Update nitrokey crate to 0.3.3

This change updates the nitrokey crate to version 0.3.3. Along with that
change we update rand to 0.6.4 because rand 0.6.1 does not yet contain a
publicly accessible rand_os. Note that we no longer require all
crates in rand's workspace, but only rand_os and rand_core, which is a
significant reduction in the number of lines of code compiled.

Import subrepo nitrokey/:nitrokey at 7cf747d56ddc0b7eeedc3caf36dcc909907a171c
Import subrepo rand/:rand at 4336232dda03323634b10ec72ddf27914aebc3a2

24 files changed, 1936 insertions, 0 deletions

diff --git a/rand/rand_os/CHANGELOG.md b/rand/rand_os/CHANGELOG.md
new file mode 100644
index 0000000..459f7bd
--- /dev/null
+++ b/rand/rand_os/CHANGELOG.md
@@ -0,0 +1,13 @@
+# Changelog
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+
+## [0.1.1] - 2019-01-08
+### Additions
+- Add support for x86_64-fortanix-unknown-sgx target (#670)
+
+## [0.1.0] - 2019-01-04
+Initial release.
diff --git a/rand/rand_os/COPYRIGHT b/rand/rand_os/COPYRIGHT
new file mode 100644
index 0000000..468d907
--- /dev/null
+++ b/rand/rand_os/COPYRIGHT
@@ -0,0 +1,12 @@
+Copyrights in the Rand project are retained by their contributors. No
+copyright assignment is required to contribute to the Rand project.
+
+For full authorship information, see the version control history.
+
+Except as otherwise noted (below and/or in individual files), Rand is
+licensed under the Apache License, Version 2.0 <LICENSE-APACHE> or
+<http://www.apache.org/licenses/LICENSE-2.0> or the MIT license
+<LICENSE-MIT> or <http://opensource.org/licenses/MIT>, at your option.
+
+The Rand project includes code from the Rust project
+published under these same licenses.
diff --git a/rand/rand_os/Cargo.toml b/rand/rand_os/Cargo.toml
new file mode 100644
index 0000000..2f9224a
--- /dev/null
+++ b/rand/rand_os/Cargo.toml
@@ -0,0 +1,38 @@
+[package]
+name = "rand_os"
+version = "0.1.1"
+authors = ["The Rand Project Developers"]
+license = "MIT/Apache-2.0"
+readme = "README.md"
+repository = "https://github.com/rust-random/rand"
+documentation = "https://docs.rs/rand_os"
+homepage = "https://crates.io/crates/rand_os"
+description = "OS backed Random Number Generator"
+keywords = ["random", "rng", "os"]
+
+[badges]
+travis-ci = { repository = "rust-random/rand" }
+appveyor = { repository = "rust-random/rand" }
+
+[dependencies]
+rand_core = { path = "../rand_core", version = "0.3", default-features = false }
+log = { version = "0.4", optional = true }
+
+[target.'cfg(unix)'.dependencies]
+libc = "0.2"
+
+[target.'cfg(windows)'.dependencies]
+winapi = { version = "0.3", features = ["minwindef", "ntsecapi", "winnt"] }
+
+[target.'cfg(target_os = "cloudabi")'.dependencies]
+cloudabi = "0.0.3"
+
+[target.'cfg(target_os = "fuchsia")'.dependencies]
+fuchsia-zircon = "0.3.2"
+
+[target.wasm32-unknown-unknown.dependencies]
+wasm-bindgen = { version = "0.2.12", optional = true }
+stdweb = { version = "0.4", optional = true }
+
+[target.'cfg(target_env = "sgx")'.dependencies]
+rdrand = "0.4.0"
diff --git a/rand/rand_os/LICENSE-APACHE b/rand/rand_os/LICENSE-APACHE
new file mode 100644
index 0000000..17d7468
--- /dev/null
+++ b/rand/rand_os/LICENSE-APACHE
@@ -0,0 +1,201 @@
+                              Apache License
+                        Version 2.0, January 2004
+                     https://www.apache.org/licenses/
+
+TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+1. Definitions.
+
+   "License" shall mean the terms and conditions for use, reproduction,
+   and distribution as defined by Sections 1 through 9 of this document.
+
+   "Licensor" shall mean the copyright owner or entity authorized by
+   the copyright owner that is granting the License.
+
+   "Legal Entity" shall mean the union of the acting entity and all
+   other entities that control, are controlled by, or are under common
+   control with that entity. For the purposes of this definition,
+   "control" means (i) the power, direct or indirect, to cause the
+   direction or management of such entity, whether by contract or
+   otherwise, or (ii) ownership of fifty percent (50%) or more of the
+   outstanding shares, or (iii) beneficial ownership of such entity.
+
+   "You" (or "Your") shall mean an individual or Legal Entity
+   exercising permissions granted by this License.
+
+   "Source" form shall mean the preferred form for making modifications,
+   including but not limited to software source code, documentation
+   source, and configuration files.
+
+   "Object" form shall mean any form resulting from mechanical
+   transformation or translation of a Source form, including but
+   not limited to compiled object code, generated documentation,
+   and conversions to other media types.
+
+   "Work" shall mean the work of authorship, whether in Source or
+   Object form, made available under the License, as indicated by a
+   copyright notice that is included in or attached to the work
+   (an example is provided in the Appendix below).
+
+   "Derivative Works" shall mean any work, whether in Source or Object
+   form, that is based on (or derived from) the Work and for which the
+   editorial revisions, annotations, elaborations, or other modifications
+   represent, as a whole, an original work of authorship. For the purposes
+   of this License, Derivative Works shall not include works that remain
+   separable from, or merely link (or bind by name) to the interfaces of,
+   the Work and Derivative Works thereof.
+
+   "Contribution" shall mean any work of authorship, including
+   the original version of the Work and any modifications or additions
+   to that Work or Derivative Works thereof, that is intentionally
+   submitted to Licensor for inclusion in the Work by the copyright owner
+   or by an individual or Legal Entity authorized to submit on behalf of
+   the copyright owner. For the purposes of this definition, "submitted"
+   means any form of electronic, verbal, or written communication sent
+   to the Licensor or its representatives, including but not limited to
+   communication on electronic mailing lists, source code control systems,
+   and issue tracking systems that are managed by, or on behalf of, the
+   Licensor for the purpose of discussing and improving the Work, but
+   excluding communication that is conspicuously marked or otherwise
+   designated in writing by the copyright owner as "Not a Contribution."
+
+   "Contributor" shall mean Licensor and any individual or Legal Entity
+   on behalf of whom a Contribution has been received by Licensor and
+   subsequently incorporated within the Work.
+
+2. Grant of Copyright License. Subject to the terms and conditions of
+   this License, each Contributor hereby grants to You a perpetual,
+   worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+   copyright license to reproduce, prepare Derivative Works of,
+   publicly display, publicly perform, sublicense, and distribute the
+   Work and such Derivative Works in Source or Object form.
+
+3. Grant of Patent License. Subject to the terms and conditions of
+   this License, each Contributor hereby grants to You a perpetual,
+   worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+   (except as stated in this section) patent license to make, have made,
+   use, offer to sell, sell, import, and otherwise transfer the Work,
+   where such license applies only to those patent claims licensable
+   by such Contributor that are necessarily infringed by their
+   Contribution(s) alone or by combination of their Contribution(s)
+   with the Work to which such Contribution(s) was submitted. If You
+   institute patent litigation against any entity (including a
+   cross-claim or counterclaim in a lawsuit) alleging that the Work
+   or a Contribution incorporated within the Work constitutes direct
+   or contributory patent infringement, then any patent licenses
+   granted to You under this License for that Work shall terminate
+   as of the date such litigation is filed.
+
+4. Redistribution. You may reproduce and distribute copies of the
+   Work or Derivative Works thereof in any medium, with or without
+   modifications, and in Source or Object form, provided that You
+   meet the following conditions:
+
+   (a) You must give any other recipients of the Work or
+       Derivative Works a copy of this License; and
+
+   (b) You must cause any modified files to carry prominent notices
+       stating that You changed the files; and
+
+   (c) You must retain, in the Source form of any Derivative Works
+       that You distribute, all copyright, patent, trademark, and
+       attribution notices from the Source form of the Work,
+       excluding those notices that do not pertain to any part of
+       the Derivative Works; and
+
+   (d) If the Work includes a "NOTICE" text file as part of its
+       distribution, then any Derivative Works that You distribute must
+       include a readable copy of the attribution notices contained
+       within such NOTICE file, excluding those notices that do not
+       pertain to any part of the Derivative Works, in at least one
+       of the following places: within a NOTICE text file distributed
+       as part of the Derivative Works; within the Source form or
+       documentation, if provided along with the Derivative Works; or,
+       within a display generated by the Derivative Works, if and
+       wherever such third-party notices normally appear. The contents
+       of the NOTICE file are for informational purposes only and
+       do not modify the License. You may add Your own attribution
+       notices within Derivative Works that You distribute, alongside
+       or as an addendum to the NOTICE text from the Work, provided
+       that such additional attribution notices cannot be construed
+       as modifying the License.
+
+   You may add Your own copyright statement to Your modifications and
+   may provide additional or different license terms and conditions
+   for use, reproduction, or distribution of Your modifications, or
+   for any such Derivative Works as a whole, provided Your use,
+   reproduction, and distribution of the Work otherwise complies with
+   the conditions stated in this License.
+
+5. Submission of Contributions. Unless You explicitly state otherwise,
+   any Contribution intentionally submitted for inclusion in the Work
+   by You to the Licensor shall be under the terms and conditions of
+   this License, without any additional terms or conditions.
+   Notwithstanding the above, nothing herein shall supersede or modify
+   the terms of any separate license agreement you may have executed
+   with Licensor regarding such Contributions.
+
+6. Trademarks. This License does not grant permission to use the trade
+   names, trademarks, service marks, or product names of the Licensor,
+   except as required for reasonable and customary use in describing the
+   origin of the Work and reproducing the content of the NOTICE file.
+
+7. Disclaimer of Warranty. Unless required by applicable law or
+   agreed to in writing, Licensor provides the Work (and each
+   Contributor provides its Contributions) on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+   implied, including, without limitation, any warranties or conditions
+   of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+   PARTICULAR PURPOSE. You are solely responsible for determining the
+   appropriateness of using or redistributing the Work and assume any
+   risks associated with Your exercise of permissions under this License.
+
+8. Limitation of Liability. In no event and under no legal theory,
+   whether in tort (including negligence), contract, or otherwise,
+   unless required by applicable law (such as deliberate and grossly
+   negligent acts) or agreed to in writing, shall any Contributor be
+   liable to You for damages, including any direct, indirect, special,
+   incidental, or consequential damages of any character arising as a
+   result of this License or out of the use or inability to use the
+   Work (including but not limited to damages for loss of goodwill,
+   work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses), even if such Contributor
+   has been advised of the possibility of such damages.
+
+9. Accepting Warranty or Additional Liability. While redistributing
+   the Work or Derivative Works thereof, You may choose to offer,
+   and charge a fee for, acceptance of support, warranty, indemnity,
+   or other liability obligations and/or rights consistent with this
+   License. However, in accepting such obligations, You may act only
+   on Your own behalf and on Your sole responsibility, not on behalf
+   of any other Contributor, and only if You agree to indemnify,
+   defend, and hold each Contributor harmless for any liability
+   incurred by, or claims asserted against, such Contributor by reason
+   of your accepting any such warranty or additional liability.
+
+END OF TERMS AND CONDITIONS
+
+APPENDIX: How to apply the Apache License to your work.
+
+   To apply the Apache License to your work, attach the following
+   boilerplate notice, with the fields enclosed by brackets "[]"
+   replaced with your own identifying information. (Don't include
+   the brackets!)  The text should be enclosed in the appropriate
+   comment syntax for the file format. We also recommend that a
+   file or class name and description of purpose be included on the
+   same "printed page" as the copyright notice for easier
+   identification within third-party archives.
+
+Copyright [yyyy] [name of copyright owner]
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	https://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
diff --git a/rand/rand_os/LICENSE-MIT b/rand/rand_os/LICENSE-MIT
new file mode 100644
index 0000000..d93b5ba
--- /dev/null
+++ b/rand/rand_os/LICENSE-MIT
@@ -0,0 +1,26 @@
+Copyright 2018 Developers of the Rand project
+Copyright (c) 2014 The Rust Project Developers
+
+Permission is hereby granted, free of charge, to any
+person obtaining a copy of this software and associated
+documentation files (the "Software"), to deal in the
+Software without restriction, including without
+limitation the rights to use, copy, modify, merge,
+publish, distribute, sublicense, and/or sell copies of
+the Software, and to permit persons to whom the Software
+is furnished to do so, subject to the following
+conditions:
+
+The above copyright notice and this permission notice
+shall be included in all copies or substantial portions
+of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF
+ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED
+TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
+PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT
+SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR
+IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+DEALINGS IN THE SOFTWARE.
diff --git a/rand/rand_os/README.md b/rand/rand_os/README.md
new file mode 100644
index 0000000..4f48b63
--- /dev/null
+++ b/rand/rand_os/README.md
@@ -0,0 +1,33 @@
+# rand_os
+
+[![Build Status](https://travis-ci.org/rust-random/rand.svg?branch=master)](https://travis-ci.org/rust-random/rand)
+[![Build Status](https://ci.appveyor.com/api/projects/status/github/rust-random/rand?svg=true)](https://ci.appveyor.com/project/rust-random/rand)
+[![Latest version](https://img.shields.io/crates/v/rand_os.svg)](https://crates.io/crates/rand_os)
+[![Book](https://img.shields.io/badge/book-master-yellow.svg)](https://rust-random.github.io/book/)
+[![API](https://img.shields.io/badge/api-master-yellow.svg)](https://rust-random.github.io/rand/rand_os)
+[![API](https://docs.rs/rand_os/badge.svg)](https://docs.rs/rand_os)
+[![Minimum rustc version](https://img.shields.io/badge/rustc-1.22+-lightgray.svg)](https://github.com/rust-random/rand#rust-version-requirements)
+
+A random number generator that retrieves randomness straight from the
+operating system.
+
+This crate depends on [rand_core](https://crates.io/crates/rand_core) and is
+part of the [Rand project](https://github.com/rust-random/rand).
+
+This crate aims to support all of Rust's `std` platforms with a system-provided
+entropy source. Unlike other Rand crates, this crate does not support `no_std`
+(handling this gracefully is a current discussion topic).
+
+Links:
+
+-   [API documentation (master)](https://rust-random.github.io/rand/rand_os)
+-   [API documentation (docs.rs)](https://docs.rs/rand_os)
+-   [Changelog](CHANGELOG.md)
+
+## License
+
+`rand_os` is distributed under the terms of both the MIT license and the
+Apache License (Version 2.0).
+
+See [LICENSE-APACHE](LICENSE-APACHE) and [LICENSE-MIT](LICENSE-MIT), and
+[COPYRIGHT](COPYRIGHT) for details.
diff --git a/rand/rand_os/src/cloudabi.rs b/rand/rand_os/src/cloudabi.rs
new file mode 100644
index 0000000..8b96a2b
--- /dev/null
+++ b/rand/rand_os/src/cloudabi.rs
@@ -0,0 +1,39 @@
+// Copyright 2018 Developers of the Rand project.
+//
+// Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
+// https://www.apache.org/licenses/LICENSE-2.0> or the MIT license
+// <LICENSE-MIT or https://opensource.org/licenses/MIT>, at your
+// option. This file may not be copied, modified, or distributed
+// except according to those terms.
+
+//! Implementation for CloudABI
+
+extern crate cloudabi;
+
+use std::io;
+use rand_core::{Error, ErrorKind};
+use super::OsRngImpl;
+
+#[derive(Clone, Debug)]
+pub struct OsRng;
+
+impl OsRngImpl for OsRng {
+    fn new() -> Result<OsRng, Error> { Ok(OsRng) }
+
+    fn fill_chunk(&mut self, dest: &mut [u8]) -> Result<(), Error> {
+        let errno = unsafe { cloudabi::random_get(dest) };
+        if errno == cloudabi::errno::SUCCESS {
+            Ok(())
+        } else {
+            // Cloudlibc provides its own `strerror` implementation so we
+            // can use `from_raw_os_error` here.
+            Err(Error::with_cause(
+                ErrorKind::Unavailable,
+                "random_get() system call failed",
+                io::Error::from_raw_os_error(errno as i32),
+            ))
+        }
+    }
+
+    fn method_str(&self) -> &'static str { "cloudabi::random_get" }
+}
diff --git a/rand/rand_os/src/dragonfly_haiku_emscripten.rs b/rand/rand_os/src/dragonfly_haiku_emscripten.rs
new file mode 100644
index 0000000..6132d7a
--- /dev/null
+++ b/rand/rand_os/src/dragonfly_haiku_emscripten.rs
@@ -0,0 +1,39 @@
+// Copyright 2018 Developers of the Rand project.
+//
+// Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
+// https://www.apache.org/licenses/LICENSE-2.0> or the MIT license
+// <LICENSE-MIT or https://opensource.org/licenses/MIT>, at your
+// option. This file may not be copied, modified, or distributed
+// except according to those terms.
+
+//! Implementation for DragonFly / Haiku / Emscripten
+
+use rand_core::Error;
+use super::random_device;
+use super::OsRngImpl;
+use std::fs::File;
+
+#[derive(Clone, Debug)]
+pub struct OsRng();
+
+impl OsRngImpl for OsRng {
+    fn new() -> Result<OsRng, Error> {
+        random_device::open("/dev/random", &|p| File::open(p))?;
+        Ok(OsRng())
+    }
+
+    fn fill_chunk(&mut self, dest: &mut [u8]) -> Result<(), Error> {
+        random_device::read(dest)
+    }
+
+    #[cfg(target_os = "emscripten")]
+    fn max_chunk_size(&self) -> usize {
+        // `Crypto.getRandomValues` documents `dest` should be at most 65536
+        // bytes. `crypto.randomBytes` documents: "To minimize threadpool
+        // task length variation, partition large randomBytes requests when
+        // doing so as part of fulfilling a client request.
+        65536
+    }
+
+    fn method_str(&self) -> &'static str { "/dev/random" }
+}
diff --git a/rand/rand_os/src/dummy_log.rs b/rand/rand_os/src/dummy_log.rs
new file mode 100644
index 0000000..ccfe4ba
--- /dev/null
+++ b/rand/rand_os/src/dummy_log.rs
@@ -0,0 +1,10 @@
+#[allow(unused)]
+macro_rules! trace { ($($x:tt)*) => () }
+#[allow(unused)]
+macro_rules! debug { ($($x:tt)*) => () }
+#[allow(unused)]
+macro_rules! info { ($($x:tt)*) => () }
+#[allow(unused)]
+macro_rules! warn { ($($x:tt)*) => () }
+#[allow(unused)]
+macro_rules! error { ($($x:tt)*) => () }
diff --git a/rand/rand_os/src/freebsd.rs b/rand/rand_os/src/freebsd.rs
new file mode 100644
index 0000000..6b8e672
--- /dev/null
+++ b/rand/rand_os/src/freebsd.rs
@@ -0,0 +1,45 @@
+// Copyright 2018 Developers of the Rand project.
+//
+// Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
+// https://www.apache.org/licenses/LICENSE-2.0> or the MIT license
+// <LICENSE-MIT or https://opensource.org/licenses/MIT>, at your
+// option. This file may not be copied, modified, or distributed
+// except according to those terms.
+
+//! Implementation for FreeBSD
+
+extern crate libc;
+
+use rand_core::{Error, ErrorKind};
+use super::OsRngImpl;
+
+use std::ptr;
+use std::io;
+
+#[derive(Clone, Debug)]
+pub struct OsRng;
+
+impl OsRngImpl for OsRng {
+    fn new() -> Result<OsRng, Error> { Ok(OsRng) }
+
+    fn fill_chunk(&mut self, dest: &mut [u8]) -> Result<(), Error> {
+        let mib = [libc::CTL_KERN, libc::KERN_ARND];
+        let mut len = dest.len();
+        let ret = unsafe {
+            libc::sysctl(mib.as_ptr(), mib.len() as libc::c_uint,
+                         dest.as_mut_ptr() as *mut _, &mut len,
+                         ptr::null(), 0)
+        };
+        if ret == -1 || len != dest.len() {
+            return Err(Error::with_cause(
+                ErrorKind::Unavailable,
+                "kern.arandom sysctl failed",
+                io::Error::last_os_error()));
+        }
+        Ok(())
+    }
+
+    fn max_chunk_size(&self) -> usize { 256 }
+
+    fn method_str(&self) -> &'static str { "kern.arandom" }
+}
diff --git a/rand/rand_os/src/fuchsia.rs b/rand/rand_os/src/fuchsia.rs
new file mode 100644
index 0000000..7063ff6
--- /dev/null
+++ b/rand/rand_os/src/fuchsia.rs
@@ -0,0 +1,43 @@
+// Copyright 2018 Developers of the Rand project.
+//
+// Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
+// https://www.apache.org/licenses/LICENSE-2.0> or the MIT license
+// <LICENSE-MIT or https://opensource.org/licenses/MIT>, at your
+// option. This file may not be copied, modified, or distributed
+// except according to those terms.
+
+//! Implementation for Fuchsia Zircon
+
+extern crate fuchsia_zircon;
+
+use rand_core::{Error, ErrorKind};
+use super::OsRngImpl;
+
+#[derive(Clone, Debug)]
+pub struct OsRng;
+
+impl OsRngImpl for OsRng {
+    fn new() -> Result<OsRng, Error> { Ok(OsRng) }
+
+    fn fill_chunk(&mut self, dest: &mut [u8]) -> Result<(), Error> {
+        let mut read = 0;
+        while read < dest.len() {
+            match fuchsia_zircon::cprng_draw(&mut dest[read..]) {
+                Ok(actual) => read += actual,
+                Err(e) => {
+                    return Err(Error::with_cause(
+                        ErrorKind::Unavailable,
+                        "cprng_draw failed",
+                        e.into_io_error()));
+                }
+            };
+        }
+        Ok(())
+    }
+
+    fn max_chunk_size(&self) -> usize {
+        fuchsia_zircon::sys::ZX_CPRNG_DRAW_MAX_LEN
+    }
+
+    fn method_str(&self) -> &'static str { "cprng_draw" }
+}
diff --git a/rand/rand_os/src/lib.rs b/rand/rand_os/src/lib.rs
new file mode 100644
index 0000000..67b0dfe
--- /dev/null
+++ b/rand/rand_os/src/lib.rs
@@ -0,0 +1,439 @@
+// Copyright 2018 Developers of the Rand project.
+// Copyright 2013-2015 The Rust Project Developers.
+//
+// Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
+// https://www.apache.org/licenses/LICENSE-2.0> or the MIT license
+// <LICENSE-MIT or https://opensource.org/licenses/MIT>, at your
+// option. This file may not be copied, modified, or distributed
+// except according to those terms.
+
+//! Interface to the random number generator of the operating system.
+//!
+//! `OsRng` is the preferred external source of entropy for most applications.
+//! Commonly it is used to initialize a user-space RNG, which can then be used
+//! to generate random values with much less overhead than `OsRng`.
+//!
+//! You may prefer to use [`EntropyRng`] instead of `OsRng`. It is unlikely, but
+//! not entirely theoretical, for `OsRng` to fail. In such cases [`EntropyRng`]
+//! falls back on a good alternative entropy source.
+//!
+//! `OsRng::new()` is guaranteed to be very cheap (after the first successful
+//! call), and will never consume more than one file handle per process.
+//!
+//! # Usage example
+//! ```
+//! use rand_os::OsRng;
+//! use rand_os::rand_core::RngCore;
+//!
+//! let mut os_rng = OsRng::new().unwrap();
+//! let mut key = [0u8; 16];
+//! os_rng.fill_bytes(&mut key);
+//! let random_u64 = os_rng.next_u64();
+//! ```
+//!
+//! # Platform sources
+//!
+//! | OS               | interface
+//! |------------------|---------------------------------------------------------
+//! | Linux, Android   | [`getrandom`][1] system call if available, otherwise [`/dev/urandom`][2] after reading from `/dev/random` once
+//! | Windows          | [`RtlGenRandom`][3]
+//! | macOS, iOS       | [`SecRandomCopyBytes`][4]
+//! | FreeBSD          | [`kern.arandom`][5]
+//! | OpenBSD, Bitrig  | [`getentropy`][6]
+//! | NetBSD           | [`/dev/urandom`][7] after reading from `/dev/random` once
+//! | Dragonfly BSD    | [`/dev/random`][8]
+//! | Solaris, illumos | [`getrandom`][9] system call if available, otherwise [`/dev/random`][10]
+//! | Fuchsia OS       | [`cprng_draw`][11]
+//! | Redox            | [`rand:`][12]
+//! | CloudABI         | [`random_get`][13]
+//! | Haiku            | `/dev/random` (identical to `/dev/urandom`)
+//! | Web browsers     | [`Crypto.getRandomValues`][14] (see [Support for WebAssembly and ams.js][14])
+//! | Node.js          | [`crypto.randomBytes`][15] (see [Support for WebAssembly and ams.js][16])
+//!
+//! Rand doesn't have a blanket implementation for all Unix-like operating
+//! systems that reads from `/dev/urandom`. This ensures all supported operating
+//! systems are using the recommended interface and respect maximum buffer
+//! sizes.
+//!
+//! ## Support for WebAssembly and ams.js
+//!
+//! The three Emscripten targets `asmjs-unknown-emscripten`,
+//! `wasm32-unknown-emscripten` and `wasm32-experimental-emscripten` use
+//! Emscripten's emulation of `/dev/random` on web browsers and Node.js.
+//!
+//! The bare WASM target `wasm32-unknown-unknown` tries to call the javascript
+//! methods directly, using either `stdweb` or `wasm-bindgen` depending on what
+//! features are activated for this crate. Note that if both features are
+//! enabled `wasm-bindgen` will be used.
+//!
+//! ## Early boot
+//!
+//! It is possible that early in the boot process the OS hasn't had enough time
+//! yet to collect entropy to securely seed its RNG, especially on virtual
+//! machines.
+//!
+//! Some operating systems always block the thread until the RNG is securely
+//! seeded. This can take anywhere from a few seconds to more than a minute.
+//! Others make a best effort to use a seed from before the shutdown and don't
+//! document much.
+//!
+//! A few, Linux, NetBSD and Solaris, offer a choice between blocking, and
+//! getting an error. With `try_fill_bytes` we choose to get the error
+//! ([`ErrorKind::NotReady`]), while the other methods use a blocking interface.
+//!
+//! On Linux (when the `genrandom` system call is not available) and on NetBSD
+//! reading from `/dev/urandom` never blocks, even when the OS hasn't collected
+//! enough entropy yet. As a countermeasure we try to do a single read from
+//! `/dev/random` until we know the OS RNG is initialized (and store this in a
+//! global static).
+//!
+//! # Panics and error handling
+//!
+//! We cannot guarantee that `OsRng` will fail, but if it does, it will likely
+//! be either when `OsRng::new()` is first called or when data is first read.
+//! If you wish to catch errors early, then test reading of at least one byte
+//! from `OsRng` via [`try_fill_bytes`]. If this succeeds, it is extremely
+//! unlikely that any further errors will occur.
+//! 
+//! Only [`try_fill_bytes`] is able to report the cause of an error; the other
+//! [`RngCore`] methods may (depending on the error kind) retry several times,
+//! but must eventually panic if the error persists.
+//!
+//! [`EntropyRng`]: ../rand/rngs/struct.EntropyRng.html
+//! [`RngCore`]: ../rand_core/trait.RngCore.html
+//! [`try_fill_bytes`]: ../rand_core/trait.RngCore.html#method.tymethod.try_fill_bytes
+//! [`ErrorKind::NotReady`]: ../rand_core/enum.ErrorKind.html#variant.NotReady
+//!
+//! [1]: http://man7.org/linux/man-pages/man2/getrandom.2.html
+//! [2]: http://man7.org/linux/man-pages/man4/urandom.4.html
+//! [3]: https://msdn.microsoft.com/en-us/library/windows/desktop/aa387694.aspx
+//! [4]: https://developer.apple.com/documentation/security/1399291-secrandomcopybytes?language=objc
+//! [5]: https://www.freebsd.org/cgi/man.cgi?query=random&sektion=4
+//! [6]: https://man.openbsd.org/getentropy.2
+//! [7]: http://netbsd.gw.com/cgi-bin/man-cgi?random+4+NetBSD-current
+//! [8]: https://leaf.dragonflybsd.org/cgi/web-man?command=random&section=4
+//! [9]: https://docs.oracle.com/cd/E88353_01/html/E37841/getrandom-2.html
+//! [10]: https://docs.oracle.com/cd/E86824_01/html/E54777/random-7d.html
+//! [11]: https://fuchsia.googlesource.com/zircon/+/HEAD/docs/syscalls/cprng_draw.md
+//! [12]: https://github.com/redox-os/randd/blob/master/src/main.rs
+//! [13]: https://github.com/NuxiNL/cloudabi/blob/v0.20/cloudabi.txt#L1826
+//! [14]: https://www.w3.org/TR/WebCryptoAPI/#Crypto-method-getRandomValues
+//! [15]: https://nodejs.org/api/crypto.html#crypto_crypto_randombytes_size_callback
+//! [16]: #support-for-webassembly-and-amsjs
+#![doc(html_logo_url = "https://www.rust-lang.org/logos/rust-logo-128x128-blk.png",
+       html_favicon_url = "https://www.rust-lang.org/favicon.ico",
+       html_root_url = "https://rust-random.github.io/rand/")]
+#![deny(missing_docs)]
+#![deny(missing_debug_implementations)]
+#![doc(test(attr(allow(unused_variables), deny(warnings))))]
+
+#![cfg_attr(feature = "stdweb", recursion_limit="128")]
+
+pub extern crate rand_core;
+#[cfg(feature = "log")]
+#[macro_use] extern crate log;
+
+// We have to do it here because we load macros
+#[cfg(all(target_arch = "wasm32", not(target_os = "emscripten"),
+          feature = "wasm-bindgen"))]
+extern crate wasm_bindgen;
+#[cfg(all(target_arch = "wasm32", not(target_os = "emscripten"),
+          not(feature = "wasm-bindgen"),
+          feature = "stdweb"))]
+#[macro_use] extern crate stdweb;
+
+#[cfg(target_env = "sgx")]
+extern crate rdrand;
+
+#[cfg(not(feature = "log"))]
+#[macro_use]
+mod dummy_log;
+
+use std::fmt;
+use rand_core::{CryptoRng, RngCore, Error, impls};
+
+/// A random number generator that retrieves randomness straight from the
+/// operating system.
+#[derive(Clone)]
+pub struct OsRng(imp::OsRng);
+
+impl fmt::Debug for OsRng {
+    fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
+        self.0.fmt(f)
+    }
+}
+
+impl OsRng {
+    /// Create a new `OsRng`.
+    pub fn new() -> Result<OsRng, Error> {
+        imp::OsRng::new().map(OsRng)
+    }
+}
+
+impl CryptoRng for OsRng {}
+
+impl RngCore for OsRng {
+    fn next_u32(&mut self) -> u32 {
+        impls::next_u32_via_fill(self)
+    }
+
+    fn next_u64(&mut self) -> u64 {
+        impls::next_u64_via_fill(self)
+    }
+
+    fn fill_bytes(&mut self, dest: &mut [u8]) {
+        use std::{time, thread};
+
+        // We cannot return Err(..), so we try to handle before panicking.
+        const MAX_RETRY_PERIOD: u32 = 10; // max 10s
+        const WAIT_DUR_MS: u32 = 100; // retry every 100ms
+        let wait_dur = time::Duration::from_millis(WAIT_DUR_MS as u64);
+        const RETRY_LIMIT: u32 = (MAX_RETRY_PERIOD * 1000) / WAIT_DUR_MS;
+        const TRANSIENT_RETRIES: u32 = 8;
+        let mut err_count = 0;
+        let mut error_logged = false;
+
+        // Maybe block until the OS RNG is initialized
+        let mut read = 0;
+        if let Ok(n) = self.0.test_initialized(dest, true) { read = n };
+        let dest = &mut dest[read..];
+
+        loop {
+            if let Err(e) = self.try_fill_bytes(dest) {
+                if err_count >= RETRY_LIMIT {
+                    error!("OsRng failed too many times; last error: {}", e);
+                    panic!("OsRng failed too many times; last error: {}", e);
+                }
+
+                if e.kind.should_wait() {
+                    if !error_logged {
+                        warn!("OsRng failed; waiting up to {}s and retrying. Error: {}",
+                                MAX_RETRY_PERIOD, e);
+                        error_logged = true;
+                    }
+                    err_count += 1;
+                    thread::sleep(wait_dur);
+                    continue;
+                } else if e.kind.should_retry() {
+                    if !error_logged {
+                        warn!("OsRng failed; retrying up to {} times. Error: {}",
+                                TRANSIENT_RETRIES, e);
+                        error_logged = true;
+                    }
+                    err_count += (RETRY_LIMIT + TRANSIENT_RETRIES - 1)
+                            / TRANSIENT_RETRIES;    // round up
+                    continue;
+                } else {
+                    error!("OsRng failed: {}", e);
+                    panic!("OsRng fatal error: {}", e);
+                }
+            }
+
+            break;
+        }
+    }
+
+    fn try_fill_bytes(&mut self, dest: &mut [u8]) -> Result<(), Error> {
+        // Some systems do not support reading 0 random bytes.
+        // (And why waste a system call?)
+        if dest.len() == 0 { return Ok(()); }
+
+        let read = self.0.test_initialized(dest, false)?;
+        let dest = &mut dest[read..];
+
+        let max = self.0.max_chunk_size();
+        if dest.len() <= max {
+            trace!("OsRng: reading {} bytes via {}",
+                   dest.len(), self.0.method_str());
+        } else {
+            trace!("OsRng: reading {} bytes via {} in {} chunks of {} bytes",
+                   dest.len(), self.0.method_str(), (dest.len() + max) / max, max);
+        }
+        for slice in dest.chunks_mut(max) {
+            self.0.fill_chunk(slice)?;
+        }
+        Ok(())
+    }
+}
+
+trait OsRngImpl where Self: Sized {
+    // Create a new `OsRng` platform interface.
+    fn new() -> Result<Self, Error>;
+
+    // Fill a chunk with random bytes.
+    fn fill_chunk(&mut self, dest: &mut [u8]) -> Result<(), Error>;
+
+    // Test whether the OS RNG is initialized. This method may not be possible
+    // to support cheaply (or at all) on all operating systems.
+    //
+    // If `blocking` is set, this will cause the OS the block execution until
+    // its RNG is initialized.
+    //
+    // Random values that are read while this are stored in `dest`, the amount
+    // of read bytes is returned.
+    fn test_initialized(&mut self, _dest: &mut [u8], _blocking: bool)
+        -> Result<usize, Error> { Ok(0) }
+
+    // Maximum chunk size supported.
+    fn max_chunk_size(&self) -> usize { ::std::usize::MAX }
+
+    // Name of the OS interface (used for logging).
+    fn method_str(&self) -> &'static str;
+}
+
+#[cfg(any(target_os = "linux", target_os = "android",
+          target_os = "netbsd", target_os = "dragonfly",
+          target_os = "solaris", target_os = "redox",
+          target_os = "haiku", target_os = "emscripten"))]
+mod random_device;
+
+macro_rules! mod_use {
+    ($cond:meta, $module:ident) => {
+        #[$cond]
+        mod $module;
+        #[$cond]
+        use $module as imp;
+    }
+}
+
+mod_use!(cfg(target_os = "android"), linux_android);
+mod_use!(cfg(target_os = "bitrig"), openbsd_bitrig);
+mod_use!(cfg(target_os = "cloudabi"), cloudabi);
+mod_use!(cfg(target_os = "dragonfly"), dragonfly_haiku_emscripten);
+mod_use!(cfg(target_os = "emscripten"), dragonfly_haiku_emscripten);
+mod_use!(cfg(target_os = "freebsd"), freebsd);
+mod_use!(cfg(target_os = "fuchsia"), fuchsia);
+mod_use!(cfg(target_os = "haiku"), dragonfly_haiku_emscripten);
+mod_use!(cfg(target_os = "ios"), macos);
+mod_use!(cfg(target_os = "linux"), linux_android);
+mod_use!(cfg(target_os = "macos"), macos);
+mod_use!(cfg(target_os = "netbsd"), netbsd);
+mod_use!(cfg(target_os = "openbsd"), openbsd_bitrig);
+mod_use!(cfg(target_os = "redox"), redox);
+mod_use!(cfg(target_os = "solaris"), solaris);
+mod_use!(cfg(windows), windows);
+mod_use!(cfg(target_env = "sgx"), sgx);
+
+mod_use!(
+    cfg(all(
+        target_arch = "wasm32",
+        not(target_os = "emscripten"),
+        feature = "wasm-bindgen"
+    )),
+    wasm32_bindgen
+);
+
+mod_use!(
+    cfg(all(
+        target_arch = "wasm32",
+        not(target_os = "emscripten"),
+        not(feature = "wasm-bindgen"),
+        feature = "stdweb",
+    )),
+    wasm32_stdweb
+);
+
+/// Per #678 we use run-time failure where WASM bindings are missing
+#[cfg(all(
+    target_arch = "wasm32",
+    not(target_os = "emscripten"),
+    not(feature = "wasm-bindgen"),
+    not(feature = "stdweb"),
+))]
+mod imp {
+    use rand_core::{Error, ErrorKind};
+    use super::OsRngImpl;
+    
+    #[derive(Clone, Debug)]
+    pub struct OsRng;
+
+    impl OsRngImpl for OsRng {
+        fn new() -> Result<OsRng, Error> {
+            Err(Error::new(ErrorKind::Unavailable,
+                "OsRng: support for wasm32 requires emscripten, stdweb or wasm-bindgen"))
+        }
+
+        fn fill_chunk(&mut self, _dest: &mut [u8]) -> Result<(), Error> {
+            unimplemented!()
+        }
+
+        fn method_str(&self) -> &'static str { unimplemented!() }
+    }
+}
+
+#[cfg(not(any(
+    target_os = "android",
+    target_os = "bitrig",
+    target_os = "cloudabi",
+    target_os = "dragonfly",
+    target_os = "emscripten",
+    target_os = "freebsd",
+    target_os = "fuchsia",
+    target_os = "haiku",
+    target_os = "ios",
+    target_os = "linux",
+    target_os = "macos",
+    target_os = "netbsd",
+    target_os = "openbsd",
+    target_os = "redox",
+    target_os = "solaris",
+    windows,
+    target_arch = "wasm32",
+    target_env = "sgx"
+)))]
+compile_error!("OS RNG support is not available for this platform");
+
+// Due to rustwasm/wasm-bindgen#201 this can't be defined in the inner os
+// modules, so hack around it for now and place it at the root.
+#[cfg(all(feature = "wasm-bindgen", target_arch = "wasm32"))]
+#[doc(hidden)]
+#[allow(missing_debug_implementations)]
+pub mod __wbg_shims {
+
+    // `extern { type Foo; }` isn't supported on 1.22 syntactically, so use a
+    // macro to work around that.
+    macro_rules! rust_122_compat {
+        ($($t:tt)*) => ($($t)*)
+    }
+
+    rust_122_compat! {
+        extern crate wasm_bindgen;
+
+        pub use wasm_bindgen::prelude::*;
+
+        #[wasm_bindgen]
+        extern "C" {
+            pub type Function;
+            #[wasm_bindgen(constructor)]
+            pub fn new(s: &str) -> Function;
+            #[wasm_bindgen(method)]
+            pub fn call(this: &Function, self_: &JsValue) -> JsValue;
+
+            pub type This;
+            #[wasm_bindgen(method, getter, structural, js_name = self)]
+            pub fn self_(me: &This) -> JsValue;
+            #[wasm_bindgen(method, getter, structural)]
+            pub fn crypto(me: &This) -> JsValue;
+
+            #[derive(Clone, Debug)]
+            pub type BrowserCrypto;
+
+            // TODO: these `structural` annotations here ideally wouldn't be here to
+            // avoid a JS shim, but for now with feature detection they're
+            // unavoidable.
+            #[wasm_bindgen(method, js_name = getRandomValues, structural, getter)]
+            pub fn get_random_values_fn(me: &BrowserCrypto) -> JsValue;
+            #[wasm_bindgen(method, js_name = getRandomValues, structural)]
+            pub fn get_random_values(me: &BrowserCrypto, buf: &mut [u8]);
+
+            #[wasm_bindgen(js_name = require)]
+            pub fn node_require(s: &str) -> NodeCrypto;
+
+            #[derive(Clone, Debug)]
+            pub type NodeCrypto;
+
+            #[wasm_bindgen(method, js_name = randomFillSync, structural)]
+            pub fn random_fill_sync(me: &NodeCrypto, buf: &mut [u8]);
+        }
+    }
+}
diff --git a/rand/rand_os/src/linux_android.rs b/rand/rand_os/src/linux_android.rs
new file mode 100644
index 0000000..9622f93
--- /dev/null
+++ b/rand/rand_os/src/linux_android.rs
@@ -0,0 +1,182 @@
+// Copyright 2018 Developers of the Rand project.
+//
+// Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
+// https://www.apache.org/licenses/LICENSE-2.0> or the MIT license
+// <LICENSE-MIT or https://opensource.org/licenses/MIT>, at your
+// option. This file may not be copied, modified, or distributed
+// except according to those terms.
+
+//! Implementation for Linux / Android
+
+extern crate libc;
+
+use rand_core::{Error, ErrorKind};
+use super::random_device;
+use super::OsRngImpl;
+
+use std::io;
+use std::io::Read;
+use std::fs::{File, OpenOptions};
+use std::os::unix::fs::OpenOptionsExt;
+use std::sync::atomic::{AtomicBool, ATOMIC_BOOL_INIT, Ordering};
+use std::sync::{Once, ONCE_INIT};
+
+#[derive(Clone, Debug)]
+pub struct OsRng {
+    method: OsRngMethod,
+    initialized: bool,
+}
+
+#[derive(Clone, Debug)]
+enum OsRngMethod {
+    GetRandom,
+    RandomDevice,
+}
+
+impl OsRngImpl for OsRng {
+    fn new() -> Result<OsRng, Error> {
+        if is_getrandom_available() {
+            return Ok(OsRng { method: OsRngMethod::GetRandom,
+                              initialized: false });
+        }
+        random_device::open("/dev/urandom", &|p| File::open(p))?;
+        Ok(OsRng { method: OsRngMethod::RandomDevice, initialized: false })
+    }
+
+    fn fill_chunk(&mut self, dest: &mut [u8]) -> Result<(), Error> {
+        match self.method {
+            OsRngMethod::GetRandom => getrandom_try_fill(dest, false),
+            OsRngMethod::RandomDevice => random_device::read(dest),
+        }
+    }
+
+    fn test_initialized(&mut self, dest: &mut [u8], blocking: bool)
+        -> Result<usize, Error>
+    {
+        static OS_RNG_INITIALIZED: AtomicBool = ATOMIC_BOOL_INIT;
+        if !self.initialized {
+            self.initialized = OS_RNG_INITIALIZED.load(Ordering::Relaxed);
+        }
+        if self.initialized { return Ok(0); }
+
+        let result = match self.method {
+            OsRngMethod::GetRandom => {
+                getrandom_try_fill(dest, blocking)?;
+                Ok(dest.len())
+            }
+            OsRngMethod::RandomDevice => {
+                info!("OsRng: testing random device /dev/random");
+                let mut file = OpenOptions::new()
+                    .read(true)
+                    .custom_flags(if blocking { 0 } else { libc::O_NONBLOCK })
+                    .open("/dev/random")
+                    .map_err(random_device::map_err)?;
+                file.read(&mut dest[..1]).map_err(random_device::map_err)?;
+                Ok(1)
+            }
+        };
+        OS_RNG_INITIALIZED.store(true, Ordering::Relaxed);
+        self.initialized = true;
+        result
+    }
+
+    fn method_str(&self) -> &'static str {
+        match self.method {
+            OsRngMethod::GetRandom => "getrandom",
+            OsRngMethod::RandomDevice => "/dev/urandom",
+        }
+    }
+}
+
+#[cfg(target_arch = "x86_64")]
+const NR_GETRANDOM: libc::c_long = 318;
+#[cfg(target_arch = "x86")]
+const NR_GETRANDOM: libc::c_long = 355;
+#[cfg(target_arch = "arm")]
+const NR_GETRANDOM: libc::c_long = 384;
+#[cfg(target_arch = "aarch64")]
+const NR_GETRANDOM: libc::c_long = 278;
+ #[cfg(target_arch = "s390x")]
+const NR_GETRANDOM: libc::c_long = 349;
+#[cfg(target_arch = "powerpc")]
+const NR_GETRANDOM: libc::c_long = 359;
+#[cfg(target_arch = "powerpc64")]
+const NR_GETRANDOM: libc::c_long = 359;
+#[cfg(target_arch = "mips")] // old ABI
+const NR_GETRANDOM: libc::c_long = 4353;
+#[cfg(target_arch = "mips64")]
+const NR_GETRANDOM: libc::c_long = 5313;
+#[cfg(target_arch = "sparc")]
+const NR_GETRANDOM: libc::c_long = 347;
+#[cfg(target_arch = "sparc64")]
+const NR_GETRANDOM: libc::c_long = 347;
+#[cfg(not(any(target_arch = "x86_64", target_arch = "x86",
+              target_arch = "arm", target_arch = "aarch64",
+              target_arch = "s390x", target_arch = "powerpc",
+              target_arch = "powerpc64", target_arch = "mips",
+              target_arch = "mips64", target_arch = "sparc",
+              target_arch = "sparc64")))]
+const NR_GETRANDOM: libc::c_long = 0;
+
+fn getrandom(buf: &mut [u8], blocking: bool) -> libc::c_long {
+    const GRND_NONBLOCK: libc::c_uint = 0x0001;
+
+    if NR_GETRANDOM == 0 { return -1 };
+
+    unsafe {
+        libc::syscall(NR_GETRANDOM, buf.as_mut_ptr(), buf.len(),
+                      if blocking { 0 } else { GRND_NONBLOCK })
+    }
+}
+
+fn getrandom_try_fill(dest: &mut [u8], blocking: bool) -> Result<(), Error> {
+    let mut read = 0;
+    while read < dest.len() {
+        let result = getrandom(&mut dest[read..], blocking);
+        if result == -1 {
+            let err = io::Error::last_os_error();
+            let kind = err.kind();
+            if kind == io::ErrorKind::Interrupted {
+                continue;
+            } else if kind == io::ErrorKind::WouldBlock {
+                return Err(Error::with_cause(
+                    ErrorKind::NotReady,
+                    "getrandom not ready",
+                    err,
+                ));
+            } else {
+                return Err(Error::with_cause(
+                    ErrorKind::Unavailable,
+                    "unexpected getrandom error",
+                    err,
+                ));
+            }
+        } else {
+            read += result as usize;
+        }
+    }
+    Ok(())
+}
+
+fn is_getrandom_available() -> bool {
+    static CHECKER: Once = ONCE_INIT;
+    static AVAILABLE: AtomicBool = ATOMIC_BOOL_INIT;
+
+    if NR_GETRANDOM == 0 { return false };
+
+    CHECKER.call_once(|| {
+        debug!("OsRng: testing getrandom");
+        let mut buf: [u8; 0] = [];
+        let result = getrandom(&mut buf, false);
+        let available = if result == -1 {
+            let err = io::Error::last_os_error().raw_os_error();
+            err != Some(libc::ENOSYS)
+        } else {
+            true
+        };
+        AVAILABLE.store(available, Ordering::Relaxed);
+        info!("OsRng: using {}", if available { "getrandom" } else { "/dev/urandom" });
+    });
+
+    AVAILABLE.load(Ordering::Relaxed)
+}
diff --git a/rand/rand_os/src/macos.rs b/rand/rand_os/src/macos.rs
new file mode 100644
index 0000000..6c67251
--- /dev/null
+++ b/rand/rand_os/src/macos.rs
@@ -0,0 +1,53 @@
+// Copyright 2018 Developers of the Rand project.
+//
+// Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
+// https://www.apache.org/licenses/LICENSE-2.0> or the MIT license
+// <LICENSE-MIT or https://opensource.org/licenses/MIT>, at your
+// option. This file may not be copied, modified, or distributed
+// except according to those terms.
+
+//! Implementation for MacOS / iOS
+
+extern crate libc;
+
+use rand_core::{Error, ErrorKind};
+use super::OsRngImpl;
+
+use std::io;
+use self::libc::{c_int, size_t};
+
+#[derive(Clone, Debug)]
+pub struct OsRng;
+
+enum SecRandom {}
+
+#[allow(non_upper_case_globals)]
+const kSecRandomDefault: *const SecRandom = 0 as *const SecRandom;
+
+#[link(name = "Security", kind = "framework")]
+extern {
+    fn SecRandomCopyBytes(rnd: *const SecRandom,
+                          count: size_t, bytes: *mut u8) -> c_int;
+}
+
+impl OsRngImpl for OsRng {
+    fn new() -> Result<OsRng, Error> { Ok(OsRng) }
+
+    fn fill_chunk(&mut self, dest: &mut [u8]) -> Result<(), Error> {
+        let ret = unsafe {
+            SecRandomCopyBytes(kSecRandomDefault,
+                               dest.len() as size_t,
+                               dest.as_mut_ptr())
+        };
+        if ret == -1 {
+            Err(Error::with_cause(
+                ErrorKind::Unavailable,
+                "couldn't generate random bytes",
+                io::Error::last_os_error()))
+        } else {
+            Ok(())
+        }
+    }
+
+    fn method_str(&self) -> &'static str { "SecRandomCopyBytes" }
+}
diff --git a/rand/rand_os/src/netbsd.rs b/rand/rand_os/src/netbsd.rs
new file mode 100644
index 0000000..cf4b6c7
--- /dev/null
+++ b/rand/rand_os/src/netbsd.rs
@@ -0,0 +1,54 @@
+// Copyright 2018 Developers of the Rand project.
+//
+// Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
+// https://www.apache.org/licenses/LICENSE-2.0> or the MIT license
+// <LICENSE-MIT or https://opensource.org/licenses/MIT>, at your
+// option. This file may not be copied, modified, or distributed
+// except according to those terms.
+
+//! Implementation for NetBSD
+
+use rand_core::Error;
+use super::random_device;
+use super::OsRngImpl;
+
+use std::fs::File;
+use std::io::Read;
+use std::sync::atomic::{AtomicBool, ATOMIC_BOOL_INIT, Ordering};
+
+#[derive(Clone, Debug)]
+pub struct OsRng { initialized: bool }
+
+impl OsRngImpl for OsRng {
+    fn new() -> Result<OsRng, Error> {
+        random_device::open("/dev/urandom", &|p| File::open(p))?;
+        Ok(OsRng { initialized: false })
+    }
+
+    fn fill_chunk(&mut self, dest: &mut [u8]) -> Result<(), Error> {
+        random_device::read(dest)
+    }
+
+    // Read a single byte from `/dev/random` to determine if the OS RNG is
+    // already seeded. NetBSD always blocks if not yet ready.
+    fn test_initialized(&mut self, dest: &mut [u8], _blocking: bool)
+        -> Result<usize, Error>
+    {
+        static OS_RNG_INITIALIZED: AtomicBool = ATOMIC_BOOL_INIT;
+        if !self.initialized {
+            self.initialized = OS_RNG_INITIALIZED.load(Ordering::Relaxed);
+        }
+        if self.initialized { return Ok(0); }
+
+        info!("OsRng: testing random device /dev/random");
+        let mut file =
+            File::open("/dev/random").map_err(random_device::map_err)?;
+        file.read(&mut dest[..1]).map_err(random_device::map_err)?;
+
+        OS_RNG_INITIALIZED.store(true, Ordering::Relaxed);
+        self.initialized = true;
+        Ok(1)
+    }
+
+    fn method_str(&self) -> &'static str { "/dev/urandom" }
+}
diff --git a/rand/rand_os/src/openbsd_bitrig.rs b/rand/rand_os/src/openbsd_bitrig.rs
new file mode 100644
index 0000000..c9b35a6
--- /dev/null
+++ b/rand/rand_os/src/openbsd_bitrig.rs
@@ -0,0 +1,40 @@
+// Copyright 2018 Developers of the Rand project.
+//
+// Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
+// https://www.apache.org/licenses/LICENSE-2.0> or the MIT license
+// <LICENSE-MIT or https://opensource.org/licenses/MIT>, at your
+// option. This file may not be copied, modified, or distributed
+// except according to those terms.
+
+//! Implementation for OpenBSD / Bitrig
+
+extern crate libc;
+
+use rand_core::{Error, ErrorKind};
+use super::OsRngImpl;
+
+use std::io;
+
+#[derive(Clone, Debug)]
+pub struct OsRng;
+
+impl OsRngImpl for OsRng {
+    fn new() -> Result<OsRng, Error> { Ok(OsRng) }
+
+    fn fill_chunk(&mut self, dest: &mut [u8]) -> Result<(), Error> {
+        let ret = unsafe {
+            libc::getentropy(dest.as_mut_ptr() as *mut libc::c_void, dest.len())
+        };
+        if ret == -1 {
+            return Err(Error::with_cause(
+                ErrorKind::Unavailable,
+                "getentropy failed",
+                io::Error::last_os_error()));
+        }
+        Ok(())
+    }
+
+    fn max_chunk_size(&self) -> usize { 256 }
+
+    fn method_str(&self) -> &'static str { "getentropy" }
+}
diff --git a/rand/rand_os/src/random_device.rs b/rand/rand_os/src/random_device.rs
new file mode 100644
index 0000000..5da9194
--- /dev/null
+++ b/rand/rand_os/src/random_device.rs
@@ -0,0 +1,70 @@
+// Copyright 2018 Developers of the Rand project.
+//
+// Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
+// https://www.apache.org/licenses/LICENSE-2.0> or the MIT license
+// <LICENSE-MIT or https://opensource.org/licenses/MIT>, at your
+// option. This file may not be copied, modified, or distributed
+// except according to those terms.
+
+//! Helper functions to read from a random device such as `/dev/urandom`.
+//!
+//! All instances use a single internal file handle, to prevent possible
+//! exhaustion of file descriptors.
+use rand_core::{Error, ErrorKind};
+use std::fs::File;
+use std::io;
+use std::io::Read;
+use std::sync::{Once, Mutex, ONCE_INIT};
+
+// TODO: remove outer Option when `Mutex::new(None)` is a constant expression
+static mut READ_RNG_FILE: Option<Mutex<Option<File>>> = None;
+static READ_RNG_ONCE: Once = ONCE_INIT;
+
+#[allow(unused)]
+pub fn open<F>(path: &'static str, open_fn: F) -> Result<(), Error>
+    where F: Fn(&'static str) -> Result<File, io::Error>
+{
+    READ_RNG_ONCE.call_once(|| {
+        unsafe { READ_RNG_FILE = Some(Mutex::new(None)) }
+    });
+
+    // We try opening the file outside the `call_once` fn because we cannot
+    // clone the error, thus we must retry on failure.
+
+    let mutex = unsafe { READ_RNG_FILE.as_ref().unwrap() };
+    let mut guard = mutex.lock().unwrap();
+    if (*guard).is_none() {
+        info!("OsRng: opening random device {}", path);
+        let file = open_fn(path).map_err(map_err)?;
+        *guard = Some(file);
+    };
+    Ok(())
+}
+
+pub fn read(dest: &mut [u8]) -> Result<(), Error> {
+    // We expect this function only to be used after `random_device::open`
+    // was succesful. Therefore we can assume that our memory was set with a
+    // valid object.
+    let mutex = unsafe { READ_RNG_FILE.as_ref().unwrap() };
+    let mut guard = mutex.lock().unwrap();
+    let file = (*guard).as_mut().unwrap();
+
+    // Use `std::io::read_exact`, which retries on `ErrorKind::Interrupted`.
+    file.read_exact(dest).map_err(|err| {
+        Error::with_cause(ErrorKind::Unavailable,
+                          "error reading random device", err)
+    })
+
+}
+
+pub fn map_err(err: io::Error) -> Error {
+    match err.kind() {
+        io::ErrorKind::Interrupted =>
+                Error::new(ErrorKind::Transient, "interrupted"),
+        io::ErrorKind::WouldBlock =>
+                Error::with_cause(ErrorKind::NotReady,
+                "OS RNG not yet seeded", err),
+        _ => Error::with_cause(ErrorKind::Unavailable,
+                "error while opening random device", err)
+    }
+}
diff --git a/rand/rand_os/src/redox.rs b/rand/rand_os/src/redox.rs
new file mode 100644
index 0000000..36fae26
--- /dev/null
+++ b/rand/rand_os/src/redox.rs
@@ -0,0 +1,30 @@
+// Copyright 2018 Developers of the Rand project.
+//
+// Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
+// https://www.apache.org/licenses/LICENSE-2.0> or the MIT license
+// <LICENSE-MIT or https://opensource.org/licenses/MIT>, at your
+// option. This file may not be copied, modified, or distributed
+// except according to those terms.
+
+//! Implementation for Redox
+
+use rand_core::Error;
+use super::random_device;
+use super::OsRngImpl;
+use std::fs::File;
+
+#[derive(Clone, Debug)]
+pub struct OsRng();
+
+impl OsRngImpl for OsRng {
+    fn new() -> Result<OsRng, Error> {
+        random_device::open("rand:", &|p| File::open(p))?;
+        Ok(OsRng())
+    }
+
+    fn fill_chunk(&mut self, dest: &mut [u8]) -> Result<(), Error> {
+        random_device::read(dest)
+    }
+
+    fn method_str(&self) -> &'static str { "'rand:'" }
+}
diff --git a/rand/rand_os/src/sgx.rs b/rand/rand_os/src/sgx.rs
new file mode 100644
index 0000000..43ae0ef
--- /dev/null
+++ b/rand/rand_os/src/sgx.rs
@@ -0,0 +1,38 @@
+// Copyright 2018 Developers of the Rand project.
+//
+// Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
+// https://www.apache.org/licenses/LICENSE-2.0> or the MIT license
+// <LICENSE-MIT or https://opensource.org/licenses/MIT>, at your
+// option. This file may not be copied, modified, or distributed
+// except according to those terms.
+
+use super::OsRngImpl;
+use Error;
+use rdrand::RdRand;
+use rand_core::RngCore;
+use std::fmt::{Debug, Formatter, Result as FmtResult};
+
+#[derive(Clone)]
+pub struct OsRng{
+    gen: RdRand
+}
+
+impl OsRngImpl for OsRng {
+    fn new() -> Result<OsRng, Error> {
+        let rng = RdRand::new()?;
+        Ok(OsRng{ gen: rng })
+    }
+
+    fn fill_chunk(&mut self, dest: &mut [u8]) -> Result<(), Error> {
+        self.gen.try_fill_bytes(dest)
+    }
+
+    fn method_str(&self) -> &'static str { "RDRAND" }
+}
+
+impl Debug for OsRng {
+    fn fmt(&self, f: &mut Formatter) -> FmtResult {
+        f.debug_struct("OsRng")
+            .finish()
+    }
+}
diff --git a/rand/rand_os/src/solaris.rs b/rand/rand_os/src/solaris.rs
new file mode 100644
index 0000000..e8965fd
--- /dev/null
+++ b/rand/rand_os/src/solaris.rs
@@ -0,0 +1,175 @@
+// Copyright 2018 Developers of the Rand project.
+//
+// Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
+// https://www.apache.org/licenses/LICENSE-2.0> or the MIT license
+// <LICENSE-MIT or https://opensource.org/licenses/MIT>, at your
+// option. This file may not be copied, modified, or distributed
+// except according to those terms.
+
+//! Implementation for the Solaris family
+//!
+//! Read from `/dev/random`, with chunks of limited size (1040 bytes).
+//! `/dev/random` uses the Hash_DRBG with SHA512 algorithm from NIST SP 800-90A.
+//! `/dev/urandom` uses the FIPS 186-2 algorithm, which is considered less
+//! secure. We choose to read from `/dev/random`.
+//!
+//! Since Solaris 11.3 the `getrandom` syscall is available. To make sure we can
+//! compile on both Solaris and on OpenSolaris derivatives, that do not have the
+//! function, we do a direct syscall instead of calling a library function.
+//!
+//! We have no way to differentiate between Solaris, illumos, SmartOS, etc.
+extern crate libc;
+
+use rand_core::{Error, ErrorKind};
+use super::random_device;
+use super::OsRngImpl;
+
+use std::io;
+use std::io::Read;
+use std::fs::{File, OpenOptions};
+use std::os::unix::fs::OpenOptionsExt;
+use std::sync::atomic::{AtomicBool, ATOMIC_BOOL_INIT, Ordering};
+use std::cmp;
+
+#[derive(Clone, Debug)]
+pub struct OsRng {
+    method: OsRngMethod,
+    initialized: bool,
+}
+
+#[derive(Clone, Debug)]
+enum OsRngMethod {
+    GetRandom,
+    RandomDevice,
+}
+
+impl OsRngImpl for OsRng {
+    fn new() -> Result<OsRng, Error> {
+        if is_getrandom_available() {
+            return Ok(OsRng { method: OsRngMethod::GetRandom,
+                              initialized: false });
+        }
+        let open = |p| OpenOptions::new()
+            .read(true)
+            .custom_flags(libc::O_NONBLOCK)
+            .open(p);
+        random_device::open("/dev/random", &open)?;
+        Ok(OsRng { method: OsRngMethod::RandomDevice, initialized: false })
+    }
+
+    fn fill_chunk(&mut self, dest: &mut [u8]) -> Result<(), Error> {
+        match self.method {
+            OsRngMethod::GetRandom => getrandom_try_fill(dest, false),
+            OsRngMethod::RandomDevice => random_device::read(dest),
+        }
+    }
+
+    fn test_initialized(&mut self, dest: &mut [u8], blocking: bool)
+        -> Result<usize, Error>
+    {
+        static OS_RNG_INITIALIZED: AtomicBool = ATOMIC_BOOL_INIT;
+        if !self.initialized {
+            self.initialized = OS_RNG_INITIALIZED.load(Ordering::Relaxed);
+        }
+        if self.initialized { return Ok(0); }
+
+        let chunk_len = cmp::min(1024, dest.len());
+        let dest = &mut dest[..chunk_len];
+
+        match self.method {
+            OsRngMethod::GetRandom => getrandom_try_fill(dest, blocking)?,
+            OsRngMethod::RandomDevice => {
+                if blocking {
+                    info!("OsRng: testing random device /dev/random");
+                    // We already have a non-blocking handle, but now need a
+                    // blocking one. Not much choice except opening it twice
+                    let mut file = File::open("/dev/random")
+                        .map_err(random_device::map_err)?;
+                    file.read(dest).map_err(random_device::map_err)?;
+                } else {
+                    self.fill_chunk(dest)?;
+                }
+            }
+        };
+        OS_RNG_INITIALIZED.store(true, Ordering::Relaxed);
+        self.initialized = true;
+        Ok(chunk_len)
+    }
+
+    fn max_chunk_size(&self) -> usize {
+        // The documentation says 1024 is the maximum for getrandom, but
+        // 1040 for /dev/random.
+        1024
+    }
+
+    fn method_str(&self) -> &'static str {
+        match self.method {
+            OsRngMethod::GetRandom => "getrandom",
+            OsRngMethod::RandomDevice => "/dev/random",
+        }
+    }
+}
+
+fn getrandom(buf: &mut [u8], blocking: bool) -> libc::c_long {
+    extern "C" {
+        fn syscall(number: libc::c_long, ...) -> libc::c_long;
+    }
+
+    const SYS_GETRANDOM: libc::c_long = 143;
+    const GRND_NONBLOCK: libc::c_uint = 0x0001;
+    const GRND_RANDOM: libc::c_uint = 0x0002;
+
+    unsafe {
+        syscall(SYS_GETRANDOM, buf.as_mut_ptr(), buf.len(),
+                if blocking { 0 } else { GRND_NONBLOCK } | GRND_RANDOM)
+    }
+}
+
+fn getrandom_try_fill(dest: &mut [u8], blocking: bool) -> Result<(), Error> {
+    let result = getrandom(dest, blocking);
+    if result == -1 || result == 0 {
+        let err = io::Error::last_os_error();
+        let kind = err.kind();
+        if kind == io::ErrorKind::WouldBlock {
+            return Err(Error::with_cause(
+                ErrorKind::NotReady,
+                "getrandom not ready",
+                err,
+            ));
+        } else {
+            return Err(Error::with_cause(
+                ErrorKind::Unavailable,
+                "unexpected getrandom error",
+                err,
+            ));
+        }
+    } else if result != dest.len() as i64 {
+        return Err(Error::new(ErrorKind::Unavailable,
+                              "unexpected getrandom error"));
+    }
+    Ok(())
+}
+
+fn is_getrandom_available() -> bool {
+    use std::sync::atomic::{AtomicBool, ATOMIC_BOOL_INIT, Ordering};
+    use std::sync::{Once, ONCE_INIT};
+
+    static CHECKER: Once = ONCE_INIT;
+    static AVAILABLE: AtomicBool = ATOMIC_BOOL_INIT;
+
+    CHECKER.call_once(|| {
+        debug!("OsRng: testing getrandom");
+        let mut buf: [u8; 0] = [];
+        let result = getrandom(&mut buf, false);
+        let available = if result == -1 {
+            let err = io::Error::last_os_error().raw_os_error();
+            err != Some(libc::ENOSYS)
+        } else {
+            true
+        };
+        AVAILABLE.store(available, Ordering::Relaxed);
+        info!("OsRng: using {}", if available { "getrandom" } else { "/dev/random" });
+    });
+
+    AVAILABLE.load(Ordering::Relaxed)
+}
diff --git a/rand/rand_os/src/wasm32_bindgen.rs b/rand/rand_os/src/wasm32_bindgen.rs
new file mode 100644
index 0000000..8e7c979
--- /dev/null
+++ b/rand/rand_os/src/wasm32_bindgen.rs
@@ -0,0 +1,125 @@
+// Copyright 2018 Developers of the Rand project.
+//
+// Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
+// https://www.apache.org/licenses/LICENSE-2.0> or the MIT license
+// <LICENSE-MIT or https://opensource.org/licenses/MIT>, at your
+// option. This file may not be copied, modified, or distributed
+// except according to those terms.
+
+//! Implementation for WASM via wasm-bindgen
+
+use rand_core::{Error, ErrorKind};
+use super::OsRngImpl;
+
+use wasm_bindgen::prelude::*;
+
+#[wasm_bindgen]
+extern "C" {
+    pub type Function;
+    #[wasm_bindgen(constructor)]
+    pub fn new(s: &str) -> Function;
+    #[wasm_bindgen(method)]
+    pub fn call(this: &Function, self_: &JsValue) -> JsValue;
+
+    pub type This;
+    #[wasm_bindgen(method, getter, structural, js_name = self)]
+    pub fn self_(me: &This) -> JsValue;
+    #[wasm_bindgen(method, getter, structural)]
+    pub fn crypto(me: &This) -> JsValue;
+
+    #[derive(Clone, Debug)]
+    pub type BrowserCrypto;
+
+    // TODO: these `structural` annotations here ideally wouldn't be here to
+    // avoid a JS shim, but for now with feature detection they're
+    // unavoidable.
+    #[wasm_bindgen(method, js_name = getRandomValues, structural, getter)]
+    pub fn get_random_values_fn(me: &BrowserCrypto) -> JsValue;
+    #[wasm_bindgen(method, js_name = getRandomValues, structural)]
+    pub fn get_random_values(me: &BrowserCrypto, buf: &mut [u8]);
+
+    #[wasm_bindgen(js_name = require)]
+    pub fn node_require(s: &str) -> NodeCrypto;
+
+    #[derive(Clone, Debug)]
+    pub type NodeCrypto;
+
+    #[wasm_bindgen(method, js_name = randomFillSync, structural)]
+    pub fn random_fill_sync(me: &NodeCrypto, buf: &mut [u8]);
+}
+
+#[derive(Clone, Debug)]
+pub enum OsRng {
+    Node(NodeCrypto),
+    Browser(BrowserCrypto),
+}
+
+impl OsRngImpl for OsRng {
+    fn new() -> Result<OsRng, Error> {
+        // First up we need to detect if we're running in node.js or a
+        // browser. To do this we get ahold of the `this` object (in a bit
+        // of a roundabout fashion).
+        //
+        // Once we have `this` we look at its `self` property, which is
+        // only defined on the web (either a main window or web worker).
+        let this = Function::new("return this").call(&JsValue::undefined());
+        assert!(this != JsValue::undefined());
+        let this = This::from(this);
+        let is_browser = this.self_() != JsValue::undefined();
+
+        if !is_browser {
+            return Ok(OsRng::Node(node_require("crypto")))
+        }
+
+        // If `self` is defined then we're in a browser somehow (main window
+        // or web worker). Here we want to try to use
+        // `crypto.getRandomValues`, but if `crypto` isn't defined we assume
+        // we're in an older web browser and the OS RNG isn't available.
+        let crypto = this.crypto();
+        if crypto.is_undefined() {
+            let msg = "self.crypto is undefined";
+            return Err(Error::new(ErrorKind::Unavailable, msg))
+        }
+
+        // Test if `crypto.getRandomValues` is undefined as well
+        let crypto: BrowserCrypto = crypto.into();
+        if crypto.get_random_values_fn().is_undefined() {
+            let msg = "crypto.getRandomValues is undefined";
+            return Err(Error::new(ErrorKind::Unavailable, msg))
+        }
+
+        // Ok! `self.crypto.getRandomValues` is a defined value, so let's
+        // assume we can do browser crypto.
+        Ok(OsRng::Browser(crypto))
+    }
+
+    fn fill_chunk(&mut self, dest: &mut [u8]) -> Result<(), Error> {
+        match *self {
+            OsRng::Node(ref n) => n.random_fill_sync(dest),
+            OsRng::Browser(ref n) => n.get_random_values(dest),
+        }
+        Ok(())
+    }
+
+    fn max_chunk_size(&self) -> usize {
+        match *self {
+            OsRng::Node(_) => usize::max_value(),
+            OsRng::Browser(_) => {
+                // see https://developer.mozilla.org/en-US/docs/Web/API/Crypto/getRandomValues
+                //
+                // where it says:
+                //
+                // > A QuotaExceededError DOMException is thrown if the
+                // > requested length is greater than 65536 bytes.
+                65536
+            }
+        }
+    }
+
+    fn method_str(&self) -> &'static str {
+        match *self {
+            OsRng::Node(_) => "crypto.randomFillSync",
+            OsRng::Browser(_) => "crypto.getRandomValues",
+        }
+    }
+}
diff --git a/rand/rand_os/src/wasm32_stdweb.rs b/rand/rand_os/src/wasm32_stdweb.rs
new file mode 100644
index 0000000..3be0ce6
--- /dev/null
+++ b/rand/rand_os/src/wasm32_stdweb.rs
@@ -0,0 +1,107 @@
+// Copyright 2018 Developers of the Rand project.
+//
+// Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
+// https://www.apache.org/licenses/LICENSE-2.0> or the MIT license
+// <LICENSE-MIT or https://opensource.org/licenses/MIT>, at your
+// option. This file may not be copied, modified, or distributed
+// except according to those terms.
+
+//! Implementation for WASM via stdweb
+
+use std::mem;
+use stdweb::unstable::TryInto;
+use stdweb::web::error::Error as WebError;
+use rand_core::{Error, ErrorKind};
+use super::OsRngImpl;
+
+#[derive(Clone, Debug)]
+enum OsRngMethod {
+    Browser,
+    Node
+}
+
+#[derive(Clone, Debug)]
+pub struct OsRng(OsRngMethod);
+
+impl OsRngImpl for OsRng {
+    fn new() -> Result<OsRng, Error> {
+        let result = js! {
+            try {
+                if (
+                    typeof self === "object" &&
+                    typeof self.crypto === "object" &&
+                    typeof self.crypto.getRandomValues === "function"
+                ) {
+                    return { success: true, ty: 1 };
+                }
+
+                if (typeof require("crypto").randomBytes === "function") {
+                    return { success: true, ty: 2 };
+                }
+
+                return { success: false, error: new Error("not supported") };
+            } catch(err) {
+                return { success: false, error: err };
+            }
+        };
+
+        if js!{ return @{ result.as_ref() }.success } == true {
+            let ty = js!{ return @{ result }.ty };
+
+            if ty == 1 { Ok(OsRng(OsRngMethod::Browser)) }
+            else if ty == 2 { Ok(OsRng(OsRngMethod::Node)) }
+            else { unreachable!() }
+        } else {
+            let err: WebError = js!{ return @{ result }.error }.try_into().unwrap();
+            Err(Error::with_cause(ErrorKind::Unavailable, "WASM Error", err))
+        }
+    }
+
+
+    fn fill_chunk(&mut self, dest: &mut [u8]) -> Result<(), Error> {
+        assert_eq!(mem::size_of::<usize>(), 4);
+
+        let len = dest.len() as u32;
+        let ptr = dest.as_mut_ptr() as i32;
+
+        let result = match self.0 {
+            OsRngMethod::Browser => js! {
+                try {
+                    let array = new Uint8Array(@{ len });
+                    self.crypto.getRandomValues(array);
+                    HEAPU8.set(array, @{ ptr });
+
+                    return { success: true };
+                } catch(err) {
+                    return { success: false, error: err };
+                }
+            },
+            OsRngMethod::Node => js! {
+                try {
+                    let bytes = require("crypto").randomBytes(@{ len });
+                    HEAPU8.set(new Uint8Array(bytes), @{ ptr });
+
+                    return { success: true };
+                } catch(err) {
+                    return { success: false, error: err };
+                }
+            }
+        };
+
+        if js!{ return @{ result.as_ref() }.success } == true {
+            Ok(())
+        } else {
+            let err: WebError = js!{ return @{ result }.error }.try_into().unwrap();
+            Err(Error::with_cause(ErrorKind::Unexpected, "WASM Error", err))
+        }
+    }
+
+    fn max_chunk_size(&self) -> usize { 65536 }
+
+    fn method_str(&self) -> &'static str {
+        match self.0 {
+            OsRngMethod::Browser => "Crypto.getRandomValues",
+            OsRngMethod::Node => "crypto.randomBytes",
+        }
+    }
+}
diff --git a/rand/rand_os/src/windows.rs b/rand/rand_os/src/windows.rs
new file mode 100644
index 0000000..6b06c7a
--- /dev/null
+++ b/rand/rand_os/src/windows.rs
@@ -0,0 +1,44 @@
+// Copyright 2018 Developers of the Rand project.
+//
+// Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
+// https://www.apache.org/licenses/LICENSE-2.0> or the MIT license
+// <LICENSE-MIT or https://opensource.org/licenses/MIT>, at your
+// option. This file may not be copied, modified, or distributed
+// except according to those terms.
+
+//! Implementation for Windows
+
+extern crate winapi;
+
+use rand_core::{Error, ErrorKind};
+use super::OsRngImpl;
+
+use std::io;
+
+use self::winapi::shared::minwindef::ULONG;
+use self::winapi::um::ntsecapi::RtlGenRandom;
+use self::winapi::um::winnt::PVOID;
+
+#[derive(Clone, Debug)]
+pub struct OsRng;
+
+impl OsRngImpl for OsRng {
+    fn new() -> Result<OsRng, Error> { Ok(OsRng) }
+
+    fn fill_chunk(&mut self, dest: &mut [u8]) -> Result<(), Error> {
+        let ret = unsafe {
+            RtlGenRandom(dest.as_mut_ptr() as PVOID, dest.len() as ULONG)
+        };
+        if ret == 0 {
+            return Err(Error::with_cause(
+                ErrorKind::Unavailable,
+                "couldn't generate random bytes",
+                io::Error::last_os_error()));
+        }
+        Ok(())
+    }
+
+    fn max_chunk_size(&self) -> usize { <ULONG>::max_value() as usize }
+
+    fn method_str(&self) -> &'static str { "RtlGenRandom" }
+}
diff --git a/rand/rand_os/tests/mod.rs b/rand/rand_os/tests/mod.rs
new file mode 100644
index 0000000..2130e16
--- /dev/null
+++ b/rand/rand_os/tests/mod.rs
@@ -0,0 +1,80 @@
+extern crate rand_os;
+
+use rand_os::rand_core::RngCore;
+use rand_os::OsRng;
+
+#[test]
+fn test_os_rng() {
+    let mut r = OsRng::new().unwrap();
+
+    r.next_u32();
+    r.next_u64();
+
+    let mut v1 = [0u8; 1000];
+    r.fill_bytes(&mut v1);
+
+    let mut v2 = [0u8; 1000];
+    r.fill_bytes(&mut v2);
+
+    let mut n_diff_bits = 0;
+    for i in 0..v1.len() {
+        n_diff_bits += (v1[i] ^ v2[i]).count_ones();
+    }
+
+    // Check at least 1 bit per byte differs. p(failure) < 1e-1000 with random input.
+    assert!(n_diff_bits >= v1.len() as u32);
+}
+
+#[test]
+fn test_os_rng_empty() {
+    let mut r = OsRng::new().unwrap();
+
+    let mut empty = [0u8; 0];
+    r.fill_bytes(&mut empty);
+}
+
+#[test]
+fn test_os_rng_huge() {
+    let mut r = OsRng::new().unwrap();
+
+    let mut huge = [0u8; 100_000];
+    r.fill_bytes(&mut huge);
+}
+
+#[cfg(not(any(target_arch = "wasm32", target_arch = "asmjs")))]
+#[test]
+fn test_os_rng_tasks() {
+    use std::sync::mpsc::channel;
+    use std::thread;
+
+    let mut txs = vec!();
+    for _ in 0..20 {
+        let (tx, rx) = channel();
+        txs.push(tx);
+
+        thread::spawn(move|| {
+            // wait until all the tasks are ready to go.
+            rx.recv().unwrap();
+
+            // deschedule to attempt to interleave things as much
+            // as possible (XXX: is this a good test?)
+            let mut r = OsRng::new().unwrap();
+            thread::yield_now();
+            let mut v = [0u8; 1000];
+
+            for _ in 0..100 {
+                r.next_u32();
+                thread::yield_now();
+                r.next_u64();
+                thread::yield_now();
+                r.fill_bytes(&mut v);
+                thread::yield_now();
+            }
+        });
+    }
+
+    // start all the tasks
+    for tx in txs.iter() {
+        tx.send(()).unwrap();
+    }
+}