pub fn getrandom_inner(_: &mut [u8]) -> Result<(), Error> { + Err(UNSUPPORTED) +} diff --git a/getrandom/src/error.rs b/getrandom/src/error.rs new file mode 100644 index 0000000..b2cb9a8 --- /dev/null +++ b/getrandom/src/error.rs @@ -0,0 +1,178 @@ +// Copyright 2018 Developers of the Rand project. +// +// Licensed under the Apache License, Version 2.0 or the MIT license +// , at your +// option. This file may not be copied, modified, or distributed +// except according to those terms. +use core::fmt; +use core::num::NonZeroU32; + +/// A small and `no_std` compatible error type. +/// +/// The [`Error::raw_os_error()`] will indicate if the error is from the OS, and +/// if so, which error code the OS gave the application. If such an error is +/// encountered, please consult with your system documentation. +/// +/// Internally this type is a NonZeroU32, with certain values reserved for +/// certain purposes, see [`Error::INTERNAL_START`] and [`Error::CUSTOM_START`]. +#[derive(Copy, Clone, Eq, PartialEq)] +pub struct Error(NonZeroU32); + +impl Error { + #[deprecated(since = "0.1.7")] + /// Unknown error. + pub const UNKNOWN: Error = UNSUPPORTED; + #[deprecated(since = "0.1.7")] + /// System entropy source is unavailable. + pub const UNAVAILABLE: Error = UNSUPPORTED; + + /// Codes below this point represent OS Errors (i.e. positive i32 values). + /// Codes at or above this point, but below [`Error::CUSTOM_START`] are + /// reserved for use by the `rand` and `getrandom` crates. + pub const INTERNAL_START: u32 = 1 << 31; + + /// Codes at or above this point can be used by users to define their own + /// custom errors. + pub const CUSTOM_START: u32 = (1 << 31) + (1 << 30); + + /// Extract the raw OS error code (if this error came from the OS) + /// + /// This method is identical to `std::io::Error::raw_os_error()`, except + /// that it works in `no_std` contexts. If this method returns `None`, the + /// error value can still be formatted via the `Display` implementation. + #[inline] + pub fn raw_os_error(self) -> Option { + if self.0.get() < Self::INTERNAL_START { + Some(self.0.get() as i32) + } else { + None + } + } + + /// Extract the bare error code. + /// + /// This code can either come from the underlying OS, or be a custom error. + /// Use [`Error::raw_os_error()`] to disambiguate. + #[inline] + pub fn code(self) -> NonZeroU32 { + self.0 + } +} + +cfg_if! { + if #[cfg(unix)] { + fn os_err_desc(errno: i32, buf: &mut [u8]) -> Option<&str> { + let buf_ptr = buf.as_mut_ptr() as *mut libc::c_char; + if unsafe { libc::strerror_r(errno, buf_ptr, buf.len()) } != 0 { + return None; + } + + // Take up to trailing null byte + let n = buf.len(); + let idx = buf.iter().position(|&b| b == 0).unwrap_or(n); + core::str::from_utf8(&buf[..idx]).ok() + } + } else if #[cfg(target_os = "wasi")] { + fn os_err_desc(errno: i32, _buf: &mut [u8]) -> Option<&str> { + core::num::NonZeroU16::new(errno as u16) + .and_then(wasi::wasi_unstable::error_str) + } + } else { + fn os_err_desc(_errno: i32, _buf: &mut [u8]) -> Option<&str> { + None + } + } +} + +impl fmt::Debug for Error { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + let mut dbg = f.debug_struct("Error"); + if let Some(errno) = self.raw_os_error() { + dbg.field("os_error", &errno); + let mut buf = [0u8; 128]; + if let Some(desc) = os_err_desc(errno, &mut buf) { + dbg.field("description", &desc); + } + } else if let Some(desc) = internal_desc(*self) { + dbg.field("internal_code", &self.0.get()); + dbg.field("description", &desc); + } else { + dbg.field("unknown_code", &self.0.get()); + } + dbg.finish() + } +} + +impl fmt::Display for Error { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + if let Some(errno) = self.raw_os_error() { + let mut buf = [0u8; 128]; + match os_err_desc(errno, &mut buf) { + Some(desc) => f.write_str(desc), + None => write!(f, "OS Error: {}", errno), + } + } else if let Some(desc) = internal_desc(*self) { + f.write_str(desc) + } else { + write!(f, "Unknown Error: {}", self.0.get()) + } + } +} + +impl From for Error { + fn from(code: NonZeroU32) -> Self { + Self(code) + } +} + +// TODO: Convert to a function when min_version >= 1.33 +macro_rules! internal_error { + ($n:expr) => { + Error(unsafe { NonZeroU32::new_unchecked(Error::INTERNAL_START + $n as u16 as u32) }) + }; +} + +/// Internal Error constants +pub(crate) const UNSUPPORTED: Error = internal_error!(0); +pub(crate) const ERRNO_NOT_POSITIVE: Error = internal_error!(1); +pub(crate) const UNKNOWN_IO_ERROR: Error = internal_error!(2); +pub(crate) const SEC_RANDOM_FAILED: Error = internal_error!(3); +pub(crate) const RTL_GEN_RANDOM_FAILED: Error = internal_error!(4); +pub(crate) const FAILED_RDRAND: Error = internal_error!(5); +pub(crate) const NO_RDRAND: Error = internal_error!(6); +pub(crate) const BINDGEN_CRYPTO_UNDEF: Error = internal_error!(7); +pub(crate) const BINDGEN_GRV_UNDEF: Error = internal_error!(8); +pub(crate) const STDWEB_NO_RNG: Error = internal_error!(9); +pub(crate) const STDWEB_RNG_FAILED: Error = internal_error!(10); +pub(crate) const RAND_SECURE_FATAL: Error = internal_error!(11); + +fn internal_desc(error: Error) -> Option<&'static str> { + match error { + UNSUPPORTED => Some("getrandom: this target is not supported"), + ERRNO_NOT_POSITIVE => Some("errno: did not return a positive value"), + UNKNOWN_IO_ERROR => Some("Unknown std::io::Error"), + SEC_RANDOM_FAILED => Some("SecRandomCopyBytes: call failed"), + RTL_GEN_RANDOM_FAILED => Some("RtlGenRandom: call failed"), + FAILED_RDRAND => Some("RDRAND: failed multiple times: CPU issue likely"), + NO_RDRAND => Some("RDRAND: instruction not supported"), + BINDGEN_CRYPTO_UNDEF => Some("wasm-bindgen: self.crypto is undefined"), + BINDGEN_GRV_UNDEF => Some("wasm-bindgen: crypto.getRandomValues is undefined"), + STDWEB_NO_RNG => Some("stdweb: no randomness source available"), + STDWEB_RNG_FAILED => Some("stdweb: failed to get randomness"), + RAND_SECURE_FATAL => Some("randSecure: random number generator module is not initialized"), + _ => None, + } +} + +#[cfg(test)] +mod tests { + use super::Error; + use core::mem::size_of; + + #[test] + fn test_size() { + assert_eq!(size_of::(), 4); + assert_eq!(size_of::>(), 4); + } +} diff --git a/getrandom/src/error_impls.rs b/getrandom/src/error_impls.rs new file mode 100644 index 0000000..007472e --- /dev/null +++ b/getrandom/src/error_impls.rs @@ -0,0 +1,35 @@ +// Copyright 2018 Developers of the Rand project. +// +// Licensed under the Apache License, Version 2.0 or the MIT license +// , at your +// option. This file may not be copied, modified, or distributed +// except according to those terms. +extern crate std; + +use crate::{error::UNKNOWN_IO_ERROR, Error}; +use core::convert::From; +use core::num::NonZeroU32; +use std::io; + +impl From for Error { + fn from(err: io::Error) -> Self { + if let Some(errno) = err.raw_os_error() { + if let Some(code) = NonZeroU32::new(errno as u32) { + return Error::from(code); + } + } + UNKNOWN_IO_ERROR + } +} + +impl From for io::Error { + fn from(err: Error) -> Self { + match err.raw_os_error() { + Some(errno) => io::Error::from_raw_os_error(errno), + None => io::Error::new(io::ErrorKind::Other, err), + } + } +} + +impl std::error::Error for Error {} diff --git a/getrandom/src/fuchsia.rs b/getrandom/src/fuchsia.rs new file mode 100644 index 0000000..572ff53 --- /dev/null +++ b/getrandom/src/fuchsia.rs @@ -0,0 +1,20 @@ +// Copyright 2018 Developers of the Rand project. +// +// Licensed under the Apache License, Version 2.0 or the MIT license +// , at your +// option. This file may not be copied, modified, or distributed +// except according to those terms. + +//! Implementation for Fuchsia Zircon +use crate::Error; + +#[link(name = "zircon")] +extern "C" { + fn zx_cprng_draw(buffer: *mut u8, length: usize); +} + +pub fn getrandom_inner(dest: &mut [u8]) -> Result<(), Error> { + unsafe { zx_cprng_draw(dest.as_mut_ptr(), dest.len()) } + Ok(()) +} diff --git a/getrandom/src/ios.rs b/getrandom/src/ios.rs new file mode 100644 index 0000000..30c008c --- /dev/null +++ b/getrandom/src/ios.rs @@ -0,0 +1,31 @@ +// Copyright 2018 Developers of the Rand project. +// +// Licensed under the Apache License, Version 2.0 or the MIT license +// , at your +// option. This file may not be copied, modified, or distributed +// except according to those terms. + +//! Implementation for iOS +use crate::{error::SEC_RANDOM_FAILED, Error}; + +// TODO: Make extern once extern_types feature is stabilized. See: +// https://github.com/rust-lang/rust/issues/43467 +#[repr(C)] +struct SecRandom([u8; 0]); + +#[link(name = "Security", kind = "framework")] +extern "C" { + static kSecRandomDefault: *const SecRandom; + + fn SecRandomCopyBytes(rnd: *const SecRandom, count: usize, bytes: *mut u8) -> i32; +} + +pub fn getrandom_inner(dest: &mut [u8]) -> Result<(), Error> { + let ret = unsafe { SecRandomCopyBytes(kSecRandomDefault, dest.len(), dest.as_mut_ptr()) }; + if ret == -1 { + Err(SEC_RANDOM_FAILED) + } else { + Ok(()) + } +} diff --git a/getrandom/src/lib.rs b/getrandom/src/lib.rs new file mode 100644 index 0000000..c305406 --- /dev/null +++ b/getrandom/src/lib.rs @@ -0,0 +1,282 @@ +// Copyright 2019 Developers of the Rand project. +// +// Licensed under the Apache License, Version 2.0 or the MIT license +// , at your +// option. This file may not be copied, modified, or distributed +// except according to those terms. + +//! Interface to the random number generator of the operating system. +//! +//! # Platform sources +//! +//! | OS | interface +//! |------------------|--------------------------------------------------------- +//! | Linux, Android | [`getrandom`][1] system call if available, otherwise [`/dev/urandom`][2] after successfully polling `/dev/random` +//! | Windows | [`RtlGenRandom`][3] +//! | macOS | [`getentropy()`][19] if available, otherwise [`/dev/random`][20] (identical to `/dev/urandom`) +//! | iOS | [`SecRandomCopyBytes`][4] +//! | FreeBSD | [`getrandom()`][21] if available, otherwise [`kern.arandom`][5] +//! | OpenBSD | [`getentropy`][6] +//! | NetBSD | [`kern.arandom`][7] +//! | Dragonfly BSD | [`/dev/random`][8] +//! | Solaris, illumos | [`getrandom`][9] system call if available, otherwise [`/dev/random`][10] +//! | Fuchsia OS | [`cprng_draw`][11] +//! | Redox | [`rand:`][12] +//! | CloudABI | [`cloudabi_sys_random_get`][13] +//! | Haiku | `/dev/random` (identical to `/dev/urandom`) +//! | L4RE, SGX, UEFI | [RDRAND][18] +//! | Hermit | [RDRAND][18] as [`sys_rand`][22] is currently broken. +//! | VxWorks | `randABytes` after checking entropy pool initialization with `randSecure` +//! | Web browsers | [`Crypto.getRandomValues`][14] (see [Support for WebAssembly and asm.js][16]) +//! | Node.js | [`crypto.randomBytes`][15] (see [Support for WebAssembly and asm.js][16]) +//! | WASI | [`__wasi_random_get`][17] +//! +//! Getrandom doesn't have a blanket implementation for all Unix-like operating +//! systems that reads from `/dev/urandom`. This ensures all supported operating +//! systems are using the recommended interface and respect maximum buffer +//! sizes. +//! +//! ## Unsupported targets +//! +//! By default, compiling `getrandom` for an unsupported target will result in +//! a compilation error. If you want to build an application which uses `getrandom` +//! for such target, you can either: +//! - Use [`[replace]`][replace] or [`[patch]`][patch] section in your `Cargo.toml` +//! to switch to a custom implementation with a support of your target. +//! - Enable the `dummy` feature to have getrandom use an implementation that always +//! fails at run-time on unsupported targets. +//! +//! [replace]: https://doc.rust-lang.org/cargo/reference/manifest.html#the-replace-section +//! [patch]: https://doc.rust-lang.org/cargo/reference/manifest.html#the-patch-section +//! +//! ## Support for WebAssembly and asm.js +//! +//! Getrandom supports all of Rust's current `wasm32` targets, and it works with +//! both Node.js and web browsers. The three Emscripten targets +//! `asmjs-unknown-emscripten`, `wasm32-unknown-emscripten`, and +//! `wasm32-experimental-emscripten` use Emscripten's `/dev/random` emulation. +//! The WASI target `wasm32-wasi` uses the [`__wasi_random_get`][17] function +//! defined by the WASI standard. +//! +//! Getrandom also supports `wasm32-unknown-unknown` by directly calling +//! JavaScript methods. Rust currently has two ways to do this: [bindgen] and +//! [stdweb]. Getrandom supports using either one by enabling the +//! `wasm-bindgen` or `stdweb` crate features. Note that if both features are +//! enabled, `wasm-bindgen` will be used. If neither feature is enabled, calls +//! to `getrandom` will always fail at runtime. +//! +//! [bindgen]: https://github.com/rust-lang/rust-bindgen +//! [stdweb]: https://github.com/koute/stdweb +//! +//! ## Early boot +//! +//! It is possible that early in the boot process the OS hasn't had enough time +//! yet to collect entropy to securely seed its RNG, especially on virtual +//! machines. +//! +//! Some operating systems always block the thread until the RNG is securely +//! seeded. This can take anywhere from a few seconds to more than a minute. +//! Others make a best effort to use a seed from before the shutdown and don't +//! document much. +//! +//! A few, Linux, NetBSD and Solaris, offer a choice between blocking and +//! getting an error; in these cases we always choose to block. +//! +//! On Linux (when the `getrandom` system call is not available) and on NetBSD +//! reading from `/dev/urandom` never