aboutsummaryrefslogtreecommitdiff
path: root/getrandom
diff options
context:
space:
mode:
Diffstat (limited to 'getrandom')
-rw-r--r--getrandom/.cargo/config5
-rw-r--r--getrandom/.gitignore6
-rw-r--r--getrandom/.travis.yml221
-rw-r--r--getrandom/CHANGELOG.md158
-rw-r--r--getrandom/Cargo.toml45
-rw-r--r--getrandom/LICENSE-APACHE201
-rw-r--r--getrandom/LICENSE-MIT26
-rw-r--r--getrandom/README.md78
-rw-r--r--getrandom/appveyor.yml52
-rw-r--r--getrandom/benches/mod.rs23
-rw-r--r--getrandom/build.rs19
-rw-r--r--getrandom/src/bsd_arandom.rs49
-rw-r--r--getrandom/src/cloudabi.rs25
-rw-r--r--getrandom/src/dummy.rs14
-rw-r--r--getrandom/src/error.rs178
-rw-r--r--getrandom/src/error_impls.rs35
-rw-r--r--getrandom/src/fuchsia.rs20
-rw-r--r--getrandom/src/ios.rs31
-rw-r--r--getrandom/src/lib.rs282
-rw-r--r--getrandom/src/linux_android.rs44
-rw-r--r--getrandom/src/macos.rs34
-rw-r--r--getrandom/src/openbsd.rs23
-rw-r--r--getrandom/src/rdrand.rs90
-rw-r--r--getrandom/src/solaris_illumos.rs44
-rw-r--r--getrandom/src/use_file.rs73
-rw-r--r--getrandom/src/util.rs96
-rw-r--r--getrandom/src/util_libc.rs143
-rw-r--r--getrandom/src/vxworks.rs35
-rw-r--r--getrandom/src/wasi.rs19
-rw-r--r--getrandom/src/wasm32_bindgen.rs113
-rw-r--r--getrandom/src/wasm32_stdweb.rs114
-rw-r--r--getrandom/src/windows.rs26
-rw-r--r--getrandom/src/windows_uwp.rs59
-rw-r--r--getrandom/tests/common.rs68
-rw-r--r--getrandom/utils/ci/install.sh49
-rw-r--r--getrandom/utils/ci/script.sh13
36 files changed, 2511 insertions, 0 deletions
diff --git a/getrandom/.cargo/config b/getrandom/.cargo/config
new file mode 100644
index 0000000..291ce5e
--- /dev/null
+++ b/getrandom/.cargo/config
@@ -0,0 +1,5 @@
+[target.wasm32-unknown-unknown]
+runner = 'wasm-bindgen-test-runner'
+
+[target.wasm32-wasi]
+runner = 'wasmtime'
diff --git a/getrandom/.gitignore b/getrandom/.gitignore
new file mode 100644
index 0000000..435eeee
--- /dev/null
+++ b/getrandom/.gitignore
@@ -0,0 +1,6 @@
+/target
+**/*.rs.bk
+Cargo.lock
+*.ts
+*.js
+*.wasm
diff --git a/getrandom/.travis.yml b/getrandom/.travis.yml
new file mode 100644
index 0000000..bdd9e72
--- /dev/null
+++ b/getrandom/.travis.yml
@@ -0,0 +1,221 @@
+language: rust
+sudo: false
+
+matrix:
+ include:
+ - name: "Linux, 1.32.0"
+ rust: 1.32.0
+ os: linux
+
+ - name: "OSX, 1.32.0"
+ rust: 1.32.0
+ os: osx
+
+ - name: "Linux, stable"
+ rust: stable
+
+ - name: "OSX+iOS, stable"
+ rust: stable
+ os: osx
+ install:
+ - rustup target add aarch64-apple-ios
+ script:
+ - cargo test
+ - cargo test --examples
+ - cargo build --target aarch64-apple-ios
+
+ - name: "Linux, beta"
+ rust: beta
+
+ - name: "WASM via emscripten, stdweb, wasm-bindgen and WASI"
+ rust: nightly
+ addons:
+ firefox: latest
+ chrome: stable
+ install:
+ - rustup target add wasm32-unknown-unknown
+ - rustup target add wasm32-unknown-emscripten
+ - rustup target add asmjs-unknown-emscripten
+ - rustup target add wasm32-wasi
+ # Get latest geckodriver
+ - export VERSION=$(curl -s https://api.github.com/repos/mozilla/geckodriver/releases/latest | jq -r ".tag_name")
+ - wget -O geckodriver.tar.gz https://github.com/mozilla/geckodriver/releases/download/$VERSION/geckodriver-$VERSION-linux64.tar.gz
+ - tar -xzf geckodriver.tar.gz
+ # Get latest chromedirver
+ - export VERSION=$(wget -q -O - https://chromedriver.storage.googleapis.com/LATEST_RELEASE)
+ - wget -O chromedriver.zip https://chromedriver.storage.googleapis.com/$VERSION/chromedriver_linux64.zip
+ - unzip chromedriver.zip
+ # Get cargo-web
+ - export VERSION=0.6.26 # Pin version for stability
+ - wget -O cargo-web.gz https://github.com/koute/cargo-web/releases/download/$VERSION/cargo-web-x86_64-unknown-linux-gnu.gz
+ - gunzip cargo-web.gz
+ - chmod +x cargo-web
+ # Get wasmtime
+ - export VERSION=v0.3.0 # Pin version for stability
+ - wget -O wasmtime.tar.xz https://github.com/CraneStation/wasmtime/releases/download/$VERSION/wasmtime-$VERSION-x86_64-linux.tar.xz
+ - tar -xf wasmtime.tar.xz --strip-components=1
+ # Get wasm-bindgen-test-runner which matches our wasm-bindgen version
+ - export VERSION=$(cargo metadata --format-version=1 | jq -r '.packages[] | select ( .name == "wasm-bindgen" ) | .version')
+ - wget -O wasm-bindgen.tar.gz https://github.com/rustwasm/wasm-bindgen/releases/download/$VERSION/wasm-bindgen-$VERSION-x86_64-unknown-linux-musl.tar.gz
+ - tar -xzf wasm-bindgen.tar.gz --strip-components=1
+ # Place the runner binaries in our PATH
+ - mv cargo-web wasmtime wasm-bindgen-test-runner $HOME/.cargo/bin
+ # Download and setup emscripten
+ - cargo web prepare-emscripten
+ env: EMCC_CFLAGS="-s ERROR_ON_UNDEFINED_SYMBOLS=0"
+ script:
+ # We cannot run emscripten test binaries (see rust-lang/rust#63649).
+ # However, we can still build and link all tests to make sure that works.
+ # This is actually useful as it finds stuff such as rust-random/rand#669
+ - cargo web test --target wasm32-unknown-emscripten --no-run
+ - cargo web test --target asmjs-unknown-emscripten --no-run
+ # wasi tests
+ - cargo test --target wasm32-wasi
+ # stdweb tests (Node, Chrome)
+ - cargo web test --nodejs --target=wasm32-unknown-unknown --features=stdweb
+ - cargo web test --target=wasm32-unknown-unknown --features=stdweb
+ # wasm-bindgen tests (Node, Firefox, Chrome)
+ - cargo test --target wasm32-unknown-unknown --features=wasm-bindgen
+ - GECKODRIVER=$PWD/geckodriver cargo test --target wasm32-unknown-unknown --features=test-in-browser
+ - CHROMEDRIVER=$PWD/chromedriver cargo test --target wasm32-unknown-unknown --features=test-in-browser
+
+ - name: "Linux, nightly, docs"
+ rust: nightly
+ os: linux
+ install:
+ - cargo --list | egrep "^\s*deadlinks$" -q || cargo install cargo-deadlinks
+ - cargo deadlinks -V
+ script:
+ - cargo test
+ - cargo test --benches
+ - cargo test --examples
+ # remove cached documentation, otherwise files from previous PRs can get included
+ - rm -rf target/doc
+ - cargo doc --no-deps --all --features=std,log
+ - cargo deadlinks --dir target/doc
+ # also test minimum dependency versions are usable
+ - cargo generate-lockfile -Z minimal-versions
+ - cargo test
+
+ - name: "OSX, nightly, docs"
+ rust: nightly
+ os: osx
+ install:
+ - cargo --list | egrep "^\s*deadlinks$" -q || cargo install cargo-deadlinks
+ - cargo deadlinks -V
+ script:
+ - cargo test
+ - cargo test --benches
+ - cargo test --examples
+ # remove cached documentation, otherwise files from previous PRs can get included
+ - rm -rf target/doc
+ - cargo doc --no-deps --all --features=std,log
+ - cargo deadlinks --dir target/doc
+ # also test minimum dependency versions are usable
+ - cargo generate-lockfile -Z minimal-versions
+ - cargo test
+
+ - name: "cross-platform build only"
+ rust: nightly
+ install:
+ - rustup target add x86_64-sun-solaris
+ - rustup target add x86_64-unknown-cloudabi
+ - rustup target add x86_64-unknown-freebsd
+ - rustup target add x86_64-fuchsia
+ - rustup target add x86_64-unknown-netbsd
+ - rustup target add x86_64-unknown-redox
+ - rustup target add x86_64-fortanix-unknown-sgx
+ # For no_std targets
+ - rustup component add rust-src
+ - cargo install cargo-xbuild || true
+ script:
+ - cargo build --target=x86_64-sun-solaris
+ - cargo build --target=x86_64-unknown-cloudabi
+ - cargo build --target=x86_64-unknown-freebsd
+ - cargo build --target=x86_64-fuchsia
+ - cargo build --target=x86_64-unknown-netbsd
+ - cargo build --target=x86_64-unknown-redox
+ - cargo build --target=x86_64-fortanix-unknown-sgx
+ - cargo xbuild --target=x86_64-unknown-uefi
+ - cargo xbuild --target=x86_64-unknown-hermit
+ - cargo xbuild --target=x86_64-unknown-l4re-uclibc
+ - cargo xbuild --target=x86_64-wrs-vxworks
+ # also test minimum dependency versions are usable
+ - cargo generate-lockfile -Z minimal-versions
+ - cargo build --target=x86_64-sun-solaris
+ - cargo build --target=x86_64-unknown-cloudabi
+ - cargo build --target=x86_64-unknown-freebsd
+ - cargo build --target=x86_64-fuchsia
+ - cargo build --target=x86_64-unknown-netbsd
+ - cargo build --target=x86_64-unknown-redox
+ - cargo build --target=x86_64-fortanix-unknown-sgx
+ - cargo xbuild --target=x86_64-unknown-uefi
+ - cargo xbuild --target=x86_64-unknown-hermit
+ - cargo xbuild --target=x86_64-unknown-l4re-uclibc
+ - cargo xbuild --target=x86_64-uwp-windows-gnu
+
+ # Trust cross-built/emulated targets. We must repeat all non-default values.
+ - name: "Linux (MIPS, big-endian)"
+ env: TARGET=mips-unknown-linux-gnu
+ rust: stable
+ sudo: required
+ dist: trusty
+ services: docker
+ install:
+ - sh utils/ci/install.sh
+ - source ~/.cargo/env || true
+ script:
+ - bash utils/ci/script.sh
+
+ - name: "Android (ARMv7)"
+ env: TARGET=armv7-linux-androideabi
+ rust: stable
+ sudo: required
+ dist: trusty
+ services: docker
+ install:
+ - sh utils/ci/install.sh
+ - source ~/.cargo/env || true
+ script:
+ - bash utils/ci/script.sh
+
+ - name: "rustfmt"
+ rust: stable
+ install:
+ - rustup component add rustfmt
+ script:
+ - cargo fmt --all -- */*.rs --check
+
+ allow_failures:
+ # Formatting errors should appear in Travis, but not break the build.
+ - name: "rustfmt"
+
+before_install:
+ - set -e
+ - rustup self update
+
+before_script:
+ - export RUSTFLAGS="-D warnings"
+
+script:
+ - cargo test
+ - cargo test --examples
+
+after_script: set +e
+
+cache:
+ cargo: true
+ directories:
+ - .local/share/cargo-web
+
+before_cache:
+ # Travis can't cache files that are not readable by "others"
+ - chmod -R a+r $HOME/.cargo
+
+notifications:
+ email:
+ on_success: never
+
+branches:
+ only:
+ - master
diff --git a/getrandom/CHANGELOG.md b/getrandom/CHANGELOG.md
new file mode 100644
index 0000000..2f6e9f4
--- /dev/null
+++ b/getrandom/CHANGELOG.md
@@ -0,0 +1,158 @@
+# Changelog
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [0.1.13] - 2019-08-25
+### Added
+- VxWorks targets support. [#86]
+
+### Changed
+- If zero-length slice is passed to the `getrandom` function, always return
+`Ok(())` immediately without doing any calls to the underlying operating
+system. [#104]
+- Use the `kern.arandom` sysctl on NetBSD. [#115]
+
+### Fixed
+- Bump `cfg-if` minimum version from 0.1.0 to 0.1.2. [#112]
+- Typos and bad doc links. [#117]
+
+[#86]: https://github.com/rust-random/getrandom/pull/86
+[#104]: https://github.com/rust-random/getrandom/pull/104
+[#112]: https://github.com/rust-random/getrandom/pull/112
+[#115]: https://github.com/rust-random/getrandom/pull/115
+[#117]: https://github.com/rust-random/getrandom/pull/117
+
+## [0.1.12] - 2019-08-18
+### Changed
+- Update wasi dependency from v0.5 to v0.7. [#100]
+
+[#100]: https://github.com/rust-random/getrandom/pull/100
+
+## [0.1.11] - 2019-08-25
+### Fixed
+- Implement `std`-dependent traits for selected targets even if `std`
+feature is disabled. (backward compatibility with v0.1.8) [#96]
+
+[#96]: https://github.com/rust-random/getrandom/pull/96
+
+## [0.1.10] - 2019-08-18 [YANKED]
+### Changed
+- Use the dummy implementation on `wasm32-unknown-unknown` even with the
+disabled `dummy` feature. [#90]
+
+### Fixed
+- Fix CSP error for `wasm-bindgen`. [#92]
+
+[#90]: https://github.com/rust-random/getrandom/pull/90
+[#92]: https://github.com/rust-random/getrandom/pull/92
+
+## [0.1.9] - 2019-08-14 [YANKED]
+### Changed
+- Remove `std` dependency for opening and reading files. [#58]
+- Use `wasi` isntead of `libc` on WASI target. [#64]
+- By default emit a compile-time error when built for an unsupported target.
+This behaviour can be disabled by using the `dummy` feature. [#71]
+
+### Added
+- Add support for UWP targets. [#69]
+- Add unstable `rustc-dep-of-std` feature. [#78]
+
+[#58]: https://github.com/rust-random/getrandom/pull/58
+[#64]: https://github.com/rust-random/getrandom/pull/64
+[#69]: https://github.com/rust-random/getrandom/pull/69
+[#71]: https://github.com/rust-random/getrandom/pull/71
+[#78]: https://github.com/rust-random/getrandom/pull/78
+
+## [0.1.8] - 2019-07-29
+### Changed
+- Explicitly specify types to arguments of 'libc::syscall'. [#74]
+
+[#74]: https://github.com/rust-random/getrandom/pull/74
+
+## [0.1.7] - 2019-07-29
+### Added
+- Support for hermit and l4re. [#61]
+- `Error::raw_os_error` method, `Error::INTERNAL_START` and
+`Error::CUSTOM_START` constants. Use `libc` for retrieving OS error descriptions. [#54]
+
+### Changed
+- Remove `lazy_static` dependency and use custom structures for lock-free
+initialization. [#51] [#52]
+- Try `getrandom()` first on FreeBSD. [#57]
+
+### Removed
+- Bitrig support. [#56]
+
+### Deprecated
+- `Error::UNKNOWN`, `Error::UNAVAILABLE`. [#54]
+
+[#51]: https://github.com/rust-random/getrandom/pull/51
+[#52]: https://github.com/rust-random/getrandom/pull/52
+[#54]: https://github.com/rust-random/getrandom/pull/54
+[#56]: https://github.com/rust-random/getrandom/pull/56
+[#57]: https://github.com/rust-random/getrandom/pull/57
+[#61]: https://github.com/rust-random/getrandom/pull/61
+
+## [0.1.6] - 2019-06-30
+### Changed
+- Minor change of RDRAND AMD bug handling. [#48]
+
+[#48]: https://github.com/rust-random/getrandom/pull/48
+
+## [0.1.5] - 2019-06-29
+### Fixed
+- Use shared `File` instead of shared file descriptor. [#44]
+- Workaround for RDRAND hardware bug present on some AMD CPUs. [#43]
+
+### Changed
+- Try `getentropy` and then fallback to `/dev/random` on macOS. [#38]
+
+[#38]: https://github.com/rust-random/getrandom/issues/38
+[#43]: https://github.com/rust-random/getrandom/pull/43
+[#44]: https://github.com/rust-random/getrandom/issues/44
+
+## [0.1.4] - 2019-06-28
+### Added
+- Add support for `x86_64-unknown-uefi` target by using RDRAND with CPUID
+feature detection. [#30]
+
+### Fixed
+- Fix long buffer issues on Windows and Linux. [#31] [#32]
+- Check `EPERM` in addition to `ENOSYS` on Linux. [#37]
+
+### Changed
+- Improve efficiency by sharing file descriptor across threads. [#13]
+- Remove `cloudabi`, `winapi`, and `fuchsia-cprng` dependencies. [#40]
+- Improve RDRAND implementation. [#24]
+- Don't block during syscall detection on Linux. [#26]
+- Increase consistency with libc implementation on FreeBSD. [#36]
+- Apply `rustfmt`. [#39]
+
+[#30]: https://github.com/rust-random/getrandom/pull/30
+[#13]: https://github.com/rust-random/getrandom/issues/13
+[#40]: https://github.com/rust-random/getrandom/pull/40
+[#26]: https://github.com/rust-random/getrandom/pull/26
+[#24]: https://github.com/rust-random/getrandom/pull/24
+[#39]: https://github.com/rust-random/getrandom/pull/39
+[#36]: https://github.com/rust-random/getrandom/pull/36
+[#31]: https://github.com/rust-random/getrandom/issues/31
+[#32]: https://github.com/rust-random/getrandom/issues/32
+[#37]: https://github.com/rust-random/getrandom/issues/37
+
+## [0.1.3] - 2019-05-15
+- Update for `wasm32-unknown-wasi` being renamed to `wasm32-wasi`, and for
+ WASI being categorized as an OS.
+
+## [0.1.2] - 2019-04-06
+- Add support for `wasm32-unknown-wasi` target.
+
+## [0.1.1] - 2019-04-05
+- Enable std functionality for CloudABI by default.
+
+## [0.1.0] - 2019-03-23
+Publish initial implementation.
+
+## [0.0.0] - 2019-01-19
+Publish an empty template library.
diff --git a/getrandom/Cargo.toml b/getrandom/Cargo.toml
new file mode 100644
index 0000000..b159674
--- /dev/null
+++ b/getrandom/Cargo.toml
@@ -0,0 +1,45 @@
+[package]
+name = "getrandom"
+version = "0.1.13"
+edition = "2018"
+authors = ["The Rand Project Developers"]
+license = "MIT OR Apache-2.0"
+description = "A small cross-platform library for retrieving random data from system source"
+documentation = "https://docs.rs/getrandom"
+repository = "https://github.com/rust-random/getrandom"
+categories = ["os", "no-std"]
+exclude = ["utils/*", ".*", "appveyor.yml"]
+
+[badges]
+travis-ci = { repository = "rust-random/getrandom" }
+appveyor = { repository = "rust-random/getrandom" }
+
+[dependencies]
+log = { version = "0.4", optional = true }
+cfg-if = "0.1.2"
+
+# When built as part of libstd
+compiler_builtins = { version = "0.1", optional = true }
+core = { version = "1.0", optional = true, package = "rustc-std-workspace-core" }
+
+[target.'cfg(unix)'.dependencies]
+libc = { version = "0.2.64", default-features = false }
+
+[target.'cfg(target_os = "wasi")'.dependencies]
+wasi = "0.7"
+
+[target.wasm32-unknown-unknown.dependencies]
+wasm-bindgen = { version = "0.2.29", optional = true }
+stdweb = { version = "0.4.18", optional = true }
+
+[target.wasm32-unknown-unknown.dev-dependencies]
+wasm-bindgen-test = "0.2"
+
+[features]
+std = []
+# Enables dummy implementation for unsupported targets
+dummy = []
+# Unstable feature to support being a libstd dependency
+rustc-dep-of-std = ["compiler_builtins", "core"]
+# Unstable feature for testing
+test-in-browser = ["wasm-bindgen"]
diff --git a/getrandom/LICENSE-APACHE b/getrandom/LICENSE-APACHE
new file mode 100644
index 0000000..17d7468
--- /dev/null
+++ b/getrandom/LICENSE-APACHE
@@ -0,0 +1,201 @@
+ Apache License
+ Version 2.0, January 2004
+ https://www.apache.org/licenses/
+
+TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+1. Definitions.
+
+ "License" shall mean the terms and conditions for use, reproduction,
+ and distribution as defined by Sections 1 through 9 of this document.
+
+ "Licensor" shall mean the copyright owner or entity authorized by
+ the copyright owner that is granting the License.
+
+ "Legal Entity" shall mean the union of the acting entity and all
+ other entities that control, are controlled by, or are under common
+ control with that entity. For the purposes of this definition,
+ "control" means (i) the power, direct or indirect, to cause the
+ direction or management of such entity, whether by contract or
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
+ outstanding shares, or (iii) beneficial ownership of such entity.
+
+ "You" (or "Your") shall mean an individual or Legal Entity
+ exercising permissions granted by this License.
+
+ "Source" form shall mean the preferred form for making modifications,
+ including but not limited to software source code, documentation
+ source, and configuration files.
+
+ "Object" form shall mean any form resulting from mechanical
+ transformation or translation of a Source form, including but
+ not limited to compiled object code, generated documentation,
+ and conversions to other media types.
+
+ "Work" shall mean the work of authorship, whether in Source or
+ Object form, made available under the License, as indicated by a
+ copyright notice that is included in or attached to the work
+ (an example is provided in the Appendix below).
+
+ "Derivative Works" shall mean any work, whether in Source or Object
+ form, that is based on (or derived from) the Work and for which the
+ editorial revisions, annotations, elaborations, or other modifications
+ represent, as a whole, an original work of authorship. For the purposes
+ of this License, Derivative Works shall not include works that remain
+ separable from, or merely link (or bind by name) to the interfaces of,
+ the Work and Derivative Works thereof.
+
+ "Contribution" shall mean any work of authorship, including
+ the original version of the Work and any modifications or additions
+ to that Work or Derivative Works thereof, that is intentionally
+ submitted to Licensor for inclusion in the Work by the copyright owner
+ or by an individual or Legal Entity authorized to submit on behalf of
+ the copyright owner. For the purposes of this definition, "submitted"
+ means any form of electronic, verbal, or written communication sent
+ to the Licensor or its representatives, including but not limited to
+ communication on electronic mailing lists, source code control systems,
+ and issue tracking systems that are managed by, or on behalf of, the
+ Licensor for the purpose of discussing and improving the Work, but
+ excluding communication that is conspicuously marked or otherwise
+ designated in writing by the copyright owner as "Not a Contribution."
+
+ "Contributor" shall mean Licensor and any individual or Legal Entity
+ on behalf of whom a Contribution has been received by Licensor and
+ subsequently incorporated within the Work.
+
+2. Grant of Copyright License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ copyright license to reproduce, prepare Derivative Works of,
+ publicly display, publicly perform, sublicense, and distribute the
+ Work and such Derivative Works in Source or Object form.
+
+3. Grant of Patent License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ (except as stated in this section) patent license to make, have made,
+ use, offer to sell, sell, import, and otherwise transfer the Work,
+ where such license applies only to those patent claims licensable
+ by such Contributor that are necessarily infringed by their
+ Contribution(s) alone or by combination of their Contribution(s)
+ with the Work to which such Contribution(s) was submitted. If You
+ institute patent litigation against any entity (including a
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
+ or a Contribution incorporated within the Work constitutes direct
+ or contributory patent infringement, then any patent licenses
+ granted to You under this License for that Work shall terminate
+ as of the date such litigation is filed.
+
+4. Redistribution. You may reproduce and distribute copies of the
+ Work or Derivative Works thereof in any medium, with or without
+ modifications, and in Source or Object form, provided that You
+ meet the following conditions:
+
+ (a) You must give any other recipients of the Work or
+ Derivative Works a copy of this License; and
+
+ (b) You must cause any modified files to carry prominent notices
+ stating that You changed the files; and
+
+ (c) You must retain, in the Source form of any Derivative Works
+ that You distribute, all copyright, patent, trademark, and
+ attribution notices from the Source form of the Work,
+ excluding those notices that do not pertain to any part of
+ the Derivative Works; and
+
+ (d) If the Work includes a "NOTICE" text file as part of its
+ distribution, then any Derivative Works that You distribute must
+ include a readable copy of the attribution notices contained
+ within such NOTICE file, excluding those notices that do not
+ pertain to any part of the Derivative Works, in at least one
+ of the following places: within a NOTICE text file distributed
+ as part of the Derivative Works; within the Source form or
+ documentation, if provided along with the Derivative Works; or,
+ within a display generated by the Derivative Works, if and
+ wherever such third-party notices normally appear. The contents
+ of the NOTICE file are for informational purposes only and
+ do not modify the License. You may add Your own attribution
+ notices within Derivative Works that You distribute, alongside
+ or as an addendum to the NOTICE text from the Work, provided
+ that such additional attribution notices cannot be construed
+ as modifying the License.
+
+ You may add Your own copyright statement to Your modifications and
+ may provide additional or different license terms and conditions
+ for use, reproduction, or distribution of Your modifications, or
+ for any such Derivative Works as a whole, provided Your use,
+ reproduction, and distribution of the Work otherwise complies with
+ the conditions stated in this License.
+
+5. Submission of Contributions. Unless You explicitly state otherwise,
+ any Contribution intentionally submitted for inclusion in the Work
+ by You to the Licensor shall be under the terms and conditions of
+ this License, without any additional terms or conditions.
+ Notwithstanding the above, nothing herein shall supersede or modify
+ the terms of any separate license agreement you may have executed
+ with Licensor regarding such Contributions.
+
+6. Trademarks. This License does not grant permission to use the trade
+ names, trademarks, service marks, or product names of the Licensor,
+ except as required for reasonable and customary use in describing the
+ origin of the Work and reproducing the content of the NOTICE file.
+
+7. Disclaimer of Warranty. Unless required by applicable law or
+ agreed to in writing, Licensor provides the Work (and each
+ Contributor provides its Contributions) on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ implied, including, without limitation, any warranties or conditions
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+ PARTICULAR PURPOSE. You are solely responsible for determining the
+ appropriateness of using or redistributing the Work and assume any
+ risks associated with Your exercise of permissions under this License.
+
+8. Limitation of Liability. In no event and under no legal theory,
+ whether in tort (including negligence), contract, or otherwise,
+ unless required by applicable law (such as deliberate and grossly
+ negligent acts) or agreed to in writing, shall any Contributor be
+ liable to You for damages, including any direct, indirect, special,
+ incidental, or consequential damages of any character arising as a
+ result of this License or out of the use or inability to use the
+ Work (including but not limited to damages for loss of goodwill,
+ work stoppage, computer failure or malfunction, or any and all
+ other commercial damages or losses), even if such Contributor
+ has been advised of the possibility of such damages.
