-
Notifications
You must be signed in to change notification settings - Fork 13k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
std: implement the random
feature
#129120
Conversation
While implementing, I couldn't help but notice that quite a lot of platforms warn against using their randomness syscalls for non-seed-generating purposes. For instance, the newly introduced POSIX function "The intended use of this function is to create a seed for other pseudo-random number generators." My gut instinct is that people will attempt to use |
No objection to renaming to DefaultRandomSource. I'd personally prefer not to rename gen_bytes to fill_bytes though. It's a random number generator, and if people do end up calling it directly I think that name would be more evocative. This isn't a blocker, though, and if others on libs-api want it renamed I won't object. |
You mention discussing on the ACP, but the ACP has been approved and is closed. You should file a tracking issue and link that on the features you implement so we can better track design concerns there. |
How about just |
Given the continued discussion on the ACP(s), I think this should have an API reviewer. r? libs-api |
☔ The latest upstream changes (presumably #129398) made this pull request unmergeable. Please resolve the merge conflicts. |
library/std/src/random.rs
Outdated
pub(crate) struct BestEffortRandomSource; | ||
|
||
impl RandomSource for BestEffortRandomSource { | ||
fn fill_bytes(&mut self, bytes: &mut [u8]) { | ||
sys::fill_bytes(bytes, true) | ||
} | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Will this type only ever be used for creating hash-map seeds?
As noted in #129402, a future wasip2 implementation might use wasi:random/insecure for best effort randomness and wasi:random/random for the default random source. However, wasip2 also has the specific wasi:random/insecure-seed interface which seems an even closer fit for generating hash map keys.
If this type would only ever be used for initialising hash map random keys, the wasip2 implementation could just use wasi:random/insecure-seed. However, if this type became more widely used inside std (or even exposed), it might need to fall back to wasi:random/insecure.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fair point, I'll just reintroduce hashmap_random_seeds
.
Implements the ACP rust-lang/libs-team#393.
Rebased to reintroduce |
☔ The latest upstream changes (presumably #128134) made this pull request unmergeable. Please resolve the merge conflicts. |
…shtriplett std: implement the `random` feature (alternative version) Implements the ACP rust-lang/libs-team#393. This PR is an alternative version of rust-lang#129120 that replaces `getentropy` with `CCRandomGenerateBytes` (on macOS) and `arc4random_buf` (other BSDs), since that function is not suited for generating large amounts of data and should only be used to seed other CPRNGs. `CCRandomGenerateBytes`/`arc4random_buf` on the other hand is (on modern platforms) just as secure and uses its own, very strong CPRNG (ChaCha20 on the BSDs, AES on macOS) periodically seeded with `getentropy`.
Closing in favour of #129201. |
…triplett std: implement the `random` feature (alternative version) Implements the ACP rust-lang/libs-team#393. This PR is an alternative version of rust-lang#129120 that replaces `getentropy` with `CCRandomGenerateBytes` (on macOS) and `arc4random_buf` (other BSDs), since that function is not suited for generating large amounts of data and should only be used to seed other CPRNGs. `CCRandomGenerateBytes`/`arc4random_buf` on the other hand is (on modern platforms) just as secure and uses its own, very strong CPRNG (ChaCha20 on the BSDs, AES on macOS) periodically seeded with `getentropy`.
…shtriplett std: implement the `random` feature (alternative version) Implements the ACP rust-lang/libs-team#393. This PR is an alternative version of rust-lang#129120 that replaces `getentropy` with `CCRandomGenerateBytes` (on macOS) and `arc4random_buf` (other BSDs), since that function is not suited for generating large amounts of data and should only be used to seed other CPRNGs. `CCRandomGenerateBytes`/`arc4random_buf` on the other hand is (on modern platforms) just as secure and uses its own, very strong CPRNG (ChaCha20 on the BSDs, AES on macOS) periodically seeded with `getentropy`.
…shtriplett std: implement the `random` feature (alternative version) Implements the ACP rust-lang/libs-team#393. This PR is an alternative version of rust-lang#129120 that replaces `getentropy` with `CCRandomGenerateBytes` (on macOS) and `arc4random_buf` (other BSDs), since that function is not suited for generating large amounts of data and should only be used to seed other CPRNGs. `CCRandomGenerateBytes`/`arc4random_buf` on the other hand is (on modern platforms) just as secure and uses its own, very strong CPRNG (ChaCha20 on the BSDs, AES on macOS) periodically seeded with `getentropy`.
Rollup merge of rust-lang#129201 - joboet:random_faster_sources, r=joshtriplett std: implement the `random` feature (alternative version) Implements the ACP rust-lang/libs-team#393. This PR is an alternative version of rust-lang#129120 that replaces `getentropy` with `CCRandomGenerateBytes` (on macOS) and `arc4random_buf` (other BSDs), since that function is not suited for generating large amounts of data and should only be used to seed other CPRNGs. `CCRandomGenerateBytes`/`arc4random_buf` on the other hand is (on modern platforms) just as secure and uses its own, very strong CPRNG (ChaCha20 on the BSDs, AES on macOS) periodically seeded with `getentropy`.
Implements the ACP rust-lang/libs-team#393.
API
This PR contains two minor deviations to the API proposed in the ACP (I can easily undo them if necessary):
gen_bytes
is renamed tofill_bytes
DefaultRng
is renamed toDefaultRandomSource
Most names in
std
do not contain abbreviations, and even the documentation proposed in the ACP describesgen_bytes
with "Fillbuf
with random bytes".DefaultRandomSource
mirrorsDefaultHasher
, both names contain the relevant trait.Implementation
The implementation in this PR mostly reuses the old hash-map key generation code, but contains a few deviations:
poll
/dev/random
before reading/dev/urandom
which is required to ensure that the entropy pool is initialized./dev/urandom
has been removed for FreeBSD and some other UNIX-like OSs, they now all usegetentropy
instead ofgetrandom
. This function is always available on all of them (FreeBSD 12 is our minimum version, see the module documentation insys/random/unix.rs
for the relevant documentation) and has been included in the lastest version of the POSIX standard, issue 8, so using it whereever possible seems like a good idea, especially since NetBSD even indicates thatgetrandom
might be removed in the future. Falling back is unnecessary as ifgetentropy
fails,/dev/urandom
will, too, as FreeBSD does not support retrieving insecure random data.I'd appreciate help from all platform maintainers to help verify that all of these implementations are correct and use a suitable API.
Discussion about the API
I have some issues with the API myself, but to keep this PR focussed on discussion the actual implementation, I'd like to ask everyone to keep these discussions to the ACP issue.