-
Notifications
You must be signed in to change notification settings - Fork 186
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Expose API interface for MaybeUninit<u8> slice #226
Comments
I've seen this type of request a couple of times before, with the rand project, but have never been convinced that this optimisation would be worth the effort. This is even more true of |
If a crate is depending on |
In particular, for security reasons, one may wish to ensure (to the extent Rust allows) that the generated random bytes are never copied anywhere except the target buffer. |
@bdbai do you have any benchmarks on this? Do we know if there's a performance difference between:
It would be fine to do a comparison in C if getting benchmarks in Rust might be overly complex.
@briansmith I'm more sensitive to the security concern here (we definitely want it to be possible to initialize random buffers in-place). However, why wouldn't it be possible to just zero the |
In general, I wouldn't be totally opposed to adding such an API, but we would probably want to wait for rust-lang/rfcs#2930 to be implemented (tracked in rust-lang/rust#78485), before adding an API. I don't want to invent our own API for dealing with uninitialized buffers. If we add this, we would want to use the pub fn getrandom_readbuf(dest: &mut ReadBuf<'_>) -> Result<(), Error> {
// Our implementation dealing with [MaybeUninit<u8>]
} Initially, this would need to be behind an unstable feature gate (like One advantage of this sort of API is that it might allow for partial reads from the underlying RNG to not be wasted. However, this is a very slight benefit as if the RNG succeeds once, it virtually always succeeds for all future calls. |
Hopefully we could see readbuf hit nightly soon. |
However, I think |
Of course that does work. OTOH, if that's going to be a common pattern then why not encapsulate it within |
It's mostly due a desire to keep the functionality of this crate minimal to reduce our maintenance burden, so I would actually want to know that this is a common pattern across many crates before we commit to supporting it in the long-term. However, if adding this API increases ergonomics for folks, I would support adding it. This would be true even if the only benefit is ergonomics (e.g. if there is no significant performance difference).
If the main reason for adding this change is ergonomics (i.e. handling common patterns), I would want |
The latest revision of the PR #279 implements this. Regarding the |
Add a public API for filling an `&mut [MaybeUninit<u8>]`. This will primarily serve as the building block for more typeful APIs for constructing random arrays. Fixes rust-random#226.
Add a public API for filling an `&mut [MaybeUninit<u8>]`. This will primarily serve as the building block for more typeful APIs for constructing random arrays. Increase the MSRV to 1.36, as `MaybeUninit` was added in that release. Fixes rust-random#226.
Add a public API for filling an `&mut [MaybeUninit<u8>]`. This will primarily serve as the building block for more typeful APIs for constructing random arrays. Increase the MSRV to 1.36, as `MaybeUninit` was added in that release. Fixes rust-random#226.
Add a public API for filling an `&mut [MaybeUninit<u8>]`. This will primarily serve as the building block for more typeful APIs for constructing random arrays. Increase the MSRV to 1.36, as `MaybeUninit` was added in that release. Fixes rust-random#226.
Add a public API for filling an `&mut [MaybeUninit<u8>]`. This will primarily serve as the building block for more typeful APIs for constructing random arrays. Increase the MSRV to 1.36, as `MaybeUninit` was added in that release. Fixes rust-random#226.
) * Add `getrandom_uninit(dest: &mut [MaybeUninit<u8>]) -> ...`. Add a public API for filling an `&mut [MaybeUninit<u8>]`. This will primarily serve as the building block for more typeful APIs for constructing random arrays. Increase the MSRV to 1.36, as `MaybeUninit` was added in that release. Fixes #226. * Revert testing changes Signed-off-by: Joe Richey <joerichey@google.com> * Allow rdrand tests to work with new implementation Signed-off-by: Joe Richey <joerichey@google.com> * Add Additional benchmarks and buffer size Signed-off-by: Joe Richey <joerichey@google.com> * Use pointer casts instead of transmute Signed-off-by: Joe Richey <joerichey@google.com> * Avoid initializing the buffer in `getrandom_uninit` benchmarks. * Benchmarks: Consume the result in `black_box`. Signed-off-by: Joe Richey <joerichey@google.com> Co-authored-by: Joe Richey <joerichey@google.com>
It is inefficient to zero-fill a large byte buffer before actually being initialized with random bytes. Thus, it would be better if getrandom exposes a function that takes a slice of
MaybeUninit<u8>
so that the user will not have to initialize the buffer.The text was updated successfully, but these errors were encountered: