-
Notifications
You must be signed in to change notification settings - Fork 185
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support for non-blocking getrandom #365
Comments
This suggests an API something like this: #[must_use]
enum NonBlocking<'a> {
/// The system successfully filled the buffer with random data.
Filled(&'a [u8]),
/// The system is not ready to fulfill the request, but it might be ready later.
NotReady,
/// The system doesn't implement a non-blocking API.
NotImplemented
}
fn getrandom_nonblocking<'a>(dest: &'a mut [u8]) -> Result<NonBlocking<'a>> { ... }
fn getrandom_uninit_nonblocking<'a>(dest: &'a mut [MaybeUninit<u8>])) -> Result<NonBlocking<'a>> { ... } |
I agree. We could support sources which respect entropy estimates, but I don't think they are used much in practice nowadays.
I think some platforms may provide randomness even if PRNG did not get enough initialization entropy (like
I think it's fine to return To summarize, we probably need combination of the following options:
It may be represented as two separate options: quality of generated randomness and blocking behavior. The former also may include the "super secure" option to cover the |
Copying from #439 My proposed new API for this crate would be to introduce a #[non_exhaustive] // Possible now that MSRV >= 1.40
#[derive(Clone, Copy, Debug, Default)]
pub struct Opts {}
impl Opts {
pub const fn new() -> Self;
}
pub fn fill(buf: &mut [u8], opts: Opts) -> Result<(), Error>;
/// Do we even want this? See discussion below
pub fn fill_uninit(buf: &mut [MaybeUninit<u8>], opts: Opts) -> Result<&mut [u8], Error>;
/// Convenience wrapper for `fill(buf, Opts::new())`
/// I don't think we would want to deprecate this.
pub fn getrandom(buf: &mut [u8]) -> Result<(), Error>; Handling
|
Which targets could even support non-blocking mode at all? For each one, how would it do so? What would actually use this API? For which use case? At one point we thought maybe libstd would, but I don't think it will ever use getrandom, as it's already implemented what it needs itself. The one option I know some people definitely need is "don't fall back to /dev/urandom, and don't link in the |
My initial ideas for flags in
|
In some scenarios (e.g. for seeding
HashMap
) it's desirable to get potentially less secure numbers than to block indefinitely. The motivation is largely equivalent to motivation behind theGRND_NONBLOCK
flag used in thegetrandom
syscall. We probably should add support for such scenarios, either by adding an additional argument or by introducing a separate set of non-blocking functions.Relevant PRs: #353 #352
The text was updated successfully, but these errors were encountered: