Skip to content

Commit 6438bcc

Browse files
committed
Add "insecure" functions
1 parent e694075 commit 6438bcc

26 files changed

+232
-124
lines changed

.github/workflows/build.yml

+2-1
Original file line numberDiff line numberDiff line change
@@ -33,7 +33,8 @@ jobs:
3333
- run: cargo test --no-run --target=aarch64-apple-watchos -Zbuild-std --features=std
3434
# visionOS requires Xcode 15.2+, GitHub Actions defaults to an older version.
3535
- run: sudo xcode-select -switch /Applications/Xcode_15.2.app
36-
- run: cargo test --no-run --target=aarch64-apple-visionos -Zbuild-std --features=std
36+
# std is broken on visionOS right now
37+
#- run: cargo test --no-run --target=aarch64-apple-visionos -Zbuild-std --features=std
3738

3839
cross:
3940
name: Cross

src/backends/apple_other.rs

+2-2
Original file line numberDiff line numberDiff line change
@@ -2,9 +2,9 @@
22
use crate::Error;
33
use core::{ffi::c_void, mem::MaybeUninit};
44

5-
pub use crate::util::{inner_u32, inner_u64};
5+
pub use crate::default_impls::{insecure_fill_uninit, insecure_u32, insecure_u64, u32, u64};
66

7-
pub fn fill_inner(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
7+
pub fn fill_uninit(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
88
let dst_ptr = dest.as_mut_ptr().cast::<c_void>();
99
let ret = unsafe { libc::CCRandomGenerateBytes(dst_ptr, dest.len()) };
1010
if ret == libc::kCCSuccess {

src/backends/custom.rs

+2-2
Original file line numberDiff line numberDiff line change
@@ -2,9 +2,9 @@
22
use crate::Error;
33
use core::mem::MaybeUninit;
44

5-
pub use crate::util::{inner_u32, inner_u64};
5+
pub use crate::default_impls::{insecure_fill_uninit, insecure_u32, insecure_u64, u32, u64};
66

7-
pub fn fill_inner(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
7+
pub fn fill_uninit(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
88
extern "Rust" {
99
fn __getrandom_v03_custom(dest: *mut u8, len: usize) -> Result<(), Error>;
1010
}

src/backends/esp_idf.rs

+23-10
Original file line numberDiff line numberDiff line change
@@ -1,23 +1,36 @@
1-
//! Implementation for ESP-IDF
1+
//! Implementation for ESP-IDF.
2+
//!
3+
//! Not that NOT enabling WiFi, BT, or the voltage noise entropy source
4+
//! (via `bootloader_random_enable`) will cause ESP-IDF to return pseudo-random numbers based on
5+
//! the voltage noise entropy, after the initial boot process:
6+
//! https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/random.html
7+
//!
8+
//! However tracking if some of these entropy sources is enabled is way too difficult
9+
//! to implement here.
210
use crate::Error;
311
use core::{ffi::c_void, mem::MaybeUninit};
412

5-
pub use crate::util::{inner_u32, inner_u64};
13+
pub use crate::default_impls::{insecure_fill_uninit, insecure_u32, insecure_u64};
614

715
#[cfg(not(target_os = "espidf"))]
816
compile_error!("`esp_idf` backend can be enabled only for ESP-IDF targets!");
917

1018
extern "C" {
11-
fn esp_fill_random(buf: *mut c_void, len: usize) -> u32;
19+
fn esp_random() -> u32;
20+
fn esp_fill_random(buf: *mut c_void, len: usize);
1221
}
1322

14-
pub fn fill_inner(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
15-
// Not that NOT enabling WiFi, BT, or the voltage noise entropy source (via `bootloader_random_enable`)
16-
// will cause ESP-IDF to return pseudo-random numbers based on the voltage noise entropy, after the initial boot process:
17-
// https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/random.html
18-
//
19-
// However tracking if some of these entropy sources is enabled is way too difficult to implement here
20-
unsafe { esp_fill_random(dest.as_mut_ptr().cast(), dest.len()) };
23+
pub fn u32() -> Result<u32, Error> {
24+
Ok(unsafe { esp_random() })
25+
}
2126