+
+9. Accepting Warranty or Additional Liability. While redistributing
+ the Work or Derivative Works thereof, You may choose to offer,
+ and charge a fee for, acceptance of support, warranty, indemnity,
+ or other liability obligations and/or rights consistent with this
+ License. However, in accepting such obligations, You may act only
+ on Your own behalf and on Your sole responsibility, not on behalf
+ of any other Contributor, and only if You agree to indemnify,
+ defend, and hold each Contributor harmless for any liability
+ incurred by, or claims asserted against, such Contributor by reason
+ of your accepting any such warranty or additional liability.
+
+END OF TERMS AND CONDITIONS
+
+APPENDIX: How to apply the Apache License to your work.
+
+ To apply the Apache License to your work, attach the following
+ boilerplate notice, with the fields enclosed by brackets "[]"
+ replaced with your own identifying information. (Don't include
+ the brackets!) The text should be enclosed in the appropriate
+ comment syntax for the file format. We also recommend that a
+ file or class name and description of purpose be included on the
+ same "printed page" as the copyright notice for easier
+ identification within third-party archives.
+
+Copyright [yyyy] [name of copyright owner]
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ https://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
diff --git a/getrandom/LICENSE-MIT b/getrandom/LICENSE-MIT
new file mode 100644
index 0000000..d93b5ba
--- /dev/null
+++ b/getrandom/LICENSE-MIT
@@ -0,0 +1,26 @@
+Copyright 2018 Developers of the Rand project
+Copyright (c) 2014 The Rust Project Developers
+
+Permission is hereby granted, free of charge, to any
+person obtaining a copy of this software and associated
+documentation files (the "Software"), to deal in the
+Software without restriction, including without
+limitation the rights to use, copy, modify, merge,
+publish, distribute, sublicense, and/or sell copies of
+the Software, and to permit persons to whom the Software
+is furnished to do so, subject to the following
+conditions:
+
+The above copyright notice and this permission notice
+shall be included in all copies or substantial portions
+of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF
+ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED
+TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
+PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT
+SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR
+IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+DEALINGS IN THE SOFTWARE.
diff --git a/getrandom/README.md b/getrandom/README.md
new file mode 100644
index 0000000..01bbfb5
--- /dev/null
+++ b/getrandom/README.md
@@ -0,0 +1,78 @@
+# getrandom
+
+[![Build Status](https://travis-ci.org/rust-random/getrandom.svg?branch=master)](https://travis-ci.org/rust-random/getrandom)
+[![Build Status](https://ci.appveyor.com/api/projects/status/github/rust-random/getrandom?svg=true)](https://ci.appveyor.com/project/rust-random/getrandom)
+[![Crate](https://img.shields.io/crates/v/getrandom.svg)](https://crates.io/crates/getrandom)
+[![Documentation](https://docs.rs/getrandom/badge.svg)](https://docs.rs/getrandom)
+[![Dependency status](https://deps.rs/repo/github/rust-random/getrandom/status.svg)](https://deps.rs/repo/github/rust-random/getrandom)
+
+
+A Rust library for retrieving random data from (operating) system source. It is
+assumed that system always provides high-quality cryptographically secure random
+data, ideally backed by hardware entropy sources. This crate derives its name
+from Linux's `getrandom` function, but is cross platform, roughly supporting
+the same set of platforms as Rust's `std` lib.
+
+This is a low-level API. Most users should prefer using high-level random-number
+library like [`rand`].
+
+[`rand`]: https://crates.io/crates/rand
+
+## Usage
+
+Add this to your `Cargo.toml`:
+
+```toml
+[dependencies]
+getrandom = "0.1"
+```
+
+Then invoke the `getrandom` function:
+
+```rust
+fn get_random_buf() -> Result<[u8; 32], getrandom::Error> {
+ let mut buf = [0u8; 32];
+ getrandom::getrandom(&mut buf)?;
+ Ok(buf)
+}
+```
+
+## Features
+
+This library is `no_std` for every supported target. However, getting randomness
+usually requires calling some external system API. This means most platforms
+will require linking against system libraries (i.e. `libc` for Unix,
+`Advapi32.dll` for Windows, Security framework on iOS, etc...).
+
+The `log` library is supported as an optional dependency. If enabled, error
+reporting will be improved on some platforms.
+
+For the `wasm32-unknown-unknown` target, one of the following features should be
+enabled:
+
+- [`wasm-bindgen`](https://crates.io/crates/wasm_bindgen)
+- [`stdweb`](https://crates.io/crates/stdweb)
+
+By default, compiling `getrandom` for an unsupported target will result in
+a compilation error. If you want to build an application which uses `getrandom`
+for such target, you can either:
+- Use [`[replace]`][replace] or [`[patch]`][patch] section in your `Cargo.toml`
+to switch to a custom implementation with a support of your target.
+- Enable the `dummy` feature to have getrandom use an implementation that always
+fails at run-time on unsupported targets.
+
+[replace]: https://doc.rust-lang.org/cargo/reference/manifest.html#the-replace-section
+[patch]: https://doc.rust-lang.org/cargo/reference/manifest.html#the-patch-section
+
+## Minimum Supported Rust Version
+
+This crate requires Rust 1.32.0 or later.
+
+# License
+
+The `getrandom` library is distributed under either of
+
+ * [Apache License, Version 2.0](LICENSE-APACHE)
+ * [MIT license](LICENSE-MIT)
+
+at your option.
diff --git a/getrandom/appveyor.yml b/getrandom/appveyor.yml
new file mode 100644
index 0000000..7a34e32
--- /dev/null
+++ b/getrandom/appveyor.yml
@@ -0,0 +1,52 @@
+environment:
+
+ # At the time this was added AppVeyor was having troubles with checking
+ # revocation of SSL certificates of sites like static.rust-lang.org and what
+ # we think is crates.io. The libcurl HTTP client by default checks for
+ # revocation on Windows and according to a mailing list [1] this can be
+ # disabled.
+ #
+ # The `CARGO_HTTP_CHECK_REVOKE` env var here tells cargo to disable SSL
+ # revocation checking on Windows in libcurl. Note, though, that rustup, which
+ # we're using to download Rust here, also uses libcurl as the default backend.
+ # Unlike Cargo, however, rustup doesn't have a mechanism to disable revocation
+ # checking. To get rustup working we set `RUSTUP_USE_HYPER` which forces it to
+ # use the Hyper instead of libcurl backend. Both Hyper and libcurl use
+ # schannel on Windows but it appears that Hyper configures it slightly
+ # differently such that revocation checking isn't turned on by default.
+ #
+ # [1]: https://curl.haxx.se/mail/lib-2016-03/0202.html
+ RUSTUP_USE_HYPER: 1
+ CARGO_HTTP_CHECK_REVOKE: false
+
+ matrix:
+ - TARGET: x86_64-pc-windows-msvc
+ CHANNEL: 1.32.0
+ - TARGET: x86_64-pc-windows-msvc
+ CHANNEL: stable
+ - TARGET: x86_64-pc-windows-msvc
+ CHANNEL: nightly
+ - TARGET: i686-pc-windows-msvc
+ CHANNEL: nightly
+ - TARGET: x86_64-pc-windows-gnu
+ CHANNEL: nightly
+ - TARGET: i686-pc-windows-gnu
+ CHANNEL: nightly
+
+install:
+ - appveyor DownloadFile https://win.rustup.rs/ -FileName rustup-init.exe
+ - rustup-init.exe -y --default-host %TARGET% --default-toolchain %CHANNEL%
+ - set PATH=%PATH%;C:\Users\appveyor\.cargo\bin
+ - rustc -V
+ - cargo -V
+
+build: false
+
+test_script:
+ - set RUSTFLAGS=-D warnings
+ - cargo test
+ - cargo test --examples
+
+branches:
+ only:
+ - master
diff --git a/getrandom/benches/mod.rs b/getrandom/benches/mod.rs
new file mode 100644
index 0000000..07953f1
--- /dev/null
+++ b/getrandom/benches/mod.rs
@@ -0,0 +1,23 @@
+#![feature(test)]
+extern crate getrandom;
+extern crate test;
+
+#[bench]
+fn bench_64(b: &mut test::Bencher) {
+ let mut buf = [0u8; 64];
+ b.iter(|| {
+ getrandom::getrandom(&mut buf[..]).unwrap();
+ test::black_box(&buf);
+ });
+ b.bytes = buf.len() as u64;
+}
+
+#[bench]
+fn bench_65536(b: &mut test::Bencher) {
+ let mut buf = [0u8; 65536];
+ b.iter(|| {
+ getrandom::getrandom(&mut buf[..]).unwrap();
+ test::black_box(&buf);
+ });
+ b.bytes = buf.len() as u64;
+}
diff --git a/getrandom/build.rs b/getrandom/build.rs
new file mode 100644
index 0000000..1beb4ed
--- /dev/null
+++ b/getrandom/build.rs
@@ -0,0 +1,19 @@
+#![deny(warnings)]
+
+use std::env;
+
+fn main() {
+ let target = env::var("TARGET").expect("TARGET was not set");
+ if target.contains("-uwp-windows-") {
+ // for BCryptGenRandom
+ println!("cargo:rustc-link-lib=bcrypt");
+ // to work around unavailability of `target_vendor` on Rust 1.33
+ println!("cargo:rustc-cfg=getrandom_uwp");
+ } else if target.contains("windows") {
+ // for RtlGenRandom (aka SystemFunction036)
+ println!("cargo:rustc-link-lib=advapi32");
+ } else if target.contains("apple-ios") {
+ // for SecRandomCopyBytes and kSecRandomDefault
+ println!("cargo:rustc-link-lib=framework=Security");
+ }
+}
diff --git a/getrandom/src/bsd_arandom.rs b/getrandom/src/bsd_arandom.rs
new file mode 100644
index 0000000..eb564ff
--- /dev/null
+++ b/getrandom/src/bsd_arandom.rs
@@ -0,0 +1,49 @@
+// Copyright 2018 Developers of the Rand project.
+//
+// Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
+// https://www.apache.org/licenses/LICENSE-2.0> or the MIT license
+// <LICENSE-MIT or https://opensource.org/licenses/MIT>, at your
+// option. This file may not be copied, modified, or distributed
+// except according to those terms.
+
+//! Implementation for FreeBSD and NetBSD
+use crate::util_libc::sys_fill_exact;
+use crate::Error;
+use core::ptr;
+
+fn kern_arnd(buf: &mut [u8]) -> libc::ssize_t {
+ static MIB: [libc::c_int; 2] = [libc::CTL_KERN, libc::KERN_ARND];
+ let mut len = buf.len();
+ let ret = unsafe {
+ libc::sysctl(
+ MIB.as_ptr(),
+ MIB.len() as libc::c_uint,
+ buf.as_mut_ptr() as *mut _,
+ &mut len,
+ ptr::null(),
+ 0,
+ )
+ };
+ if ret == -1 {
+ error!("sysctl kern.arandom: syscall failed");
+ -1
+ } else {
+ len as libc::ssize_t
+ }
+}
+
+pub fn getrandom_inner(dest: &mut [u8]) -> Result<(), Error> {
+ #[cfg(target_os = "freebsd")]
+ {
+ use crate::util_libc::Weak;
+ static GETRANDOM: Weak = unsafe { Weak::new("getrandom\0") };
+ type GetRandomFn =
+ unsafe extern "C" fn(*mut u8, libc::size_t, libc::c_uint) -> libc::ssize_t;
+
+ if let Some(fptr) = GETRANDOM.ptr() {
+ let func: GetRandomFn = unsafe { core::mem::transmute(fptr) };
+ return sys_fill_exact(dest, |buf| unsafe { func(buf.as_mut_ptr(), buf.len(), 0) });
+ }
+ }
+ sys_fill_exact(dest, kern_arnd)
+}
diff --git a/getrandom/src/cloudabi.rs b/getrandom/src/cloudabi.rs
new file mode 100644
index 0000000..d3d0928
--- /dev/null
+++ b/getrandom/src/cloudabi.rs
@@ -0,0 +1,25 @@
+// Copyright 2018 Developers of the Rand project.
+//
+// Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
+// https://www.apache.org/licenses/LICENSE-2.0> or the MIT license
+// <LICENSE-MIT or https://opensource.org/licenses/MIT>, at your
+// option. This file may not be copied, modified, or distributed
+// except according to those terms.
+
+//! Implementation for CloudABI
+use crate::Error;
+use core::num::NonZeroU32;
+
+extern "C" {
+ fn cloudabi_sys_random_get(buf: *mut u8, buf_len: usize) -> u16;
+}
+
+pub fn getrandom_inner(dest: &mut [u8]) -> Result<(), Error> {
+ let errno = unsafe { cloudabi_sys_random_get(dest.as_mut_ptr(), dest.len()) };
+ if let Some(code) = NonZeroU32::new(errno as u32) {
+ error!("cloudabi_sys_random_get: failed with {}", errno);
+ Err(Error::from(code))
+ } else {
+ Ok(()) // Zero means success for CloudABI
+ }
+}
diff --git a/getrandom/src/dummy.rs b/getrandom/src/dummy.rs
new file mode 100644
index 0000000..0c24ba0
--- /dev/null
+++ b/getrandom/src/dummy.rs
@@ -0,0 +1,14 @@
+// Copyright 2018 Developers of the Rand project.
+//
+// Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
+// https://www.apache.org/licenses/LICENSE-2.0> or the MIT license
+// <LICENSE-MIT or https://opensource.org/licenses/MIT>, at your
+// option. This file may not be copied, modified, or distributed
+// except according to those terms.
+
+//! A dummy implementation for unsupported targets which always fails
+use crate::{error::UNSUPPORTED, Error};
+
+pub fn getrandom_inner(_: &mut [u8]) -> Result<(), Error> {
+ Err(UNSUPPORTED)
+}
diff --git a/getrandom/src/error.rs b/getrandom/src/error.rs
new file mode 100644
index 0000000..b2cb9a8
--- /dev/null
+++ b/getrandom/src/error.rs
@@ -0,0 +1,178 @@
+// Copyright 2018 Developers of the Rand project.
+//
+// Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
+// https://www.apache.org/licenses/LICENSE-2.0> or the MIT license
+// <LICENSE-MIT or https://opensource.org/licenses/MIT>, at your
+// option. This file may not be copied, modified, or distributed
+// except according to those terms.
+use core::fmt;
+use core::num::NonZeroU32;
+
+/// A small and `no_std` compatible error type.
+///
+/// The [`Error::raw_os_error()`] will indicate if the error is from the OS, and
+/// if so, which error code the OS gave the application. If such an error is
+/// encountered, please consult with your system documentation.
+///
+/// Internally this type is a NonZeroU32, with certain values reserved for
+/// certain purposes, see [`Error::INTERNAL_START`] and [`Error::CUSTOM_START`].
+#[derive(Copy, Clone, Eq, PartialEq)]
+pub struct Error(NonZeroU32);
+
+impl Error {
+ #[deprecated(since = "0.1.7")]
+ /// Unknown error.
+ pub const UNKNOWN: Error = UNSUPPORTED;
+ #[deprecated(since = "0.1.7")]
+ /// System entropy source is unavailable.
+ pub const UNAVAILABLE: Error = UNSUPPORTED;
+
+ /// Codes below this point represent OS Errors (i.e. positive i32 values).
+ /// Codes at or above this point, but below [`Error::CUSTOM_START`] are
+ /// reserved for use by the `rand` and `getrandom` crates.
+ pub const INTERNAL_START: u32 = 1 << 31;
+
+ /// Codes at or above this point can be used by users to define their own
+ /// custom errors.
+ pub const CUSTOM_START: u32 = (1 << 31) + (1 << 30);
+
+ /// Extract the raw OS error code (if this error came from the OS)
+ ///
+ /// This method is identical to `std::io::Error::raw_os_error()`, except
+ /// that it works in `no_std` contexts. If this method returns `None`, the
+ /// error value can still be formatted via the `Display` implementation.
+ #[inline]
+ pub fn raw_os_error(self) -> Option<i32> {
+ if self.0.get() < Self::INTERNAL_START {
+ Some(self.0.get() as i32)
+ } else {
+ None
+ }
+ }
+
+ /// Extract the bare error code.
+ ///
+ /// This code can either come from the underlying OS, or be a custom error.
+ /// Use [`Error::raw_os_error()`] to disambiguate.
+ #[inline]
+ pub fn code(self) -> NonZeroU32 {
+ self.0
+ }
+}
+
+cfg_if! {
+ if #[cfg(unix)] {
+ fn os_err_desc(errno: i32, buf: &mut [u8]) -> Option<&str> {
+ let buf_ptr = buf.as_mut_ptr() as *mut libc::c_char;
+ if unsafe { libc::strerror_r(errno, buf_ptr, buf.len()) } != 0 {
+ return None;
+ }
+
+ // Take up to trailing null byte
+ let n = buf.len();
+ let idx = buf.iter().position(|&b| b == 0).unwrap_or(n);
+ core::str::from_utf8(&buf[..idx]).ok()
+ }
+ } else if #[cfg(target_os = "wasi")] {
+ fn os_err_desc(errno: i32, _buf: &mut [u8]) -> Option<&str> {
+ core::num::NonZeroU16::new(errno as u16)
+ .and_then(wasi::wasi_unstable::error_str)
+ }
+ } else {
+ fn os_err_desc(_errno: i32, _buf: &mut [u8]) -> Option<&str> {
+ None
+ }
+ }
+}
+
+impl fmt::Debug for Error {
+ fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+ let mut dbg = f.debug_struct("Error");
+ if let Some(errno) = self.raw_os_error() {
+ dbg.field("os_error", &errno);
+ let mut buf = [0u8; 128];
+ if let Some(desc) = os_err_desc(errno, &mut buf) {
+ dbg.field("description", &desc);
+ }
+ } else if let Some(desc) = internal_desc(*self) {
+ dbg.field("internal_code", &self.0.get());
+ dbg.field("description", &desc);
+ } else {
+ dbg.field("unknown_code", &self.0.get());
+ }
+ dbg.finish()
+ }
+}
+
+impl fmt::Display for Error {
+ fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+ if let Some(errno) = self.raw_os_error() {
+ let mut buf = [0u8; 128];
+ match os_err_desc(errno, &mut buf) {
+ Some(desc) => f.write_str(desc),
+ None => write!(f, "OS Error: {}", errno),
+ }
+ } else if let Some(desc) = internal_desc(*self) {
+ f.write_str(desc)
+ } else {
+ write!(f, "Unknown Error: {}", self.0.get())
+ }
+ }
+}
+
+impl From<NonZeroU32> for Error {
+ fn from(code: NonZeroU32) -> Self {
+ Self(code)
+ }
+}
+
+// TODO: Convert to a function when min_version >= 1.33
+macro_rules! internal_error {
+ ($n:expr) => {
+ Error(unsafe { NonZeroU32::new_unchecked(Error::INTERNAL_START + $n as u16 as u32) })
+ };
+}
+
+/// Internal Error constants
+pub(crate) const UNSUPPORTED: Error = internal_error!(0);
+pub(crate) const ERRNO_NOT_POSITIVE: Error = internal_error!(1);
+pub(crate) const UNKNOWN_IO_ERROR: Error = internal_error!(2);
+pub(crate) const SEC_RANDOM_FAILED: Error = internal_error!(3);
+pub(crate) const RTL_GEN_RANDOM_FAILED: Error = internal_error!(4);
+pub(crate) const FAILED_RDRAND: Error = internal_error!(5);
+pub(crate) const NO_RDRAND: Error = internal_error!(6);
+pub(crate) const BINDGEN_CRYPTO_UNDEF: Error = internal_error!(7);
+pub(crate) const BINDGEN_GRV_UNDEF: Error = internal_error!(8);
+pub(crate) const STDWEB_NO_RNG: Error = internal_error!(9);
+pub(crate) const STDWEB_RNG_FAILED: Error = internal_error!(10);
+pub(crate) const RAND_SECURE_FATAL: Error = internal_error!(11);
+
+fn internal_desc(error: Error) -> Option<&'static str> {
+ match error {
+ UNSUPPORTED => Some("getrandom: this target is not supported"),
+ ERRNO_NOT_POSITIVE => Some("errno: did not return a positive value"),
+ UNKNOWN_IO_ERROR => Some("Unknown std::io::Error"),
+ SEC_RANDOM_FAILED => Some("SecRandomCopyBytes: call failed"),
+ RTL_GEN_RANDOM_FAILED => Some("RtlGenRandom: call failed"),
+ FAILED_RDRAND => Some("RDRAND: failed multiple times: CPU issue likely"),
+ NO_RDRAND => Some("RDRAND: instruction not supported"),
+ BINDGEN_CRYPTO_UNDEF => Some("wasm-bindgen: self.crypto is undefined"),
+ BINDGEN_GRV_UNDEF => Some("wasm-bindgen: crypto.getRandomValues is undefined"),
+ STDWEB_NO_RNG => Some("stdweb: no randomness source available"),
+ STDWEB_RNG_FAILED => Some("stdweb: failed to get randomness"),
+ RAND_SECURE_FATAL => Some("randSecure: random number generator module is not initialized"),
+ _ => None,
+ }
+}
+
+#[cfg(test)]
+mod tests {
+ use super::Error;
+ use core::mem::size_of;
+
+ #[test]
+ fn test_size() {
+ assert_eq!(size_of::<Error>(), 4);
+ assert_eq!(size_of::<Result<(), Error>>(), 4);
+ }
+}
diff --git a/getrandom/src/error_impls.rs b/getrandom/src/error_impls.rs
new file mode 100644
index 0000000..007472e
--- /dev/null
+++ b/getrandom/src/error_impls.rs
@@ -0,0 +1,35 @@
+// Copyright 2018 Developers of the Rand project.
+//
+// Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
+// https://www.apache.org/licenses/LICENSE-2.0> or the MIT license
+// <LICENSE-MIT or https://opensource.org/licenses/MIT>, at your
+// option. This file may not be copied, modified, or distributed
+// except according to those terms.
+extern crate std;
+
+use crate::{error::UNKNOWN_IO_ERROR, Error};
+use core::convert::From;
+use core::num::NonZeroU32;
+use std::io;
+
+impl From<io::Error> for Error {
+ fn from(err: io::Error) -> Self {
+ if let Some(errno) = err.raw_os_error() {
+ if let Some(code) = NonZeroU32::new(errno as u32) {
+ return Error::from(code);
+ }
+ }
+ UNKNOWN_IO_ERROR
+ }
+}
+
+impl From<Error> for io::Error {
+ fn from(err: Error) -> Self {
+ match err.raw_os_error() {
+ Some(errno) => io::Error::from_raw_os_error(errno),
+ None => io::Error::new(io::ErrorKind::Other, err),
+ }
+ }
+}
+
+impl std::error::Error for Error {}
diff --git a/getrandom/src/fuchsia.rs b/getrandom/src/fuchsia.rs
new file mode 100644
index 0000000..572ff53
--- /dev/null
+++ b/getrandom/src/fuchsia.rs
@@ -0,0 +1,20 @@
+// Copyright 2018 Developers of the Rand project.
+//
+// Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
+// https://www.apache.org/licenses/LICENSE-2.0> or the MIT license
+// <LICENSE-MIT or https://opensource.org/licenses/MIT>, at your
+// option. This file may not be copied, modified, or distributed
+// except according to those terms.
+
+//! Implementation for Fuchsia Zircon
+use crate::Error;
+
+#[link(name = "zircon")]
+extern "C" {
+ fn zx_cprng_draw(buffer: *mut u8, length: usize);
+}
+
+pub fn getrandom_inner(dest: &mut [u8]) -> Result<(), Error> {
+ unsafe { zx_cprng_draw(dest.as_mut_ptr(), dest.len()) }
+ Ok(())
+}
diff --git a/getrandom/src/ios.rs b/getrandom/src/ios.rs
new file mode 100644
index 0000000..30c008c
--- /dev/null
+++ b/getrandom/src/ios.rs
@@ -0,0 +1,31 @@
+// Copyright 2018 Developers of the Rand project.
+//
+// Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
+// https://www.apache.org/licenses/LICENSE-2.0> or the MIT license
+// <LICENSE-MIT or https://opensource.org/licenses/MIT>, at your
+// option. This file may not be copied, modified, or distributed
+// except according to those terms.
+
+//! Implementation for iOS
+use crate::{error::SEC_RANDOM_FAILED, Error};
+
+// TODO: Make extern once extern_types feature is stabilized. See:
+// https://github.com/rust-lang/rust/issues/43467
+#[repr(C)]
+struct SecRandom([u8; 0]);
+
+#[link(name = "Security", kind = "framework")]
+extern "C" {
+ static kSecRandomDefault: *const SecRandom;
+
+ fn SecRandomCopyBytes(rnd: *const SecRandom, count: usize, bytes: *mut u8) -> i32;
+}
+
+pub fn getrandom_inner(dest: &mut [u8]) -> Result<(), Error> {
+ let ret = unsafe { SecRandomCopyBytes(kSecRandomDefault, dest.len(), dest.as_mut_ptr()) };
+ if ret == -1 {
+ Err(SEC_RANDOM_FAILED)
+ } else {
+ Ok(())
+ }
+}
diff --git a/getrandom/src/lib.rs b/getrandom/src/lib.rs
new file mode 100644
index 0000000..c305406
--- /dev/null
+++ b/getrandom/src/lib.rs
@@ -0,0 +1,282 @@
+// Copyright 2019 Developers of the Rand project.
+//
+// Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
+// https://www.apache.org/licenses/LICENSE-2.0> or the MIT license
+// <LICENSE-MIT or https://opensource.org/licenses/MIT>, at your
+// option. This file may not be copied, modified, or distributed
+// except according to those terms.
+
+//! Interface to the random number generator of the operating system.
+//!
+//! # Platform sources
+//!
+//! | OS | interface
+//! |------------------|---------------------------------------------------------
+//! | Linux, Android | [`getrandom`][1] system call if available, otherwise [`/dev/urandom`][2] after successfully polling `/dev/random`
+//! | Windows | [`RtlGenRandom`][3]
+//! | macOS | [`getentropy()`][19] if available, otherwise [`/dev/random`][20] (identical to `/dev/urandom`)
+//! | iOS | [`SecRandomCopyBytes`][4]
+//! | FreeBSD | [`getrandom()`][21] if available, otherwise [`kern.arandom`][5]
+//! | OpenBSD | [`getentropy`][6]
+//! | NetBSD | [`kern.arandom`][7]
+//! | Dragonfly BSD | [`/dev/random`][8]
+//! | Solaris, illumos | [`getrandom`][9] system call if available, otherwise [`/dev/random`][10]
+//! | Fuchsia OS | [`cprng_draw`][11]
+//! | Redox | [`rand:`][12]
+//! | CloudABI | [`cloudabi_sys_random_get`][13]
+//! | Haiku | `/dev/random` (identical to `/dev/urandom`)
+//! | L4RE, SGX, UEFI | [RDRAND][18]
+//! | Hermit | [RDRAND][18] as [`sys_rand`][22] is currently broken.
+//! | VxWorks | `randABytes` after checking entropy pool initialization with `randSecure`
+//! | Web browsers | [`Crypto.getRandomValues`][14] (see [Support for WebAssembly and asm.js][16])
+//! | Node.js | [`crypto.randomBytes`][15] (see [Support for WebAssembly and asm.js][16])
+//! | WASI | [`__wasi_random_get`][17]
+//!
+//! Getrandom doesn't have a blanket implementation for all Unix-like operating
+//! systems that reads from `/dev/urandom`. This ensures all supported operating
+//! systems are using the recommended interface and respect maximum buffer
+//! sizes.
+//!
+//! ## Unsupported targets
+//!
+//! By default, compiling `getrandom` for an unsupported target will result in
+//! a compilation error. If you want to build an application which uses `getrandom`
+//! for such target, you can either:
+//! - Use [`[replace]`][replace] or [`[patch]`][patch] section in your `Cargo.toml`
+//! to switch to a custom implementation with a support of your target.
+//! - Enable the `dummy` feature to have getrandom use an implementation that always
+//! fails at run-time on unsupported targets.
+//!
+//! [replace]: https://doc.rust-lang.org/cargo/reference/manifest.html#the-replace-section
+//! [patch]: https://doc.rust-lang.org/cargo/reference/manifest.html#the-patch-section
+//!
+//! ## Support for WebAssembly and asm.js
+//!
+//! Getrandom supports all of Rust's current `wasm32` targets, and it works with
+//! both Node.js and web browsers. The three Emscripten targets
+//! `asmjs-unknown-emscripten`, `wasm32-unknown-emscripten`, and
+//! `wasm32-experimental-emscripten` use Emscripten's `/dev/random` emulation.
+//! The WASI target `wasm32-wasi` uses the [`__wasi_random_get`][17] function
+//! defined by the WASI standard.
+//!
+//! Getrandom also supports `wasm32-unknown-unknown` by directly calling
+//! JavaScript methods. Rust currently has two ways to do this: [bindgen] and
+//! [stdweb]. Getrandom supports using either one by enabling the
+//! `wasm-bindgen` or `stdweb` crate features. Note that if both features are
+//! enabled, `wasm-bindgen` will be used. If neither feature is enabled, calls
+//! to `getrandom` will always fail at runtime.
+//!
+//! [bindgen]: https://github.com/rust-lang/rust-bindgen
+//! [stdweb]: https://github.com/koute/stdweb
+//!
+//! ## Early boot
+//!
+//! It is possible that early in the boot process the OS hasn't had enough time
+//! yet to collect entropy to securely seed its RNG, especially on virtual
+//! machines.
+//!
+//! Some operating systems always block the thread until the RNG is securely
+//! seeded. This can take anywhere from a few seconds to more than a minute.
+//! Others make a best effort to use a seed from before the shutdown and don't
+//! document much.
+//!
+//! A few, Linux, NetBSD and Solaris, offer a choice between blocking and
+//! getting an error; in these cases we always choose to block.
+//!
+//! On Linux (when the `getrandom` system call is not available) and on NetBSD
+//! reading from `/dev/urandom` never blocks, even when the OS hasn't collected
+//! enough entropy yet. To avoid returning low-entropy bytes, we first read from
+//! `/dev/random` and only switch to `/dev/urandom` once this has succeeded.
+//!
+//! # Error handling
+//!
+//! We always choose failure over returning insecure "random" bytes. In general,
+//! on supported platforms, failure is highly unlikely, though not impossible.
+//! If an error does occur, then it is likely that it will occur on every call to
+//! `getrandom`, hence after the first successful call one can be reasonably
+//! confident that no errors will occur.
+//!
+//! On unsupported platforms, `getrandom` always fails. See the [`Error`] type
+//! for more information on what data is returned on failure.
+//!
+//! [1]: http://man7.org/linux/man-pages/man2/getrandom.2.html
+//! [2]: http://man7.org/linux/man-pages/man4/urandom.4.html
+//! [3]: https://docs.microsoft.com/en-us/windows/desktop/api/ntsecapi/nf-ntsecapi-rtlgenrandom
+//! [4]: https://developer.apple.com/documentation/security/1399291-secrandomcopybytes?language=objc
+//! [5]: https://www.freebsd.org/cgi/man.cgi?query=random&sektion=4
+//! [6]: https://man.openbsd.org/getentropy.2
+//! [7]: https://netbsd.gw.com/cgi-bin/man-cgi?sysctl+7+NetBSD-8.0
+//! [8]: https://leaf.dragonflybsd.org/cgi/web-man?command=random&section=4
+//! [9]: https://docs.oracle.com/cd/E88353_01/html/E37841/getrandom-2.html
+//! [10]: https://docs.oracle.com/cd/E86824_01/html/E54777/random-7d.html
+//! [11]: https://fuchsia.dev/fuchsia-src/zircon/syscalls/cprng_draw
+//! [12]: https://github.com/redox-os/randd/blob/master/src/main.rs
+//! [13]: https://github.com/nuxinl/cloudabi#random_get
+//! [14]: https://www.w3.org/TR/WebCryptoAPI/#Crypto-method-getRandomValues
+//! [15]: https://nodejs.org/api/crypto.html#crypto_crypto_randombytes_size_callback
+//! [16]: #support-for-webassembly-and-asmjs
+//! [17]: https://github.com/WebAssembly/WASI/blob/master/design/WASI-core.md#__wasi_random_get
+//! [18]: https://software.intel.com/en-us/articles/intel-digital-random-number-generator-drng-software-implementation-guide
+//! [19]: https://www.unix.com/man-page/mojave/2/getentropy/
+//! [20]: https://www.unix.com/man-page/mojave/4/random/
+//! [21]: https://www.freebsd.org/cgi/man.cgi?query=getrandom&manpath=FreeBSD+12.0-stable
+//! [22]: https://github.com/hermitcore/libhermit-rs/blob/09c38b0371cee6f56a541400ba453e319e43db53/src/syscalls/random.rs#L21
+
+#![doc(
+ html_logo_url = "https://www.rust-lang.org/logos/rust-logo-128x128-blk.png",
+ html_favicon_url = "https://www.rust-lang.org/favicon.ico",
+ html_root_url = "https://rust-random.github.io/rand/"
+)]
+#![no_std]
+#![cfg_attr(feature = "stdweb", recursion_limit = "128")]
+#![warn(rust_2018_idioms, unused_lifetimes, missing_docs)]
+
+#[macro_use]
+extern crate cfg_if;
+
+cfg_if! {
+ if #[cfg(feature = "log")] {
+ #[allow(unused)]
+ #[macro_use]
+ extern crate log;
+ } else {
+ #[allow(unused)]
+ macro_rules! error {
+ ($($x:tt)*) => {};
+ }
+ #[allow(unused)]
+ macro_rules! warn {
+ ($($x:tt)*) => {};
+ }
+ #[allow(unused)]
+ macro_rules! info {
+ ($($x:tt)*) => {};
+ }
+ }
+}
+
+mod error;
+pub use crate::error::Error;
+
+#[allow(dead_code)]
+mod util;
+
+#[cfg(target_os = "vxworks")]
+#[allow(dead_code)]
+mod util_libc;
+
+cfg_if! {
+ // Unlike the other Unix, Fuchsia and iOS don't use the libc to make any calls.
+ if #[cfg(any(target_os = "android", target_os = "dragonfly", target_os = "emscripten",
+ target_os = "freebsd", target_os = "haiku", target_os = "illumos",
+ target_os = "linux", target_os = "macos", target_os = "netbsd",
+ target_os = "openbsd", target_os = "redox", target_os = "solaris"))] {
+ #[allow(dead_code)]
+ mod util_libc;
+ // Keep std-only trait definitions for backwards compatibility
+ mod error_impls;
+ } else if #[cfg(feature = "std")] {
+ mod error_impls;
+ }
+}
+
+// These targets read from a file as a fallback method.
+#[cfg(any(
+ target_os = "android",
+ target_os = "linux",
+ target_os = "macos",
+ target_os = "solaris",
+ target_os = "illumos",
+))]
+mod use_file;
+
+// System-specific implementations.
+//
+// These should all provide getrandom_inner with the same signature as getrandom.
+cfg_if! {
+ if #[cfg(target_os = "android")] {
+ #[path = "linux_android.rs"] mod imp;
+ } else if #[cfg(target_os = "cloudabi")] {
+ #[path = "cloudabi.rs"] mod imp;
+ } else if #[cfg(target_os = "dragonfly")] {
+ #[path = "use_file.rs"] mod imp;
+ } else if #[cfg(target_os = "emscripten")] {
+ #[path = "use_file.rs"] mod imp;
+ } else if #[cfg(target_os = "freebsd")] {
+ #[path = "bsd_arandom.rs"] mod imp;
+ } else if #[cfg(target_os = "fuchsia")] {
+ #[path = "fuchsia.rs"] mod imp;
+ } else if #[cfg(target_os = "haiku")] {
+ #[path = "use_file.rs"] mod imp;
+ } else if #[cfg(target_os = "illumos")] {
+ #[path = "solaris_illumos.rs"] mod imp;
+ } else if #[cfg(target_os = "ios")] {
+ #[path = "ios.rs"] mod imp;
+ } else if #[cfg(target_os = "linux")] {
+ #[path = "linux_android.rs"] mod imp;
+ } else if #[cfg(target_os = "macos")] {
+ #[path = "macos.rs"] mod imp;
+ } else if #[cfg(target_os = "netbsd")] {
+ #[path = "bsd_arandom.rs"] mod imp;
+ } else if #[cfg(target_os = "openbsd")] {
+ #[path = "openbsd.rs"] mod imp;
+ } else if #[cfg(target_os = "redox")] {
+ #[path = "use_file.rs"] mod imp;
+ } else if #[cfg(target_os = "solaris")] {
+ #[path = "solaris_illumos.rs"] mod imp;
+ } else if #[cfg(target_os = "wasi")] {
+ #[path = "wasi.rs"] mod imp;
+ } else if #[cfg(target_os = "vxworks")] {
+ #[path = "vxworks.rs"] mod imp;
+ } else if #[cfg(all(windows, getrandom_uwp))] {
+ #[path = "windows_uwp.rs"] mod imp;
+ } else if #[cfg(windows)] {
+ #[path = "windows.rs"] mod imp;
+ } else if #[cfg(all(target_arch = "x86_64", any(
+ target_os = "hermit",
+ target_os = "l4re",
+ target_os = "uefi",
+ target_env = "sgx",
+ )))] {
+ #[path = "rdrand.rs"] mod imp;
+ } else if #[cfg(all(target_arch = "wasm32", target_os = "unknown"))] {
+ cfg_if! {
+ if #[cfg(feature = "wasm-bindgen")] {
+ #[path = "wasm32_bindgen.rs"] mod imp;
+ } else if #[cfg(feature = "stdweb")] {
+ #[path = "wasm32_stdweb.rs"] mod imp;
+ } else {
+ // Always have an implementation for wasm32-unknown-unknown.
+ // See https://github.com/rust-random/getrandom/issues/87
+ #[path = "dummy.rs"] mod imp;
+ }
+ }
+ } else if #[cfg(feature = "dummy")] {
+ #[path = "dummy.rs"] mod imp;
+ } else {
+ compile_error!("\
+ target is not supported, for more information see: \
+ https://docs.rs/getrandom/#unsupported-targets\
+ ");
+ }
+}
+
+/// Fill `dest` with random bytes from the system's preferred random number
+/// source.
+///
+/// This function returns an error on any failure, including partial reads. We
+/// make no guarantees regarding the contents of `dest` on error. If `dest` is
+/// empty, `getrandom` immediately returns success, making no calls to the
+/// underlying operating system.
+///
+/// Blocking is possible, at least during early boot; see module documentation.
+///
+/// In general, `getrandom` will be fast enough for interactive usage, though
+/// significantly slower than a user-space CSPRNG; for the latter consider
+/// [`rand::thread_rng`](https://docs.rs/rand/*/rand/fn.thread_rng.html).
+pub fn getrandom(dest: &mut [u8]) -> Result<(), error::Error> {
+ if dest.is_empty() {
+ return Ok(());
+ }
+ imp::getrandom_inner(dest)
+}
diff --git a/getrandom/src/linux_android.rs b/getrandom/src/linux_android.rs
new file mode 100644
index 0000000..a29feb5
--- /dev/null
+++ b/getrandom/src/linux_android.rs
@@ -0,0 +1,44 @@
+// Copyright 2018 Developers of the Rand project.
+//
+// Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
+// https://www.apache.org/licenses/LICENSE-2.0> or the MIT license
+// <LICENSE-MIT or https://opensource.org/licenses/MIT>, at your
+// option. This file may not be copied, modified, or distributed
+// except according to those terms.
+
+//! Implementation for Linux / Android
+use crate::util::LazyBool;
+use crate::util_libc::{last_os_error, sys_fill_exact};
+use crate::{use_file, Error};
+
+pub fn getrandom_inner(dest: &mut [u8]) -> Result<(), Error> {
+ static HAS_GETRANDOM: LazyBool = LazyBool::new();
+ if HAS_GETRANDOM.unsync_init(is_getrandom_available) {
+ sys_fill_exact(dest, |buf| unsafe {
+ getrandom(buf.as_mut_ptr() as *mut libc::c_void, buf.len(), 0)
+ })
+ } else {
+ use_file::getrandom_inner(dest)
+ }
+}
+
+fn is_getrandom_available() -> bool {
+ let res = unsafe { getrandom(core::ptr::null_mut(), 0, libc::GRND_NONBLOCK) };
+ if res < 0 {
+ match last_os_error().raw_os_error() {
+ Some(libc::ENOSYS) => false, // No kernel support
+ Some(libc::EPERM) => false, // Blocked by seccomp
+ _ => true,
+ }
+ } else {
+ true
+ }
+}
+
+unsafe fn getrandom(
+ buf: *mut libc::c_void,
+ buflen: libc::size_t,
+ flags: libc::c_uint,
+) -> libc::ssize_t {
+ libc::syscall(libc::SYS_getrandom, buf, buflen, flags) as libc::ssize_t
+}
diff --git a/getrandom/src/macos.rs b/getrandom/src/macos.rs
new file mode 100644
index 0000000..c3bc533
--- /dev/null
+++ b/getrandom/src/macos.rs
@@ -0,0 +1,34 @@
+// Copyright 2019 Developers of the Rand project.
+//
+// Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
+// https://www.apache.org/licenses/LICENSE-2.0> or the MIT license
+// <LICENSE-MIT or https://opensource.org/licenses/MIT>, at your
+// option. This file may not be copied, modified, or distributed
+// except according to those terms.
+
+//! Implementation for macOS
+use crate::util_libc::{last_os_error, Weak};
+use crate::{use_file, Error};
+use core::mem;
+
+type GetEntropyFn = unsafe extern "C" fn(*mut u8, libc::size_t) -> libc::c_int;
+
+pub fn getrandom_inner(dest: &mut [u8]) -> Result<(), Error> {
+ static GETENTROPY: Weak = unsafe { Weak::new("getentropy\0") };
+ if let Some(fptr) = GETENTROPY.ptr() {
+ let func: GetEntropyFn = unsafe { mem::transmute(fptr) };
+ for chunk in dest.chunks_mut(256) {
+ let ret = unsafe { func(chunk.as_mut_ptr(), chunk.len()) };
+ if ret != 0 {
+ let err = last_os_error();
+ error!("getentropy syscall failed");
+ return Err(err);
+ }
+ }
+ Ok(())
+ } else {
+ // We fallback to reading from /dev/random instead of SecRandomCopyBytes
+ // to avoid high startup costs and linking the Security framework.
+ use_file::getrandom_inner(dest)
+ }
+}
diff --git a/getrandom/src/openbsd.rs b/getrandom/src/openbsd.rs
new file mode 100644
index 0000000..e1ac179
--- /dev/null
+++ b/getrandom/src/openbsd.rs
@@ -0,0 +1,23 @@
+// Copyright 2018 Developers of the Rand project.
+//
+// Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
+// https://www.apache.org/licenses/LICENSE-2.0> or the MIT license
+// <LICENSE-MIT or https://opensource.org/licenses/MIT>, at your
+// option. This file may not be copied, modified, or distributed
+// except according to those terms.
+
+//! Implementation for OpenBSD
+use crate::util_libc::last_os_error;
+use crate::Error;
+
+pub fn getrandom_inner(dest: &mut [u8]) -> Result<(), Error> {
+ for chunk in dest.chunks_mut(256) {
+ let ret = unsafe { libc::getentropy(chunk.as_mut_ptr() as *mut libc::c_void, chunk.len()) };
+ if ret == -1 {
+ let err = last_os_error();
+ error!("libc::getentropy call failed");
+ return Err(err);
+ }
+ }
+ Ok(())
+}
diff --git a/getrandom/src/rdrand.rs b/getrandom/src/rdrand.rs
new file mode 100644
index 0000000..e441682
--- /dev/null
+++ b/getrandom/src/rdrand.rs
@@ -0,0 +1,90 @@
+// Copyright 2018 Developers of the Rand project.
+//
+// Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
+// https://www.apache.org/licenses/LICENSE-2.0> or the MIT license
+// <LICENSE-MIT or https://opensource.org/licenses/MIT>, at your
+// option. This file may not be copied, modified, or distributed
+// except according to those terms.
+
+//! Implementation for SGX using RDRAND instruction
+use crate::error::{FAILED_RDRAND, NO_RDRAND};
+#[cfg(not(target_feature = "rdrand"))]
+use crate::util::LazyBool;
+use crate::Error;
+use core::arch::x86_64::_rdrand64_step;
+use core::mem;
+
+// Recommendation from "Intel® Digital Random Number Generator (DRNG) Software
+// Implementation Guide" - Section 5.2.1 and "Intel® 64 and IA-32 Architectures
+// Software Developer’s Manual" - Volume 1 - Section 7.3.17.1.
+const RETRY_LIMIT: usize = 10;
+const WORD_SIZE: usize = mem::size_of::<u64>();
+
+#[target_feature(enable = "rdrand")]
+unsafe fn rdrand() -> Result<[u8; WORD_SIZE], Error> {
+ for _ in 0..RETRY_LIMIT {
+ let mut el = mem::zeroed();
+ if _rdrand64_step(&mut el) == 1 {
+ // AMD CPUs from families 14h to 16h (pre Ryzen) sometimes fail to
+ // set CF on bogus random data, so we check these values explicitly.
+ // See https://github.com/systemd/systemd/issues/11810#issuecomment-489727505
+ // We perform this check regardless of target to guard against
+ // any implementation that incorrectly fails to set CF.
+ if el != 0 && el != !0 {
+ return Ok(el.to_ne_bytes());
+ }
+ error!("RDRAND returned {:X}, CPU RNG may be broken", el);
+ // Keep looping in case this was a false positive.
+ }
+ }
+ Err(FAILED_RDRAND)
+}
+
+// "rdrand" target feature requires "+rdrnd" flag, see https://github.com/rust-lang/rust/issues/49653.
+#[cfg(all(target_env = "sgx", not(target_feature = "rdrand")))]
+compile_error!(
+ "SGX targets require 'rdrand' target feature. Enable by using -C target-feature=+rdrnd."
+);
+
+#[cfg(target_feature = "rdrand")]
+fn is_rdrand_supported() -> bool {
+ true
+}
+
+// TODO use is_x86_feature_detected!("rdrand") when that works in core. See:
+// https://github.com/rust-lang-nursery/stdsimd/issues/464
+#[cfg(not(target_feature = "rdrand"))]
+fn is_rdrand_supported() -> bool {
+ use core::arch::x86_64::__cpuid;
+ // SAFETY: All x86_64 CPUs support CPUID leaf 1
+ const FLAG: u32 = 1 << 30;
+ static HAS_RDRAND: LazyBool = LazyBool::new();
+ HAS_RDRAND.unsync_init(|| unsafe { (__cpuid(1).ecx & FLAG) != 0 })
+}
+
+pub fn getrandom_inner(dest: &mut [u8]) -> Result<(), Error> {
+ if !is_rdrand_supported() {
+ return Err(NO_RDRAND);
+ }
+
+ // SAFETY: After this point, rdrand is supported, so calling the rdrand
+ // functions is not undefined behavior.
+ unsafe { rdrand_exact(dest) }
+}
+
+#[target_feature(enable = "rdrand")]
+unsafe fn rdrand_exact(dest: &mut [u8]) -> Result<(), Error> {
+ // We use chunks_exact_mut instead of chunks_mut as it allows almost all
+ // calls to memcpy to be elided by the compiler.
+ let mut chunks = dest.chunks_exact_mut(WORD_SIZE);
+ for chunk in chunks.by_ref() {
+ chunk.copy_from_slice(&rdrand()?);
+ }
+
+ let tail = chunks.into_remainder();
+ let n = tail.len();
+ if n > 0 {
+ tail.copy_from_slice(&rdrand()?[..n]);
+ }
+ Ok(())
+}
diff --git a/getrandom/src/solaris_illumos.rs b/getrandom/src/solaris_illumos.rs
new file mode 100644
index 0000000..9473123
--- /dev/null
+++ b/getrandom/src/solaris_illumos.rs
@@ -0,0 +1,44 @@
+// Copyright 2018 Developers of the Rand project.
+//
+// Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
+// https://www.apache.org/licenses/LICENSE-2.0> or the MIT license
+// <LICENSE-MIT or https://opensource.org/licenses/MIT>, at your
+// option. This file may not be copied, modified, or distributed
+// except according to those terms.
+
+//! Implementation for the Solaris family
+//!
+//! Read from `/dev/random`, with chunks of limited size (256 bytes).
+//! `/dev/random` uses the Hash_DRBG with SHA512 algorithm from NIST SP 800-90A.
+//! `/dev/urandom` uses the FIPS 186-2 algorithm, which is considered less
+//! secure. We choose to read from `/dev/random`.
+//!
+//! Since Solaris 11.3 and mid-2015 illumos, the `getrandom` syscall is available.
+//! To make sure we can compile on both Solaris and its derivatives, as well as
+//! function, we check for the existence of getrandom(2) in libc by calling
+//! libc::dlsym.
+use crate::util_libc::{sys_fill_exact, Weak};
+use crate::{use_file, Error};
+use core::mem;
+
+#[cfg(target_os = "illumos")]
+type GetRandomFn = unsafe extern "C" fn(*mut u8, libc::size_t, libc::c_uint) -> libc::ssize_t;
+#[cfg(target_os = "solaris")]
+type GetRandomFn = unsafe extern "C" fn(*mut u8, libc::size_t, libc::c_uint) -> libc::c_int;
+
+pub fn getrandom_inner(dest: &mut [u8]) -> Result<(), Error> {
+ static GETRANDOM: Weak = unsafe { Weak::new("getrandom\0") };
+ if let Some(fptr) = GETRANDOM.ptr() {
+ let func: GetRandomFn = unsafe { mem::transmute(fptr) };
+ // 256 bytes is the lowest common denominator across all the Solaris
+ // derived platforms for atomically obtaining random data.
+ for chunk in dest.chunks_mut(256) {
+ sys_fill_exact(chunk, |buf| unsafe {
+ func(buf.as_mut_ptr(), buf.len(), 0) as libc::ssize_t
+ })?
+ }
+ Ok(())
+ } else {
+ use_file::getrandom_inner(dest)
+ }
+}
diff --git a/getrandom/src/use_file.rs b/getrandom/src/use_file.rs
new file mode 100644
index 0000000..d3adaf2
--- /dev/null
+++ b/getrandom/src/use_file.rs
@@ -0,0 +1,73 @@
+// Copyright 2018 Developers of the Rand project.
+//
+// Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
+// https://www.apache.org/licenses/LICENSE-2.0> or the MIT license
+// <LICENSE-MIT or https://opensource.org/licenses/MIT>, at your
+// option. This file may not be copied, modified, or distributed
+// except according to those terms.
+
+//! Implementations that just need to read from a file
+use crate::util_libc::{last_os_error, open_readonly, sys_fill_exact, LazyFd};
+use crate::Error;
+
+#[cfg(target_os = "redox")]
+const FILE_PATH: &str = "rand:\0";
+#[cfg(any(
+ target_os = "dragonfly",
+ target_os = "emscripten",
+ target_os = "haiku",
+ target_os = "macos",
+ target_os = "solaris",
+ target_os = "illumos"
+))]
+const FILE_PATH: &str = "/dev/random\0";
+
+pub fn getrandom_inner(dest: &mut [u8]) -> Result<(), Error> {
+ static FD: LazyFd = LazyFd::new();
+ let fd = FD.init(init_file).ok_or_else(last_os_error)?;
+ let read = |buf: &mut [u8]| unsafe { libc::read(fd, buf.as_mut_ptr() as *mut _, buf.len()) };
+
+ if cfg!(target_os = "emscripten") {
+ // `Crypto.getRandomValues` documents `dest` should be at most 65536 bytes.
+ for chunk in dest.chunks_mut(65536) {
+ sys_fill_exact(chunk, read)?;
+ }
+ } else {
+ sys_fill_exact(dest, read)?;
+ }
+ Ok(())
+}
+
+cfg_if! {
+ if #[cfg(any(target_os = "android", target_os = "linux"))] {
+ fn init_file() -> Option<libc::c_int> {
+ // Poll /dev/random to make sure it is ok to read from /dev/urandom.
+ let mut pfd = libc::pollfd {
+ fd: unsafe { open_readonly("/dev/random\0")? },
+ events: libc::POLLIN,
+ revents: 0,
+ };
+
+ let ret = loop {
+ // A negative timeout means an infinite timeout.
+ let res = unsafe { libc::poll(&mut pfd, 1, -1) };
+ if res == 1 {
+ break unsafe { open_readonly("/dev/urandom\0") };
+ } else if res < 0 {
+ let e = last_os_error().raw_os_error();
+ if e == Some(libc::EINTR) || e == Some(libc::EAGAIN) {
+ continue;
+ }
+ }
+ // We either hard failed, or poll() returned the wrong pfd.
+ break None;
+ };
+ unsafe { libc::close(pfd.fd) };
+ ret
+ }
+ } else {
+ fn init_file() -> Option<libc::c_int> {
+ unsafe { open_readonly(FILE_PATH) }
+ }
+ }
+}
diff --git a/getrandom/src/util.rs b/getrandom/src/util.rs
new file mode 100644
index 0000000..e0e9307
--- /dev/null
+++ b/getrandom/src/util.rs
@@ -0,0 +1,96 @@
+// Copyright 2019 Developers of the Rand project.
+//
+// Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
+// https://www.apache.org/licenses/LICENSE-2.0> or the MIT license
+// <LICENSE-MIT or https://opensource.org/licenses/MIT>, at your
+// option. This file may not be copied, modified, or distributed
+// except according to those terms.
+
+use core::sync::atomic::{AtomicUsize, Ordering::Relaxed};
+
+// This structure represents a lazily initialized static usize value. Useful
+// when it is preferable to just rerun initialization instead of locking.
+// Both unsync_init and sync_init will invoke an init() function until it
+// succeeds, then return the cached value for future calls.
+//
+// Both methods support init() "failing". If the init() method returns UNINIT,
+// that value will be returned as normal, but will not be cached.
+//
+// Users should only depend on the _value_ returned by init() functions.
+// Specifically, for the following init() function:
+// fn init() -> usize {
+// a();
+// let v = b();
+// c();
+// v
+// }
+// the effects of c() or writes to shared memory will not necessarily be
+// observed and additional synchronization methods with be needed.
+pub struct LazyUsize(AtomicUsize);
+
+impl LazyUsize {
+ pub const fn new() -> Self {
+ Self(AtomicUsize::new(Self::UNINIT))
+ }
+
+ // The initialization is not completed.
+ pub const UNINIT: usize = usize::max_value();
+ // The initialization is currently running.
+ pub const ACTIVE: usize = usize::max_value() - 1;
+
+ // Runs the init() function at least once, returning the value of some run
+ // of init(). Multiple callers can run their init() functions in parallel.
+ // init() should always return the same value, if it succeeds.
+ pub fn unsync_init(&self, init: impl FnOnce() -> usize) -> usize {
+ // Relaxed ordering is fine, as we only have a single atomic variable.
+ let mut val = self.0.load(Relaxed);
+ if val == Self::UNINIT {
+ val = init();
+ self.0.store(val, Relaxed);
+ }
+ val
+ }
+
+ // Synchronously runs the init() function. Only one caller will have their
+ // init() function running at a time, and exactly one successful call will
+ // be run. init() returning UNINIT or ACTIVE will be considered a failure,
+ // and future calls to sync_init will rerun their init() function.
+ pub fn sync_init(&self, init: impl FnOnce() -> usize, mut wait: impl FnMut()) -> usize {
+ // Common and fast path with no contention. Don't wast time on CAS.
+ match self.0.load(Relaxed) {
+ Self::UNINIT | Self::ACTIVE => {}
+ val => return val,
+ }
+ // Relaxed ordering is fine, as we only have a single atomic variable.
+ loop {
+ match self.0.compare_and_swap(Self::UNINIT, Self::ACTIVE, Relaxed) {
+ Self::UNINIT => {
+ let val = init();
+ self.0.store(
+ match val {
+ Self::UNINIT | Self::ACTIVE => Self::UNINIT,
+ val => val,
+ },
+ Relaxed,
+ );
+ return val;
+ }
+ Self::ACTIVE => wait(),
+ val => return val,
+ }
+ }
+ }
+}
+
+// Identical to LazyUsize except with bool instead of usize.
+pub struct LazyBool(LazyUsize);
+
+impl LazyBool {
+ pub const fn new() -> Self {
+ Self(LazyUsize::new())
+ }
+
+ pub fn unsync_init(&self, init: impl FnOnce() -> bool) -> bool {
+ self.0.unsync_init(|| init() as usize) != 0
+ }
+}
diff --git a/getrandom/src/util_libc.rs b/getrandom/src/util_libc.rs
new file mode 100644
index 0000000..5a05170
--- /dev/null
+++ b/getrandom/src/util_libc.rs
@@ -0,0 +1,143 @@
+// Copyright 2019 Developers of the Rand project.
+//
+// Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
+// https://www.apache.org/licenses/LICENSE-2.0> or the MIT license
+// <LICENSE-MIT or https://opensource.org/licenses/MIT>, at your
+// option. This file may not be copied, modified, or distributed
+// except according to those terms.
+use crate::error::ERRNO_NOT_POSITIVE;
+use crate::util::LazyUsize;
+use crate::Error;
+use core::num::NonZeroU32;
+use core::ptr::NonNull;
+
+cfg_if! {
+ if #[cfg(any(target_os = "netbsd", target_os = "openbsd", target_os = "android"))] {
+ use libc::__errno as errno_location;
+ } else if #[cfg(any(target_os = "linux", target_os = "emscripten", target_os = "redox"))] {
+ use libc::__errno_location as errno_location;
+ } else if #[cfg(any(target_os = "solaris", target_os = "illumos"))] {
+ use libc::___errno as errno_location;
+ } else if #[cfg(any(target_os = "macos", target_os = "freebsd", target_os = "dragonfly"))] {
+ use libc::__error as errno_location;
+ } else if #[cfg(target_os = "haiku")] {
+ use libc::_errnop as errno_location;
+ }
+}
+
+pub fn last_os_error() -> Error {
+ #[cfg(not(target_os = "vxworks"))]
+ let errno = unsafe { *errno_location() };
+ #[cfg(target_os = "vxworks")]
+ let errno = unsafe { libc::errnoGet() };
+ if errno > 0 {
+ Error::from(NonZeroU32::new(errno as u32).unwrap())
+ } else {
+ ERRNO_NOT_POSITIVE
+ }
+}
+
+// Fill a buffer by repeatedly invoking a system call. The `sys_fill` function:
+// - should return -1 and set errno on failure
+// - should return the number of bytes written on success
+pub fn sys_fill_exact(
+ mut buf: &mut [u8],
+ sys_fill: impl Fn(&mut [u8]) -> libc::ssize_t,
+) -> Result<(), Error> {
+ while !buf.is_empty() {
+ let res = sys_fill(buf);
+ if res < 0 {
+ let err = last_os_error();
+ // We should try again if the call was interrupted.
+ if err.raw_os_error() != Some(libc::EINTR) {
+ return Err(err);
+ }
+ } else {
+ // We don't check for EOF (ret = 0) as the data we are reading
+ // should be an infinite stream of random bytes.
+ buf = &mut buf[(res as usize)..];
+ }
+ }
+ Ok(())
+}
+
+// A "weak" binding to a C function that may or may not be present at runtime.
+// Used for supporting newer OS features while still building on older systems.
+// F must be a function pointer of type `unsafe extern "C" fn`. Based off of the
+// weak! macro in libstd.
+pub struct Weak {
+ name: &'static str,
+ addr: LazyUsize,
+}
+
+impl Weak {
+ // Construct a binding to a C function with a given name. This function is
+ // unsafe because `name` _must_ be null terminated.
+ pub const unsafe fn new(name: &'static str) -> Self {
+ Self {
+ name,
+ addr: LazyUsize::new(),
+ }
+ }
+
+ // Return a function pointer if present at runtime. Otherwise, return null.
+ pub fn ptr(&self) -> Option<NonNull<libc::c_void>> {
+ let addr = self.addr.unsync_init(|| unsafe {
+ libc::dlsym(libc::RTLD_DEFAULT, self.name.as_ptr() as *const _) as usize
+ });
+ NonNull::new(addr as *mut _)
+ }
+}
+
+pub struct LazyFd(LazyUsize);
+
+impl LazyFd {
+ pub const fn new() -> Self {
+ Self(LazyUsize::new())
+ }
+
+ // If init() returns Some(x), x should be nonnegative.
+ pub fn init(&self, init: impl FnOnce() -> Option<libc::c_int>) -> Option<libc::c_int> {
+ let fd = self.0.sync_init(
+ || match init() {
+ // OK as val >= 0 and val <= c_int::MAX < usize::MAX
+ Some(val) => val as usize,
+ None => LazyUsize::UNINIT,
+ },
+ || unsafe {
+ // We are usually waiting on an open(2) syscall to complete,
+ // which typically takes < 10us if the file is a device.
+ // However, we might end up waiting much longer if the entropy
+ // pool isn't initialized, but even in that case, this loop will
+ // consume a negligible amount of CPU on most platforms.
+ libc::usleep(10);
+ },
+ );
+ match fd {
+ LazyUsize::UNINIT => None,
+ val => Some(val as libc::c_int),
+ }
+ }
+}
+
+cfg_if! {
+ if #[cfg(any(target_os = "linux", target_os = "emscripten"))] {
+ use libc::open64 as open;
+ } else {
+ use libc::open;
+ }
+}
+
+// SAFETY: path must be null terminated, FD must be manually closed.
+pub unsafe fn open_readonly(path: &str) -> Option<libc::c_int> {
+ debug_assert!(path.as_bytes().last() == Some(&0));
+ let fd = open(path.as_ptr() as *mut _, libc::O_RDONLY | libc::O_CLOEXEC);
+ if fd < 0 {
+ return None;
+ }
+ // O_CLOEXEC works on all Unix targets except for older Linux kernels (pre
+ // 2.6.23), so we also use an ioctl to make sure FD_CLOEXEC is set.
+ #[cfg(target_os = "linux")]
+ libc::ioctl(fd, libc::FIOCLEX);
+ Some(fd)
+}
diff --git a/getrandom/src/vxworks.rs b/getrandom/src/vxworks.rs
new file mode 100644
index 0000000..a2fe52a
--- /dev/null
+++ b/getrandom/src/vxworks.rs
@@ -0,0 +1,35 @@
+// Copyright 2018 Developers of the Rand project.
+//
+// Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
+// https://www.apache.org/licenses/LICENSE-2.0> or the MIT license
+// <LICENSE-MIT or https://opensource.org/licenses/MIT>, at your
+// option. This file may not be copied, modified, or distributed
+// except according to those terms.
+
+//! Implementation for VxWorks
+use crate::error::{Error, RAND_SECURE_FATAL};
+use crate::util_libc::last_os_error;
+use core::sync::atomic::{AtomicBool, Ordering::Relaxed};
+
+pub fn getrandom_inner(dest: &mut [u8]) -> Result<(), Error> {
+ static RNG_INIT: AtomicBool = AtomicBool::new(false);
+ while !RNG_INIT.load(Relaxed) {
+ let ret = unsafe { libc::randSecure() };
+ if ret < 0 {
+ return Err(RAND_SECURE_FATAL);
+ } else if ret > 0 {
+ RNG_INIT.store(true, Relaxed);
+ break;
+ }
+ unsafe { libc::usleep(10) };
+ }
+
+ // Prevent overflow of i32
+ for chunk in dest.chunks_mut(i32::max_value() as usize) {
+ let ret = unsafe { libc::randABytes(chunk.as_mut_ptr(), chunk.len() as i32) };
+ if ret != 0 {
+ return Err(last_os_error());
+ }
+ }
+ Ok(())
+}
diff --git a/getrandom/src/wasi.rs b/getrandom/src/wasi.rs
new file mode 100644
index 0000000..713c1ab
--- /dev/null
+++ b/getrandom/src/wasi.rs
@@ -0,0 +1,19 @@
+// Copyright 2018 Developers of the Rand project.
+//
+// Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
+// https://www.apache.org/licenses/LICENSE-2.0> or the MIT license
+// <LICENSE-MIT or https://opensource.org/licenses/MIT>, at your
+// option. This file may not be copied, modified, or distributed
+// except according to those terms.
+
+//! Implementation for WASI
+use crate::Error;
+use core::num;
+use wasi::wasi_unstable::random_get;
+
+pub fn getrandom_inner(dest: &mut [u8]) -> Result<(), Error> {
+ random_get(dest).map_err(|e: num::NonZeroU16| {
+ // convert wasi's NonZeroU16 error into getrandom's NonZeroU32 error
+ num::NonZeroU32::new(e.get() as u32).unwrap().into()
+ })
+}
diff --git a/getrandom/src/wasm32_bindgen.rs b/getrandom/src/wasm32_bindgen.rs
new file mode 100644
index 0000000..86839a0
--- /dev/null
+++ b/getrandom/src/wasm32_bindgen.rs
@@ -0,0 +1,113 @@
+// Copyright 2018 Developers of the Rand project.
+//
+// Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
+// https://www.apache.org/licenses/LICENSE-2.0> or the MIT license
+// <LICENSE-MIT or https://opensource.org/licenses/MIT>, at your
+// option. This file may not be copied, modified, or distributed
+// except according to those terms.
+
+//! Implementation for WASM via wasm-bindgen
+extern crate std;
+
+use core::cell::RefCell;
+use core::mem;
+use std::thread_local;
+
+use wasm_bindgen::prelude::*;
+
+use crate::error::{BINDGEN_CRYPTO_UNDEF, BINDGEN_GRV_UNDEF};
+use crate::Error;
+
+#[derive(Clone, Debug)]
+enum RngSource {
+ Node(NodeCrypto),
+ Browser(BrowserCrypto),
+}
+
+// JsValues are always per-thread, so we initialize RngSource for each thread.
+// See: https://github.com/rustwasm/wasm-bindgen/pull/955
+thread_local!(
+ static RNG_SOURCE: RefCell<Option<RngSource>> = RefCell::new(None);
+);
+
+pub fn getrandom_inner(dest: &mut [u8]) -> Result<(), Error> {
+ assert_eq!(mem::size_of::<usize>(), 4);
+
+ RNG_SOURCE.with(|f| {
+ let mut source = f.borrow_mut();
+ if source.is_none() {
+ *source = Some(getrandom_init()?);
+ }
+
+ match source.as_ref().unwrap() {
+ RngSource::Node(n) => n.random_fill_sync(dest),
+ RngSource::Browser(n) => {
+ // see https://developer.mozilla.org/en-US/docs/Web/API/Crypto/getRandomValues
+ //
+ // where it says:
+ //
+ // > A QuotaExceededError DOMException is thrown if the
+ // > requested length is greater than 65536 bytes.
+ for chunk in dest.chunks_mut(65536) {
+ n.get_random_values(chunk)
+ }
+ }
+ };
+ Ok(())
+ })
+}
+
+fn getrandom_init() -> Result<RngSource, Error> {
+ if let Ok(self_) = Global::get_self() {
+ // If `self` is defined then we're in a browser somehow (main window
+ // or web worker). Here we want to try to use
+ // `crypto.getRandomValues`, but if `crypto` isn't defined we assume
+ // we're in an older web browser and the OS RNG isn't available.
+
+ let crypto = self_.crypto();
+ if crypto.is_undefined() {
+ return Err(BINDGEN_CRYPTO_UNDEF);
+ }
+
+ // Test if `crypto.getRandomValues` is undefined as well
+ let crypto: BrowserCrypto = crypto.into();
+ if crypto.get_random_values_fn().is_undefined() {
+ return Err(BINDGEN_GRV_UNDEF);
+ }
+
+ return Ok(RngSource::Browser(crypto));
+ }
+
+ return Ok(RngSource::Node(node_require("crypto")));
+}
+
+#[wasm_bindgen]
+extern "C" {
+ type Global;
+ #[wasm_bindgen(getter, catch, static_method_of = Global, js_class = self, js_name = self)]
+ fn get_self() -> Result<Self_, JsValue>;
+
+ type Self_;
+ #[wasm_bindgen(method, getter, structural)]
+ fn crypto(me: &Self_) -> JsValue;
+
+ #[derive(Clone, Debug)]
+ type BrowserCrypto;
+
+ // TODO: these `structural` annotations here ideally wouldn't be here to
+ // avoid a JS shim, but for now with feature detection they're
+ // unavoidable.
+ #[wasm_bindgen(method, js_name = getRandomValues, structural, getter)]
+ fn get_random_values_fn(me: &BrowserCrypto) -> JsValue;
+ #[wasm_bindgen(method, js_name = getRandomValues, structural)]
+ fn get_random_values(me: &BrowserCrypto, buf: &mut [u8]);
+
+ #[wasm_bindgen(js_name = require)]
+ fn node_require(s: &str) -> NodeCrypto;
+
+ #[derive(Clone, Debug)]
+ type NodeCrypto;
+
+ #[wasm_bindgen(method, js_name = randomFillSync, structural)]
+ fn random_fill_sync(me: &NodeCrypto, buf: &mut [u8]);
+}
diff --git a/getrandom/src/wasm32_stdweb.rs b/getrandom/src/wasm32_stdweb.rs
new file mode 100644
index 0000000..6e5e78a
--- /dev/null
+++ b/getrandom/src/wasm32_stdweb.rs
@@ -0,0 +1,114 @@
+// Copyright 2018 Developers of the Rand project.
+//
+// Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
+// https://www.apache.org/licenses/LICENSE-2.0> or the MIT license
+// <LICENSE-MIT or https://opensource.org/licenses/MIT>, at your
+// option. This file may not be copied, modified, or distributed
+// except according to those terms.
+
+//! Implementation for WASM via stdweb
+extern crate std;
+
+use core::mem;
+
+use stdweb::js;
+use stdweb::unstable::TryInto;
+use stdweb::web::error::Error as WebError;
+
+use crate::error::{STDWEB_NO_RNG, STDWEB_RNG_FAILED};
+use crate::Error;
+use std::sync::Once;
+
+#[derive(Clone, Copy, Debug)]
+enum RngSource {
+ Browser,
+ Node,
+}
+
+pub fn getrandom_inner(dest: &mut [u8]) -> Result<(), Error> {
+ assert_eq!(mem::size_of::<usize>(), 4);
+ static ONCE: Once = Once::new();
+ static mut RNG_SOURCE: Result<RngSource, Error> = Ok(RngSource::Node);
+
+ // SAFETY: RNG_SOURCE is only written once, before being read.
+ ONCE.call_once(|| unsafe {
+ RNG_SOURCE = getrandom_init();
+ });
+ getrandom_fill(unsafe { RNG_SOURCE }?, dest)
+}
+
+fn getrandom_init() -> Result<RngSource, Error> {
+ let result = js! {
+ try {
+ if (
+ typeof self === "object" &&
+ typeof self.crypto === "object" &&
+ typeof self.crypto.getRandomValues === "function"
+ ) {
+ return { success: true, ty: 1 };
+ }
+
+ if (typeof require("crypto").randomBytes === "function") {
+ return { success: true, ty: 2 };
+ }
+
+ return { success: false, error: new Error("not supported") };
+ } catch(err) {
+ return { success: false, error: err };
+ }
+ };
+
+ if js! { return @{ result.as_ref() }.success } == true {
+ let ty = js! { return @{ result }.ty };
+
+ if ty == 1 {
+ Ok(RngSource::Browser)
+ } else if ty == 2 {
+ Ok(RngSource::Node)
+ } else {
+ unreachable!()
+ }
+ } else {
+ let _err: WebError = js! { return @{ result }.error }.try_into().unwrap();
+ error!("getrandom unavailable: {}", _err);
+ Err(STDWEB_NO_RNG)
+ }
+}
+
+fn getrandom_fill(source: RngSource, dest: &mut [u8]) -> Result<(), Error> {
+ for chunk in dest.chunks_mut(65536) {
+ let len = chunk.len() as u32;
+ let ptr = chunk.as_mut_ptr() as i32;
+
+ let result = match source {
+ RngSource::Browser => js! {
+ try {
+ let array = new Uint8Array(@{ len });
+ self.crypto.getRandomValues(array);
+ HEAPU8.set(array, @{ ptr });
+
+ return { success: true };
+ } catch(err) {
+ return { success: false, error: err };
+ }
+ },
+ RngSource::Node => js! {
+ try {
+ let bytes = require("crypto").randomBytes(@{ len });
+ HEAPU8.set(new Uint8Array(bytes), @{ ptr });
+
+ return { success: true };
+ } catch(err) {
+ return { success: false, error: err };
+ }
+ },
+ };
+
+ if js! { return @{ result.as_ref() }.success } != true {
+ let _err: WebError = js! { return @{ result }.error }.try_into().unwrap();
+ error!("getrandom failed: {}", _err);
+ return Err(STDWEB_RNG_FAILED);
+ }
+ }
+ Ok(())
+}
diff --git a/getrandom/src/windows.rs b/getrandom/src/windows.rs
new file mode 100644
index 0000000..e1b8df6
--- /dev/null
+++ b/getrandom/src/windows.rs
@@ -0,0 +1,26 @@
+// Copyright 2018 Developers of the Rand project.
+//
+// Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
+// https://www.apache.org/licenses/LICENSE-2.0> or the MIT license
+// <LICENSE-MIT or https://opensource.org/licenses/MIT>, at your
+// option. This file may not be copied, modified, or distributed
+// except according to those terms.
+
+//! Implementation for Windows
+use crate::{error::RTL_GEN_RANDOM_FAILED, Error};
+
+extern "system" {
+ #[link_name = "SystemFunction036"]
+ fn RtlGenRandom(RandomBuffer: *mut u8, RandomBufferLength: u32) -> u8;
+}
+
+pub fn getrandom_inner(dest: &mut [u8]) -> Result<(), Error> {
+ // Prevent overflow of u32
+ for chunk in dest.chunks_mut(u32::max_value() as usize) {
+ let ret = unsafe { RtlGenRandom(chunk.as_mut_ptr(), chunk.len() as u32) };
+ if ret == 0 {
+ return Err(RTL_GEN_RANDOM_FAILED);
+ }
+ }
+ Ok(())
+}
diff --git a/getrandom/src/windows_uwp.rs b/getrandom/src/windows_uwp.rs
new file mode 100644
index 0000000..586c6f6
--- /dev/null
+++ b/getrandom/src/windows_uwp.rs
@@ -0,0 +1,59 @@
+// Copyright 2018 Developers of the Rand project.
+//
+// Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
+// https://www.apache.org/licenses/LICENSE-2.0> or the MIT license
+// <LICENSE-MIT or https://opensource.org/licenses/MIT>, at your
+// option. This file may not be copied, modified, or distributed
+// except according to those terms.
+
+//! Implementation for Windows UWP targets. After deprecation of Windows XP
+//! and Vista, this can supersede the `RtlGenRandom`-based implementation.
+use crate::Error;
+use core::{ffi::c_void, num::NonZeroU32, ptr};
+
+const BCRYPT_USE_SYSTEM_PREFERRED_RNG: u32 = 0x00000002;
+
+extern "system" {
+ fn BCryptGenRandom(
+ hAlgorithm: *mut c_void,
+ pBuffer: *mut u8,
+ cbBuffer: u32,
+ dwFlags: u32,
+ ) -> u32;
+}
+
+pub fn getrandom_inner(dest: &mut [u8]) -> Result<(), Error> {
+ // Prevent overflow of u32
+ for chunk in dest.chunks_mut(u32::max_value() as usize) {
+ let ret = unsafe {
+ BCryptGenRandom(
+ ptr::null_mut(),
+ chunk.as_mut_ptr(),
+ chunk.len() as u32,
+ BCRYPT_USE_SYSTEM_PREFERRED_RNG,
+ )
+ };
+ // NTSTATUS codes use two highest bits for severity status
+ match ret >> 30 {
+ 0b01 => {
+ info!("BCryptGenRandom: information code 0x{:08X}", ret);
+ }
+ 0b10 => {
+ warn!("BCryptGenRandom: warning code 0x{:08X}", ret);
+ }
+ 0b11 => {
+ error!("BCryptGenRandom: failed with 0x{:08X}", ret);
+ // We zeroize the highest bit, so the error code will reside
+ // inside the range of designated for OS codes.
+ let code = ret ^ (1 << 31);
+ // SAFETY: the second highest bit is always equal to one,
+ // so it's impossible to get zero. Unfortunately compiler
+ // is not smart enough to figure out it yet.
+ let code = unsafe { NonZeroU32::new_unchecked(code) };
+ return Err(Error::from(code));
+ }
+ _ => (),
+ }
+ }
+ Ok(())
+}
diff --git a/getrandom/tests/common.rs b/getrandom/tests/common.rs
new file mode 100644
index 0000000..afefa03
--- /dev/null
+++ b/getrandom/tests/common.rs
@@ -0,0 +1,68 @@
+#[cfg(feature = "wasm-bindgen")]
+use wasm_bindgen_test::*;
+
+use getrandom::getrandom;
+
+#[cfg(feature = "test-in-browser")]
+wasm_bindgen_test_configure!(run_in_browser);
+
+#[cfg_attr(feature = "wasm-bindgen", wasm_bindgen_test)]
+#[test]
+fn test_zero() {
+ // Test that APIs are happy with zero-length requests
+ getrandom(&mut [0u8; 0]).unwrap();
+}
+
+#[cfg_attr(feature = "wasm-bindgen", wasm_bindgen_test)]
+#[test]
+fn test_diff() {
+ let mut v1 = [0u8; 1000];
+ getrandom(&mut v1).unwrap();
+
+ let mut v2 = [0u8; 1000];
+ getrandom(&mut v2).unwrap();
+
+ let mut n_diff_bits = 0;
+ for i in 0..v1.len() {
+ n_diff_bits += (v1[i] ^ v2[i]).count_ones();
+ }
+
+ // Check at least 1 bit per byte differs. p(failure) < 1e-1000 with random input.
+ assert!(n_diff_bits >= v1.len() as u32);
+}
+
+#[cfg_attr(feature = "wasm-bindgen", wasm_bindgen_test)]
+#[test]
+fn test_huge() {
+ let mut huge = [0u8; 100_000];
+ getrandom(&mut huge).unwrap();
+}
+
+#[cfg(any(unix, windows, target_os = "redox", target_os = "fuchsia"))]
+#[test]
+fn test_multithreading() {
+ use std::sync::mpsc::channel;
+ use std::thread;
+
+ let mut txs = vec![];
+ for _ in 0..20 {
+ let (tx, rx) = channel();
+ txs.push(tx);
+
+ thread::spawn(move || {
+ // wait until all the tasks are ready to go.
+ rx.recv().unwrap();
+ let mut v = [0u8; 1000];
+
+ for _ in 0..100 {
+ getrandom(&mut v).unwrap();
+ thread::yield_now();
+ }
+ });
+ }
+
+ // start all the tasks
+ for tx in txs.iter() {
+ tx.send(()).unwrap();
+ }
+}
diff --git a/getrandom/utils/ci/install.sh b/getrandom/utils/ci/install.sh
new file mode 100644
index 0000000..8e636e1
--- /dev/null
+++ b/getrandom/utils/ci/install.sh
@@ -0,0 +1,49 @@
+# From https://github.com/japaric/trust
+
+set -ex
+
+main() {
+ local target=
+ if [ $TRAVIS_OS_NAME = linux ]; then
+ target=x86_64-unknown-linux-musl
+ sort=sort
+ else
+ target=x86_64-apple-darwin
+ sort=gsort # for `sort --sort-version`, from brew's coreutils.
+ fi
+
+ # Builds for iOS are done on OSX, but require the specific target to be
+ # installed.
+ case $TARGET in
+ aarch64-apple-ios)
+ rustup target install aarch64-apple-ios
+ ;;
+ armv7-apple-ios)
+ rustup target install armv7-apple-ios
+ ;;
+ armv7s-apple-ios)
+ rustup target install armv7s-apple-ios
+ ;;
+ i386-apple-ios)
+ rustup target install i386-apple-ios
+ ;;
+ x86_64-apple-ios)
+ rustup target install x86_64-apple-ios
+ ;;
+ esac
+
+ # This fetches latest stable release
+ local tag=$(git ls-remote --tags --refs --exit-code https://github.com/japaric/cross \
+ | cut -d/ -f3 \
+ | grep -E '^v[0.1.0-9.]+$' \
+ | $sort --version-sort \
+ | tail -n1)
+ curl -LSfs https://japaric.github.io/trust/install.sh | \
+ sh -s -- \
+ --force \
+ --git japaric/cross \
+ --tag $tag \
+ --target $target
+}
+
+main
diff --git a/getrandom/utils/ci/script.sh b/getrandom/utils/ci/script.sh
new file mode 100644
index 0000000..b3e80d4
--- /dev/null
+++ b/getrandom/utils/ci/script.sh
@@ -0,0 +1,13 @@
+# Derived from https://github.com/japaric/trust
+
+set -ex
+
+main() {
+ cross test --target $TARGET
+ cross test --target $TARGET --examples
+}
+
+# we don't run the "test phase" when doing deploys
+if [ -z $TRAVIS_TAG ]; then
+ main
+fi