-
Notifications
You must be signed in to change notification settings - Fork 184
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Make fallback to /dev/random optional when getrandom(2) is available #127
Conversation
The fallback to a character file is now gated on the `file-fallback` feature (enabled by default); affects Linux/Android, macOS, and Solaris/Illumos. Disabling this feature when targetting environments where getrandom(2) is guaranteed to be present can be advantageous for reduced code size and ease of audit/reasoning. (Linux's random(4)/urandom(4) has silly blocking behaviour which makes it difficult to implement sensible behaviour, and removing that code can be easier than auditing it.)
So I'm skeptical if we actually need this additional complexity in
Some comments on the CL itself:
@nbraud What are your thoughts? Have I missed something? |
if #[cfg(feature = "file-fallback")] { | ||
use_file::getrandom_inner(dest) | ||
} else { | ||
Err(error::UNSUPPORTED) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should add a macOS specific error constant (with a good description)
if #[cfg(feature = "file-fallback")] { | ||
use_file::getrandom_inner(dest) | ||
} else { | ||
Err(error::UNSUPPORTED) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should add a Solaris specific error constant (with a good description)
While I am somewhat sympathetic to the idea of removing I would be happy to remove the fallback completely, but as @josephlr already wrote, we probably will have to wait until ~2030 to do that. |
Either way, we always use Yes, I think we can reject this PR; @josephlr gives a very good rationale for why. |
The fallback to a character file is now gated on the
file-fallback
feature (enabled by default); affects Linux/Android, macOS, and Solaris/Illumos.
Disabling this feature can be advantageous for reduced code size.
Moreover, some users may prefer to guarantee using
getrandom(2)
on Linuxrather than have to reason about Linux's blocking behaviour for
random(4)
andurandom(4)
.