blocks, even when the OS hasn't collected +//! enough entropy yet. To avoid returning low-entropy bytes, we first read from +//! `/dev/random` and only switch to `/dev/urandom` once this has succeeded. +//! +//! # Error handling +//! +//! We always choose failure over returning insecure "random" bytes. In general, +//! on supported platforms, failure is highly unlikely, though not impossible. +//! If an error does occur, then it is likely that it will occur on every call to +//! `getrandom`, hence after the first successful call one can be reasonably +//! confident that no errors will occur. +//! +//! On unsupported platforms, `getrandom` always fails. See the [`Error`] type +//! for more information on what data is returned on failure. +//! +//! [1]: http://man7.org/linux/man-pages/man2/getrandom.2.html +//! [2]: http://man7.org/linux/man-pages/man4/urandom.4.html +//! [3]: https://docs.microsoft.com/en-us/windows/desktop/api/ntsecapi/nf-ntsecapi-rtlgenrandom +//! [4]: https://developer.apple.com/documentation/security/1399291-secrandomcopybytes?language=objc +//! [5]: https://www.freebsd.org/cgi/man.cgi?query=random&sektion=4 +//! [6]: https://man.openbsd.org/getentropy.2 +//! [7]: https://netbsd.gw.com/cgi-bin/man-cgi?sysctl+7+NetBSD-8.0 +//! [8]: https://leaf.dragonflybsd.org/cgi/web-man?command=random§ion=4 +//! [9]: https://docs.oracle.com/cd/E88353_01/html/E37841/getrandom-2.html +//! [10]: https://docs.oracle.com/cd/E86824_01/html/E54777/random-7d.html +//! [11]: https://fuchsia.dev/fuchsia-src/zircon/syscalls/cprng_draw +//! [12]: https://github.com/redox-os/randd/blob/master/src/main.rs +//! [13]: https://github.com/nuxinl/cloudabi#random_get +//! [14]: https://www.w3.org/TR/WebCryptoAPI/#Crypto-method-getRandomValues +//! [15]: https://nodejs.org/api/crypto.html#crypto_crypto_randombytes_size_callback +//! [16]: #support-for-webassembly-and-asmjs +//! [17]: https://github.com/WebAssembly/WASI/blob/master/design/WASI-core.md#__wasi_random_get +//! [18]: https://software.intel.com/en-us/articles/intel-digital-random-number-generator-drng-software-implementation-guide +//! [19]: https://www.unix.com/man-page/mojave/2/getentropy/ +//! [20]: https://www.unix.com/man-page/mojave/4/random/ +//! [21]: https://www.freebsd.org/cgi/man.cgi?query=getrandom&manpath=FreeBSD+12.0-stable +//! [22]: https://github.com/hermitcore/libhermit-rs/blob/09c38b0371cee6f56a541400ba453e319e43db53/src/syscalls/random.rs#L21 + +#![doc( + html_logo_url = "https://www.rust-lang.org/logos/rust-logo-128x128-blk.png", + html_favicon_url = "https://www.rust-lang.org/favicon.ico", + html_root_url = "https://rust-random.github.io/rand/" +)] +#![no_std] +#![cfg_attr(feature = "stdweb", recursion_limit = "128")] +#![warn(rust_2018_idioms, unused_lifetimes, missing_docs)] + +#[macro_use] +extern crate cfg_if; + +cfg_if! { + if #[cfg(feature = "log")] { + #[allow(unused)] + #[macro_use] + extern crate log; + } else { + #[allow(unused)] + macro_rules! error { + ($($x:tt)*) => {}; + } + #[allow(unused)] + macro_rules! warn { + ($($x:tt)*) => {}; + } + #[allow(unused)] + macro_rules! info { + ($($x:tt)*) => {}; + } + } +} + +mod error; +pub use crate::error::Error; + +#[allow(dead_code)] +mod util; + +#[cfg(target_os = "vxworks")] +#[allow(dead_code)] +mod util_libc; + +cfg_if! { + // Unlike the other Unix, Fuchsia and iOS don't use the libc to make any calls. + if #[cfg(any(target_os = "android", target_os = "dragonfly", target_os = "emscripten", + target_os = "freebsd", target_os = "haiku", target_os = "illumos", + target_os = "linux", target_os = "macos", target_os = "netbsd", + target_os = "openbsd", target_os = "redox", target_os = "solaris"))] { + #[allow(dead_code)] + mod util_libc; + // Keep std-only trait definitions for backwards compatibility + mod error_impls; + } else if #[cfg(feature = "std")] { + mod error_impls; + } +} + +// These targets read from a file as a fallback method. +#[cfg(any( + target_os = "android", + target_os = "linux", + target_os = "macos", + target_os = "solaris", + target_os = "illumos", +))] +mod use_file; + +// System-specific implementations. +// +// These should all provide getrandom_inner with the same signature as getrandom. +cfg_if! { + if #[cfg(target_os = "android")] { + #[path = "linux_android.rs"] mod imp; + } else if #[cfg(target_os = "cloudabi")] { + #[path = "cloudabi.rs"] mod imp; + } else if #[cfg(target_os = "dragonfly")] { + #[path = "use_file.rs"] mod imp; + } else if #[cfg(target_os = "emscripten")] { + #[path = "use_file.rs"] mod imp; + } else if #[cfg(target_os = "freebsd")] { + #[path = "bsd_arandom.rs"] mod imp; + } else if #[cfg(target_os = "fuchsia")] { + #[path = "fuchsia.rs"] mod imp; + } else if #[cfg(target_os = "haiku")] { + #[path = "use_file.rs"] mod imp; + } else if #[cfg(target_os = "illumos")] { + #[path = "solaris_illumos.rs"] mod imp; + } else if #[cfg(target_os = "ios")] { + #[path = "ios.rs"] mod imp; + } else if #[cfg(target_os = "linux")] { + #[path = "linux_android.rs"] mod imp; + } else if #[cfg(target_os = "macos")] { + #[path = "macos.rs"] mod imp; + } else if #[cfg(target_os = "netbsd")] { + #[path = "bsd_arandom.rs"] mod imp; + } else if #[cfg(target_os = "openbsd")] { + #[path = "openbsd.rs"] mod imp; + } else if #[cfg(target_os = "redox")] { + #[path = "use_file.rs"] mod imp; + } else if #[cfg(target_os = "solaris")] { + #[path = "solaris_illumos.rs"] mod imp; + } else if #[cfg(target_os = "wasi")] { + #[path = "wasi.rs"] mod imp; + } else if #[cfg(target_os = "vxworks")] { + #[path = "vxworks.rs"] mod imp; + } else if #[cfg(all(windows, getrandom_uwp))] { + #[path = "windows_uwp.rs"] mod imp; + } else if #[cfg(windows)] { + #[path = "windows.rs"] mod imp; + } else if #[cfg(all(target_arch = "x86_64", any( + target_os = "hermit", + target_os = "l4re", + target_os = "uefi", + target_env = "sgx", + )))] { + #[path = "rdrand.rs"] mod imp; + } else if #[cfg(all(target_arch = "wasm32", target_os = "unknown"))] { + cfg_if! { + if #[cfg(feature = "wasm-bindgen")] { + #[path = "wasm32_bindgen.rs"] mod imp; + } else if #[cfg(feature = "stdweb")] { + #[path = "wasm32_stdweb.rs"] mod imp; + } else { + // Always have an implementation for wasm32-unknown-unknown. + // See https://github.com/rust-random/getrandom/issues/87 + #[path = "dummy.rs"] mod imp; + } + } + } else if #[cfg(feature = "dummy")] { + #[path = "dummy.rs"] mod imp; + } else { + compile_error!("\ + target is not supported, for more information see: \ + https://docs.rs/getrandom/#unsupported-targets\ + "); + } +} + +/// Fill `dest` with random bytes from the system's preferred random number +/// source. +/// +/// This function returns an error on any failure, including partial reads. We +/// make no guarantees regarding the contents of `dest` on error. If `dest` is +/// empty, `getrandom` immediately returns success, making no calls to the +/// underlying operating system. +/// +/// Blocking is possible, at least during early boot; see module documentation. +/// +/// In general, `getrandom` will be fast enough for interactive usage, though +/// significantly slower than a user-space CSPRNG; for the latter consider +/// [`rand::thread_rng`](https://docs.rs/rand/*/rand/fn.thread_rng.html). +pub fn getrandom(dest: &mut [u8]) -> Result<(), error::Error> { + if dest.is_empty() { + return Ok(()); + } + imp::getrandom_inner(dest) +} diff --git a/getrandom/src/linux_android.rs b/getrandom/src/linux_android.rs new file mode 100644 index 0000000..a29feb5 --- /dev/null +++ b/getrandom/src/linux_android.rs @@ -0,0 +1,44 @@ +// Copyright 2018 Developers of the Rand project. +// +// Licensed under the Apache License, Version 2.0 or the MIT license +// , at your +// option. This file may not be copied, modified, or distributed +// except according to those terms. + +//! Implementation for Linux / Android +use crate::util::LazyBool; +use crate::util_libc::{last_os_error, sys_fill_exact}; +use crate::{use_file, Error}; + +pub fn getrandom_inner(dest: &mut [u8]) -> Result<(), Error> { + static HAS_GETRANDOM: LazyBool = LazyBool::new(); + if HAS_GETRANDOM.unsync_init(is_getrandom_available) { + sys_fill_exact(dest, |buf| unsafe { + getrandom(buf.as_mut_ptr() as *mut libc::c_void, buf.len(), 0) + }) + } else { + use_file::getrandom_inner(dest) + } +} + +fn is_getrandom_available() -> bool { + let res = unsafe { getrandom(core::ptr::null_mut(), 0, libc::GRND_NONBLOCK) }; + if res < 0 { + match last_os_error().raw_os_error() { + Some(libc::ENOSYS) => false, // No kernel support + Some(libc::EPERM) => false, // Blocked by seccomp + _ => true, + } + } else { + true + } +} + +unsafe fn getrandom( + buf: *mut libc::c_void, + buflen: libc::size_t, + flags: libc::c_uint, +) -> libc::ssize_t { + libc::syscall(libc::SYS_getrandom, buf, buflen, flags) as libc::ssize_t +} diff --git a/getrandom/src/macos.rs b/getrandom/src/macos.rs new file mode 100644 index 0000000..c3bc533 --- /dev/null +++ b/getrandom/src/macos.rs @@ -0,0 +1,34 @@ +// Copyright 2019 Developers of the Rand project. +// +// Licensed under the Apache License, Version 2.0 or the MIT license +// , at your +// option. This file may not be copied, modified, or distributed +// except according to those terms. + +//! Implementation for macOS +use crate::util_libc::{last_os_error, Weak}; +use crate::{use_file, Error}; +use core::mem; + +type GetEntropyFn = unsafe extern "C" fn(*mut u8, libc::size_t) -> libc::c_int; + +pub fn getrandom_inner(dest: &mut [u8]) -> Result<(), Error> { + static GETENTROPY: Weak = unsafe { Weak::new("getentropy\0") }; + if let Some(fptr) = GETENTROPY.ptr() { + let func: GetEntropyFn = unsafe { mem::transmute(fptr) }; + for chunk in dest.chunks_mut(256) { + let ret = unsafe { func(chunk.as_mut_ptr(), chunk.len()) }; + if ret != 0 { + let err = last_os_error(); + error!("getentropy syscall failed"); + return Err(err); + } + } + Ok(()) + } else { + // We fallback to reading from /dev/random instead of SecRandomCopyBytes + // to avoid high startup costs and linking the Security framework. + use_file::getrandom_inner(dest) + } +} diff --git a/getrandom/src/openbsd.rs b/getrandom/src/openbsd.rs new file mode 100644 index 0000000..e1ac179 --- /dev/null +++ b/getrandom/src/openbsd.rs @@ -0,0 +1,23 @@ +// Copyright 2018 Developers of the Rand project. +// +// Licensed under the Apache License, Version 2.0 or the MIT license +// , at your +// option. This file may not be copied, modified, or distributed +// except according to those terms. + +//! Implementation for OpenBSD +use crate::util_libc::last_os_error; +use crate::Error; + +pub fn getrandom_inner(dest: &mut [u8]) -> Result<(), Error> { + for chunk in dest.chunks_mut(256) { + let ret = unsafe { libc::getentropy(chunk.as_mut_ptr() as *mut libc::c_void, chunk.len()) }; + if ret == -1 { + let err = last_os_error(); + error!("libc::getentropy call failed"); + return Err(err); + } + } + Ok(()) +} diff --git a/getrandom/src/rdrand.rs b/getrandom/src/rdrand.rs new file mode 100644 index 0000000..e441682 --- /dev/null +++ b/getrandom/src/rdrand.rs @@ -0,0 +1,90 @@ +// Copyright 2018 Developers of the Rand project. +// +// Licensed under the Apache License, Version 2.0 or the MIT license +// , at your +// option. This file may not be copied, modified, or distributed +// except according to those terms. + +//! Implementation for SGX using RDRAND instruction +use crate::error::{FAILED_RDRAND, NO_RDRAND}; +#[cfg(not(target_feature = "rdrand"))] +use crate::util::LazyBool; +use crate::Error; +use core::arch::x86_64::_rdrand64_step; +use core::mem; + +// Recommendation from "Intel® Digital Random Number Generator (DRNG) Software +// Implementation Guide" - Section 5.2.1 and "Intel® 64 and IA-32 Architectures +// Software Developer’s Manual" - Volume 1 - Section 7.3.17.1. +const RETRY_LIMIT: usize = 10; +const WORD_SIZE: usize = mem::size_of::(); + +#[target_feature(enable = "rdrand")] +unsafe fn rdrand() -> Result<[u8; WORD_SIZE], Error> { + for _ in 0..RETRY_LIMIT { + let mut el = mem::zeroed(); + if _rdrand64_step(&mut el) == 1 { + // AMD CPUs from families 14h to 16h (pre Ryzen) sometimes fail to + // set CF on bogus random data, so we check these values explicitly. + // See https://github.com/systemd/systemd/issues/11810#issuecomment-489727505 + // We perform this check regardless of target to guard against + // any implementation that incorrectly fails to set CF. + if el != 0 && el != !0 { + return Ok(el.to_ne_bytes()); + } + error!("RDRAND returned {:X}, CPU RNG may be broken", el); + // Keep looping in case this was a false positive. + } + } + Err(FAILED_RDRAND) +} + +// "rdrand" target feature requires "+rdrnd" flag, see https://github.com/rust-lang/rust/issues/49653. +#[cfg(all(target_env = "sgx", not(target_feature = "rdrand")))] +compile_error!( + "SGX targets require 'rdrand' target feature. Enable by using -C target-feature=+rdrnd." +); + +#[cfg(target_feature = "rdrand")] +fn is_rdrand_supported() -> bool { + true +} + +// TODO use is_x86_feature_detected!("rdrand") when that works in core. See: +// https://github.com/rust-lang-nursery/stdsimd/issues/464 +#[cfg(not(target_feature = "rdrand"))] +fn is_rdrand_supported() -> bool { + use core::arch::x86_64::__cpuid; + // SAFETY: All x86_64 CPUs support CPUID leaf 1 + const FLAG: u32 = 1 << 30; + static HAS_RDRAND: LazyBool = LazyBool::new(); + HAS_RDRAND.unsync_init(|| unsafe { (__cpuid(1).ecx & FLAG) != 0 }) +} + +pub fn getrandom_inner(dest: &mut [u8]) -> Result<(), Error> { + if !is_rdrand_supported() { + return Err(NO_RDRAND); + } + + // SAFETY: After this point, rdrand is supported, so calling the rdrand + // functions is not undefined behavior. + unsafe { rdrand_exact(dest) } +} + +#[target_feature(enable = "rdrand")] +unsafe fn rdrand_exact(dest: &mut [u8]) -> Result<(), Error> { + // We use chunks_exact_mut instead of chunks_mut as it allows almost all + // calls to memcpy to be elided by the compiler. + let mut chunks = dest.chunks_exact_mut(WORD_SIZE); + for chunk in chunks.by_ref() { + chunk.copy_from_slice(&rdrand()?); + } + + let tail = chunks.into_remainder(); + let n = tail.len(); + if n > 0 { + tail.copy_from_slice(&rdrand()?[..n]); + } + Ok(()) +} diff --git a/getrandom/src/solaris_illumos.rs b/getrandom/src/solaris_illumos.rs new file mode 100644 index 0000000..9473123 --- /dev/null +++ b/getrandom/src/solaris_illumos.rs @@ -0,0 +1,44 @@ +// Copyright 2018 Developers of the Rand project. +// +// Licensed under the Apache License, Version 2.0 or the MIT license +// , at your +// option. This file may not be copied, modified, or distributed +// except according to those terms. + +//! Implementation for the Solaris family +//! +//! Read from `/dev/random`, with chunks of limited size (256 bytes). +//! `/dev/random` uses the Hash_DRBG with SHA512 algorithm from NIST SP 800-90A. +//! `/dev/urandom` uses the FIPS 186-2 algorithm, which is considered less +//! secure. We choose to read from `/dev/random`. +//! +//! Since Solaris 11.3 and mid-2015 illumos, the `getrandom` syscall is available. +//! To make sure we can compile on both Solaris and its derivatives, as well as +//! function, we check for the existence of getrandom(2) in libc by calling +//! libc::dlsym. +use crate::util_libc::{sys_fill_exact, Weak}; +use crate::{use_file, Error}; +use core::mem; + +#[cfg(target_os = "illumos")] +type GetRandomFn = unsafe extern "C" fn(*mut u8, libc::size_t, libc::c_uint) -> libc::ssize_t; +#[cfg(target_os = "solaris")] +type GetRandomFn = unsafe extern "C" fn(*mut u8, libc::size_t, libc::c_uint) -> libc::c_int; + +pub fn getrandom_inner(dest: &mut [u8]) -> Result<(), Error> { + static GETRANDOM: Weak = unsafe { Weak::new("getrandom\0") }; + if let Some(fptr) = GETRANDOM.ptr() { + let func: GetRandomFn = unsafe { mem::transmute(fptr) }; + // 256 bytes is the lowest common denominator across all the Solaris + // derived platforms for atomically obtaining random data. + for chunk in dest.chunks_mut(256) { + sys_fill_exact(chunk, |buf| unsafe { + func(buf.as_mut_ptr(), buf.len(), 0) as libc::ssize_t + })? + } + Ok(()) + } else { + use_file::getrandom_inner(dest) + } +} diff --git a/getrandom/src/use_file.rs b/getrandom/src/use_file.rs new file mode 100644 index 0000000..d3adaf2 --- /dev/null +++ b/getrandom/src/use_file.rs @@ -0,0 +1,73 @@ +// Copyright 2018 Developers of the Rand project. +// +// Licensed under the Apache License, Version 2.0 or the MIT license +// , at your +// option. This file may not be copied, modified, or distributed +// except according to those terms. + +//! Implementations that just need to read from a file +use crate::util_libc::{last_os_error, open_readonly, sys_fill_exact, LazyFd}; +use crate::Error; + +#[cfg(target_os = "redox")] +const FILE_PATH: &str = "rand:\0"; +#[cfg(any( + target_os = "dragonfly", + target_os = "emscripten", + target_os = "haiku", + target_os = "macos", + target_os = "solaris", + target_os = "illumos" +))] +const FILE_PATH: &str = "/dev/random\0"; + +pub fn getrandom_inner(dest: &mut [u8]) -> Result<(), Error> { + static FD: LazyFd = LazyFd::new(); + let fd = FD.init(init_file).ok_or_else(last_os_error)?; + let read = |buf: &mut [u8]| unsafe { libc::read(fd, buf.as_mut_ptr() as *mut _, buf.len()) }; + + if cfg!(target_os = "emscripten") { + // `Crypto.getRandomValues` documents `dest` should be at most 65536 bytes. + for chunk in dest.chunks_mut(65536) { + sys_fill_exact(chunk, read)?; + } + } else { + sys_fill_exact(dest, read)?; + } + Ok(()) +} + +cfg_if! { + if #[cfg(any(target_os = "android", target_os = "linux"))] { + fn init_file() -> Option { + // Poll /dev/random to make sure it is ok to read from /dev/urandom. + let mut pfd = libc::pollfd { + fd: unsafe { open_readonly("/dev/random\0")? }, + events: libc::POLLIN, + revents: 0, + }; + + let ret = loop { + // A negative timeout means an infinite timeout. + let res = unsafe { libc::poll(&mut pfd, 1, -1) }; + if res == 1 { + break unsafe { open_readonly("/dev/urandom\0") }; + } else if res < 0 { + let e = last_os_error().raw_os_error(); + if e == Some(libc::EINTR) || e == Some(libc::EAGAIN) { + continue; + } + } + // We either hard failed, or poll() returned the wrong pfd. + break None; + }; + unsafe { libc::close(pfd.fd) }; + ret + } + } else { + fn init_file() -> Option { + unsafe { open_readonly(FILE_PATH) } + } + } +} diff --git a/getrandom/src/util.rs b/getrandom/src/util.rs new file mode 100644 index 0000000..e0e9307 --- /dev/null +++ b/getrandom/src/util.rs @@ -0,0 +1,96 @@ +// Copyright 2019 Developers of the Rand project. +// +// Licensed under the Apache License, Version 2.0 or the MIT license +// , at your +// option. This file may not be copied, modified, or distributed +// except according to those terms. + +use core::sync::atomic::{AtomicUsize, Ordering::Relaxed}; + +// This structure represents a lazily initialized static usize value. Useful +// when it is preferable to just rerun initialization instead of locking. +// Both unsync_init and sync_init will invoke an init() function until it +// succeeds, then return the cached value for future calls. +// +// Both methods support init() "failing". If the init() method returns UNINIT, +// that value will be returned as normal, but will not be cached. +// +// Users should only depend on the _value_ returned by init() functions. +// Specifically, for the following init() function: +// fn init() -> usize { +// a(); +// let v = b(); +// c(); +// v +// } +// the effects of c() or writes to shared memory will not necessarily be +// observed and additional synchronization methods with be needed. +pub struct LazyUsize(AtomicUsize); + +impl LazyUsize { + pub const fn new() -> Self { + Self(AtomicUsize::new(Self::UNINIT)) + } + + // The initialization is not completed. + pub const UNINIT: usize = usize::max_value(); + // The initialization is currently running. + pub const ACTIVE: usize = usize::max_value() - 1; + + // Runs the init() function at least once, returning the value of some run + // of init(). Multiple callers can run their init() functions in parallel. + // init() should always return the same value, if it succeeds. + pub fn unsync_init(&self, init: impl FnOnce() -> usize) -> usize { + // Relaxed ordering is fine, as we only have a single atomic variable. + let mut val = self.0.load(Relaxed); + if val == Self::UNINIT { + val = init(); + self.0.store(val, Relaxed); + } + val + } + + // Synchronously runs the init() function. Only one caller will have their + // init() function running at a time, and exactly one successful call will + // be run. init() returning UNINIT or ACTIVE will be considered a failure, + // and future calls to sync_init will rerun their init() function. + pub fn sync_init(&self, init: impl FnOnce() -> usize, mut wait: impl FnMut()) -> usize { + // Common and fast path with no contention. Don't wast time on CAS. + match self.0.load(Relaxed) { + Self::UNINIT | Self::ACTIVE => {} + val => return val, + } + // Relaxed ordering is fine, as we only have a single atomic variable. + loop { + match self.0.compare_and_swap(Self::UNINIT, Self::ACTIVE, Relaxed) { + Self::UNINIT => { + let val = init(); + self.0.store( + match val { + Self::UNINIT | Self::ACTIVE => Self::UNINIT, + val => val, + }, + Relaxed, + ); + return val; + } + Self::ACTIVE => wait(), + val => return val, + } + } + } +} + +// Identical to LazyUsize except with bool instead of usize. +pub struct LazyBool(LazyUsize); + +impl LazyBool { + pub const fn new() -> Self { + Self(LazyUsize::new()) + } + + pub fn unsync_init(&self, init: impl FnOnce() -> bool) -> bool { + self.0.unsync_init(|| init() as usize) != 0 + } +} diff --git a/getrandom/src/util_libc.rs b/getrandom/src/util_libc.rs new file mode 100644 index 0000000..5a05170 --- /dev/null +++ b/getrandom/src/util_libc.rs @@ -0,0 +1,143 @@ +// Copyright 2019 Developers of the Rand project. +// +// Licensed under the Apache License, Version 2.0 or the MIT license +// , at your +// option. This file may not be copied, modified, or distributed +// except according to those terms. +use crate::error::ERRNO_NOT_POSITIVE; +use crate::util::LazyUsize; +use crate::Error; +use core::num::NonZeroU32; +use core::ptr::NonNull; + +cfg_if! { + if #[cfg(any(target_os = "netbsd", target_os = "openbsd", target_os = "android"))] { + use libc::__errno as errno_location; + } else if #[cfg(any(target_os = "linux", target_os = "emscripten", target_os = "redox"))] { + use libc::__errno_location as errno_location; + } else if #[cfg(any(target_os = "solaris", target_os = "illumos"))] { + use libc::___errno as errno_location; + } else if #[cfg(any(target_os = "macos", target_os = "freebsd", target_os = "dragonfly"))] { + use libc::__error as errno_location; + } else if #[cfg(target_os = "haiku")] { + use libc::_errnop as errno_location; + } +} + +pub fn last_os_error() -> Error { + #[cfg(not(target_os = "vxworks"))] + let errno = unsafe { *errno_location() }; + #[cfg(target_os = "vxworks")] + let errno = unsafe { libc::errnoGet() }; + if errno > 0 { + Error::from(NonZeroU32::new(errno as u32).unwrap()) + } else { + ERRNO_NOT_POSITIVE + } +} + +// Fill a buffer by repeatedly invoking a system call. The `sys_fill` function: +// - should return -1 and set errno on failure +// - should return the number of bytes written on success +pub fn sys_fill_exact( + mut buf: &mut [u8], + sys_fill: impl Fn(&mut [u8]) -> libc::ssize_t, +) -> Result<(), Error> { + while !buf.is_empty() { + let res = sys_fill(buf); + if res < 0 { + let err = last_os_error(); + // We should try again if the call was interrupted. + if err.raw_os_error() != Some(libc::EINTR) { + return Err(err); + } + } else { + // We don't check for EOF (ret = 0) as the data we are reading + // should be an infinite stream of random bytes. + buf = &mut buf[(res as usize)..]; + } + } + Ok(()) +} + +// A "weak" binding to a C function that may or may not be present at runtime. +// Used for supporting newer OS features while still building on older systems. +// F must be a function pointer of type `unsafe extern "C" fn`. Based off of the +// weak! macro in libstd. +pub struct Weak { + name: &'static str, + addr: LazyUsize, +} + +impl Weak { + // Construct a binding to a C function with a given name. This function is + // unsafe because `name` _must_ be null terminated. + pub const unsafe fn new(name: &'static str) -> Self { + Self { + name, + addr: LazyUsize::new(), + } + } + + // Return a function pointer if present at runtime. Otherwise, return null. + pub fn ptr(&self) -> Option> { + let addr = self.addr.unsync_init(|| unsafe { + libc::dlsym(libc::RTLD_DEFAULT, self.name.as_ptr() as *const _) as usize + }); + NonNull::new(addr as *mut _) + } +} + +pub struct LazyFd(LazyUsize); + +impl LazyFd { + pub const fn new() -> Self { + Self(LazyUsize::new()) + } + + // If init() returns Some(x), x should be nonnegative. + pub fn init(&self, init: impl FnOnce() -> Option) -> Option { + let fd = self.0.sync_init( + || match init() { + // OK as val >= 0 and val <= c_int::MAX < usize::MAX + Some(val) => val as usize, + None => LazyUsize::UNINIT, + }, + || unsafe { + // We are usually waiting on an open(2) syscall to complete, + // which typically takes < 10us if the file is a device. + // However, we might end up waiting much longer if the entropy + // pool isn't initialized, but even in that case, this loop will + // consume a negligible amount of CPU on most platforms. + libc::usleep(10); + }, + ); + match fd { + LazyUsize::UNINIT => None, + val => Some(val as libc::c_int), + } + } +} + +cfg_if! { + if #[cfg(any(target_os = "linux", target_os = "emscripten"))] { + use libc::open64 as open; + } else { + use libc::open; + } +} + +// SAFETY: path must be null terminated, FD must be manually closed. +pub unsafe fn open_readonly(path: &str) -> Option { + debug_assert!(path.as_bytes().last() == Some(&0)); + let fd = open(path.as_ptr() as *mut _, libc::O_RDONLY | libc::O_CLOEXEC); + if fd < 0 { + return None; + } + // O_CLOEXEC works on all Unix targets except for older Linux kernels (pre + // 2.6.23), so we also use an ioctl to make sure FD_CLOEXEC is set. + #[cfg(target_os = "linux")] + libc::ioctl(fd, libc::FIOCLEX); + Some(fd) +} diff --git a/getrandom/src/vxworks.rs b/getrandom/src/vxworks.rs new file mode 100644 index 0000000..a2fe52a --- /dev/null +++ b/getrandom/src/vxworks.rs @@ -0,0 +1,35 @@ +// Copyright 2018 Developers of the Rand project. +// +// Licensed under the Apache License, Version 2.0 or the MIT license +// , at your +// option. This file may not be copied, modified, or distributed +// except according to those terms. + +//! Implementation for VxWorks +use crate::error::{Error, RAND_SECURE_FATAL}; +use crate::util_libc::last_os_error; +use core::sync::atomic::{AtomicBool, Ordering::Relaxed}; + +pub fn getrandom_inner(dest: &mut [u8]) -> Result<(), Error> { + static RNG_INIT: AtomicBool = AtomicBool::new(false); + while !RNG_INIT.load(Relaxed) { + let ret = unsafe { libc::randSecure() }; + if ret < 0 { + return Err(RAND_SECURE_FATAL); + } else if ret > 0 { + RNG_INIT.store(true, Relaxed); + break; + } + unsafe { libc::usleep(10) }; + } + + // Prevent overflow of i32 + for chunk in dest.chunks_mut(i32::max_value() as usize) { + let ret = unsafe { libc::randABytes(chunk.as_mut_ptr(), chunk.len() as i32) }; + if ret != 0 { + return Err(last_os_error()); + } + } + Ok(()) +} diff --git a/getrandom/src/wasi.rs b/getrandom/src/wasi.rs new file mode 100644 index 0000000..713c1ab --- /dev/null +++ b/getrandom/src/wasi.rs @@ -0,0 +1,19 @@ +// Copyright 2018 Developers of the Rand project. +// +// Licensed under the Apache License, Version 2.0 or the MIT license +// , at your +// option. This file may not be copied, modified, or distributed +// except according to those terms. + +//! Implementation for WASI +use crate::Error; +use core::num; +use wasi::wasi_unstable::random_get; + +pub fn getrandom_inner(dest: &mut [u8]) -> Result<(), Error> { + random_get(dest).map_err(|e: num::NonZeroU16| { + // convert wasi's NonZeroU16 error into getrandom's NonZeroU32 error + num::NonZeroU32::new(e.get() as u32).unwrap().into() + }) +} diff --git a/getrandom/src/wasm32_bindgen.rs b/getrandom/src/wasm32_bindgen.rs new file mode 100644 index 0000000..86839a0 --- /dev/null +++ b/getrandom/src/wasm32_bindgen.rs @@ -0,0 +1,113 @@ +// Copyright 2018 Developers of the Rand project. +// +// Licensed under the Apache License, Version 2.0 or the MIT license +// , at your +// option. This file may not be copied, modified, or distributed +// except according to those terms. + +//! Implementation for WASM via wasm-bindgen +extern crate std; + +use core::cell::RefCell; +use core::mem; +use std::thread_local; + +use wasm_bindgen::prelude::*; + +use crate::error::{BINDGEN_CRYPTO_UNDEF, BINDGEN_GRV_UNDEF}; +use crate::Error; + +#[derive(Clone, Debug)] +enum RngSource { + Node(NodeCrypto), + Browser(BrowserCrypto), +} + +// JsValues are always per-thread, so we initialize RngSource for each thread. +// See: https://github.com/rustwasm/wasm-bindgen/pull/955 +thread_local!( + static RNG_SOURCE: RefCell> = RefCell::new(None); +); + +pub fn getrandom_inner(dest: &mut [u8]) -> Result<(), Error> { + assert_eq!(mem::size_of::(), 4); + + RNG_SOURCE.with(|f| { + let mut source = f.borrow_mut(); + if source.is_none() { + *source = Some(getrandom_init()?); + } + + match source.as_ref().unwrap() { + RngSource::Node(n) => n.random_fill_sync(dest), + RngSource::Browser(n) => { + // see https://developer.mozilla.org/en-US/docs/Web/API/Crypto/getRandomValues + // + // where it says: + // + // > A QuotaExceededError DOMException is thrown if the + // > requested length is greater than 65536 bytes. + for chunk in dest.chunks_mut(65536) { + n.get_random_values(chunk) + } + } + }; + Ok(()) + }) +} + +fn getrandom_init() -> Result { + if let Ok(self_) = Global::get_self() { + // If `self` is defined then we're in a browser somehow (main window + // or web worker). Here we want to try to use + // `crypto.getRandomValues`, but if `crypto` isn't defined we assume + // we're in an older web browser and the OS RNG isn't available. + + let crypto = self_.crypto(); + if crypto.is_undefined() { + return Err(BINDGEN_CRYPTO_UNDEF); + } + + // Test if `crypto.getRandomValues` is undefined as well + let crypto: BrowserCrypto = crypto.into(); + if crypto.get_random_values_fn().is_undefined() { + return Err(BINDGEN_GRV_UNDEF); + } + + return Ok(RngSource::Browser(crypto)); + } + + return Ok(RngSource::Node(node_require("crypto"))); +} + +#[wasm_bindgen] +extern "C" { + type Global; + #[wasm_bindgen(getter, catch, static_method_of = Global, js_class = self, js_name = self)] + fn get_self() -> Result; + + type Self_; + #[wasm_bindgen(method, getter, structural)] + fn crypto(me: &Self_) -> JsValue; + + #[derive(Clone, Debug)] + type BrowserCrypto; + + // TODO: these `structural` annotations here ideally wouldn't be here to + // avoid a JS shim, but for now with feature detection they're + // unavoidable. + #[wasm_bindgen(method, js_name = getRandomValues, structural, getter)] + fn get_random_values_fn(me: &BrowserCrypto) -> JsValue; + #[wasm_bindgen(method, js_name = getRandomValues, structural)] + fn get_random_values(me: &BrowserCrypto, buf: &mut [u8]); + + #[wasm_bindgen(js_name = require)] + fn node_require(s: &str) -> NodeCrypto; + + #[derive(Clone, Debug)] + type NodeCrypto; + + #[wasm_bindgen(method, js_name = randomFillSync, structural)] + fn random_fill_sync(me: &NodeCrypto, buf: &mut [u8]); +} diff --git a/getrandom/src/wasm32_stdweb.rs b/getrandom/src/wasm32_stdweb.rs new file mode 100644 index 0000000..6e5e78a --- /dev/null +++ b/getrandom/src/wasm32_stdweb.rs @@ -0,0 +1,114 @@ +// Copyright 2018 Developers of the Rand project. +// +// Licensed under the Apache License, Version 2.0 or the MIT license +// , at your +// option. This file may not be copied, modified, or distributed +// except according to those terms. + +//! Implementation for WASM via stdweb +extern crate std; + +use core::mem; + +use stdweb::js; +use stdweb::unstable::TryInto; +use stdweb::web::error::Error as WebError; + +use crate::error::{STDWEB_NO_RNG, STDWEB_RNG_FAILED}; +use crate::Error; +use std::sync::Once; + +#[derive(Clone, Copy, Debug)] +enum RngSource { + Browser, + Node, +} + +pub fn getrandom_inner(dest: &mut [u8]) -> Result<(), Error> { + assert_eq!(mem::size_of::(), 4); + static ONCE: Once = Once::new(); + static mut RNG_SOURCE: Result = Ok(RngSource::Node); + + // SAFETY: RNG_SOURCE is only written once, before being read. + ONCE.call_once(|| unsafe { + RNG_SOURCE = getrandom_init(); + }); + getrandom_fill(unsafe { RNG_SOURCE }?, dest) +} + +fn getrandom_init() -> Result { + let result = js! { + try { + if ( + typeof self === "object" && + typeof self.crypto === "object" && + typeof self.crypto.getRandomValues === "function" + ) { + return { success: true, ty: 1 }; + } + + if (typeof require("crypto").randomBytes === "function") { + return { success: true, ty: 2 }; + } + + return { success: false, error: new Error("not supported") }; + } catch(err) { + return { success: false, error: err }; + } + }; + + if js! { return @{ result.as_ref() }.success } == true { + let ty = js! { return @{ result }.ty }; + + if ty == 1 { + Ok(RngSource::Browser) + } else if ty == 2 { + Ok(RngSource::Node) + } else { + unreachable!() + } + } else { + let _err: WebError = js! { return @{ result }.error }.try_into().unwrap(); + error!("getrandom unavailable: {}", _err); + Err(STDWEB_NO_RNG) + } +} + +fn getrandom_fill(source: RngSource, dest: &mut [u8]) -> Result<(), Error> { + for chunk in dest.chunks_mut(65536) { + let len = chunk.len() as u32; + let ptr = chunk.as_mut_ptr() as i32; + + let result = match source { + RngSource::Browser => js! { + try { + let array = new Uint8Array(@{ len }); + self.crypto.getRandomValues(array); + HEAPU8.set(array, @{ ptr }); + + return { success: true }; + } catch(err) { + return { success: false, error: err }; + } + }, + RngSource::Node => js! { + try { + let bytes = require("crypto").randomBytes(@{ len }); + HEAPU8.set(new Uint8Array(bytes), @{ ptr }); + + return { success: true }; + } catch(err) { + return { success: false, error: err }; + } + }, + }; + + if js! { return @{ result.as_ref() }.success } != true { + let _err: WebError = js! { return @{ result }.error }.try_into().unwrap(); + error!("getrandom failed: {}", _err); + return Err(STDWEB_RNG_FAILED); + } + } + Ok(()) +} diff --git a/getrandom/src/windows.rs b/getrandom/src/windows.rs new file mode 100644 index 0000000..e1b8df6 --- /dev/null +++ b/getrandom/src/windows.rs @@ -0,0 +1,26 @@ +// Copyright 2018 Developers of the Rand project. +// +// Licensed under the Apache License, Version 2.0 or the MIT license +// , at your +// option. This file may not be copied, modified, or distributed +// except according to those terms. + +//! Implementation for Windows +use crate::{error::RTL_GEN_RANDOM_FAILED, Error}; + +extern "system" { + #[link_name = "SystemFunction036"] + fn RtlGenRandom(RandomBuffer: *mut u8, RandomBufferLength: u32) -> u8; +} + +pub fn getrandom_inner(dest: &mut [u8]) -> Result<(), Error> { + // Prevent overflow of u32 + for chunk in dest.chunks_mut(u32::max_value() as usize) { + let ret = unsafe { RtlGenRandom(chunk.as_mut_ptr(), chunk.len() as u32) }; + if ret == 0 { + return Err(RTL_GEN_RANDOM_FAILED); + } + } + Ok(()) +} diff --git a/getrandom/src/windows_uwp.rs b/getrandom/src/windows_uwp.rs new file mode 100644 index 0000000..586c6f6 --- /dev/null +++ b/getrandom/src/windows_uwp.rs @@ -0,0 +1,59 @@ +// Copyright 2018 Developers of the Rand project. +// +// Licensed under the Apache License, Version 2.0 or the MIT license +// , at your +// option. This file may not be copied, modified, or distributed +// except according to those terms. + +//! Implementation for Windows UWP targets. After deprecation of Windows XP +//! and Vista, this can supersede the `RtlGenRandom`-based implementation. +use crate::Error; +use core::{ffi::c_void, num::NonZeroU32, ptr}; + +const BCRYPT_USE_SYSTEM_PREFERRED_RNG: u32 = 0x00000002; + +extern "system" { + fn BCryptGenRandom( + hAlgorithm: *mut c_void, + pBuffer: *mut u8, + cbBuffer: u32, + dwFlags: u32, + ) -> u32; +} + +pub fn getrandom_inner(dest: &mut [u8]) -> Result<(), Error> { + // Prevent overflow of u32 + for chunk in dest.chunks_mut(u32::max_value() as usize) { + let ret = unsafe { + BCryptGenRandom( + ptr::null_mut(), + chunk.as_mut_ptr(), + chunk.len() as u32, + BCRYPT_USE_SYSTEM_PREFERRED_RNG, + ) + }; + // NTSTATUS codes use two highest bits for severity status + match ret >> 30 { + 0b01 => { + info!("BCryptGenRandom: information code 0x{:08X}", ret); + } + 0b10 => { + warn!("BCryptGenRandom: warning code 0x{:08X}", ret); + } + 0b11 => { + error!("BCryptGenRandom: failed with 0x{:08X}", ret); + // We zeroize the highest bit, so the error code will reside + // inside the range of designated for OS codes. + let code = ret ^ (1 << 31); + // SAFETY: the second highest bit is always equal to one, + // so it's impossible to get zero. Unfortunately compiler + // is not smart enough to figure out it yet. + let code = unsafe { NonZeroU32::new_unchecked(code) }; + return Err(Error::from(code)); + } + _ => (), + } + } + Ok(()) +} diff --git a/getrandom/tests/common.rs b/getrandom/tests/common.rs new file mode 100644 index 0000000..afefa03 --- /dev/null +++ b/getrandom/tests/common.rs @@ -0,0 +1,68 @@ +#[cfg(feature = "wasm-bindgen")] +use wasm_bindgen_test::*; + +use getrandom::getrandom; + +#[cfg(feature = "test-in-browser")] +wasm_bindgen_test_configure!(run_in_browser); + +#[cfg_attr(feature = "wasm-bindgen", wasm_bindgen_test)] +#[test] +fn test_zero() { + // Test that APIs are happy with zero-length requests + getrandom(&mut [0u8; 0]).unwrap(); +} + +#[cfg_attr(feature = "wasm-bindgen", wasm_bindgen_test)] +#[test] +fn test_diff() { + let mut v1 = [0u8; 1000]; + getrandom(&mut v1).unwrap(); + + let mut v2 = [0u8; 1000]; + getrandom(&mut v2).unwrap(); + + let mut n_diff_bits = 0; + for i in 0..v1.len() { + n_diff_bits += (v1[i] ^ v2[i]).count_ones(); + } + + // Check at least 1 bit per byte differs. p(failure) < 1e-1000 with random input. + assert!(n_diff_bits >= v1.len() as u32); +} + +#[cfg_attr(feature = "wasm-bindgen", wasm_bindgen_test)] +#[test] +fn test_huge() { + let mut huge = [0u8; 100_000]; + getrandom(&mut huge).unwrap(); +} + +#[cfg(any(unix, windows, target_os = "redox", target_os = "fuchsia"))] +#[test] +fn test_multithreading() { + use std::sync::mpsc::channel; + use std::thread; + + let mut txs = vec![]; + for _ in 0..20 { + let (tx, rx) = channel(); + txs.push(tx); + + thread::spawn(move || { + // wait until all the tasks are ready to go. + rx.recv().unwrap(); + let mut v = [0u8; 1000]; + + for _ in 0..100 { + getrandom(&mut v).unwrap(); + thread::yield_now(); + } + }); + } + + // start all the tasks + for tx in txs.iter() { + tx.send(()).unwrap(); + } +} diff --git a/getrandom/utils/ci/install.sh b/getrandom/utils/ci/install.sh new file mode 100644 index 0000000..8e636e1 --- /dev/null +++ b/getrandom/utils/ci/install.sh @@ -0,0 +1,49 @@ +# From https://github.com/japaric/trust + +set -ex + +main() { + local target= + if [ $TRAVIS_OS_NAME = linux ]; then + target=x86_64-unknown-linux-musl + sort=sort + else + target=x86_64-apple-darwin + sort=gsort # for `sort --sort-version`, from brew's coreutils. + fi + + # Builds for iOS are done on OSX, but require the specific target to be + # installed. + case $TARGET in + aarch64-apple-ios) + rustup target install aarch64-apple-ios + ;; + armv7-apple-ios) + rustup target install armv7-apple-ios + ;; + armv7s-apple-ios) + rustup target install armv7s-apple-ios + ;; + i386-apple-ios) + rustup target install i386-apple-ios + ;; + x86_64-apple-ios) + rustup target install x86_64-apple-ios + ;; + esac + + # This fetches latest stable release + local tag=$(git ls-remote --tags --refs --exit-code https://github.com/japaric/cross \ + | cut -d/ -f3 \ + | grep -E '^v[0.1.0-9.]+$' \ + | $sort --version-sort \ + | tail -n1) + curl -LSfs https://japaric.github.io/trust/install.sh | \ + sh -s -- \ + --force \ + --git japaric/cross \ + --tag $tag \ + --target $target +} + +main diff --git a/getrandom/utils/ci/script.sh b/getrandom/utils/ci/script.sh new file mode 100644 index 0000000..b3e80d4 --- /dev/null +++ b/getrandom/utils/ci/script.sh @@ -0,0 +1,13 @@ +# Derived from https://github.com/japaric/trust + +set -ex + +main() { + cross test --target $TARGET + cross test --target $TARGET --examples +} + +# we don't run the "test phase" when doing deploys +if [ -z $TRAVIS_TAG ]; then + main +fi -- cgit v1.2.3