27+
pub fn u64() -> Result<u64, Error> {
28+
let (a, b) = unsafe { (esp_random(), esp_random()) };
29+
let res = (u64::from(a) << 32) | u64::from(b);
30+
Ok(res)
31+
}
32+
33+
pub fn fill_uninit(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
34+
unsafe { esp_fill_random(dest.as_mut_ptr().cast(), dest.len()) };
2235
Ok(())
2336
}

src/backends/fuchsia.rs

+2-2
Original file line numberDiff line numberDiff line change
@@ -2,14 +2,14 @@
22
use crate::Error;
33
use core::mem::MaybeUninit;
44

5-
pub use crate::util::{inner_u32, inner_u64};
5+
pub use crate::default_impls::{insecure_fill_uninit, insecure_u32, insecure_u64, u32, u64};
66

77
#[link(name = "zircon")]
88
extern "C" {
99
fn zx_cprng_draw(buffer: *mut u8, length: usize);
1010
}
1111

12-
pub fn fill_inner(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
12+
pub fn fill_uninit(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
1313
unsafe { zx_cprng_draw(dest.as_mut_ptr().cast::<u8>(), dest.len()) }
1414
Ok(())
1515
}

src/backends/getentropy.rs

+2-2
Original file line numberDiff line numberDiff line change
@@ -10,12 +10,12 @@
1010
use crate::Error;
1111
use core::{ffi::c_void, mem::MaybeUninit};
1212

13-
pub use crate::util::{inner_u32, inner_u64};
13+
pub use crate::default_impls::{insecure_fill_uninit, insecure_u32, insecure_u64, u32, u64};
1414

1515
#[path = "../util_libc.rs"]
1616
mod util_libc;
1717

18-
pub fn fill_inner(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
18+
pub fn fill_uninit(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
1919
for chunk in dest.chunks_mut(256) {
2020
let ret = unsafe { libc::getentropy(chunk.as_mut_ptr().cast::<c_void>(), chunk.len()) };
2121
if ret != 0 {

src/backends/getrandom.rs

+2-2
Original file line numberDiff line numberDiff line change
@@ -18,12 +18,12 @@
1818
use crate::Error;
1919
use core::{ffi::c_void, mem::MaybeUninit};
2020

21-
pub use crate::util::{inner_u32, inner_u64};
21+
pub use crate::default_impls::{insecure_fill_uninit, insecure_u32, insecure_u64, u32, u64};
2222

2323
#[path = "../util_libc.rs"]
2424
mod util_libc;
2525

26-
pub fn fill_inner(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
26+
pub fn fill_uninit(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
2727
util_libc::sys_fill_exact(dest, |buf| unsafe {
2828
libc::getrandom(buf.as_mut_ptr().cast::<c_void>(), buf.len(), 0)
2929
})

src/backends/hermit.rs

+5-3
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,8 @@
22
use crate::Error;
33
use core::mem::MaybeUninit;
44

5+
pub use crate::default_impls::{insecure_fill_uninit, insecure_u32, insecure_u64};
6+
57
extern "C" {
68
fn sys_read_entropy(buffer: *mut u8, length: usize, flags: u32) -> isize;
79
// Note that `sys_secure_rand32/64` are implemented using `sys_read_entropy`:
@@ -12,7 +14,7 @@ extern "C" {
1214
fn sys_secure_rand64(value: *mut u64) -> i32;
1315
}
1416

15-
pub fn inner_u32() -> Result<u32, Error> {
17+
pub fn u32() -> Result<u32, Error> {
1618
let mut res = MaybeUninit::uninit();
1719
let ret = unsafe { sys_secure_rand32(res.as_mut_ptr()) };
1820
match ret {
@@ -22,7 +24,7 @@ pub fn inner_u32() -> Result<u32, Error> {
2224
}
2325
}
2426

25-
pub fn inner_u64() -> Result<u64, Error> {
27+
pub fn u64() -> Result<u64, Error> {
2628
let mut res = MaybeUninit::uninit();
2729
let ret = unsafe { sys_secure_rand64(res.as_mut_ptr()) };
2830
match ret {
@@ -32,7 +34,7 @@ pub fn inner_u64() -> Result<u64, Error> {
3234
}
3335
}
3436

35-
pub fn fill_inner(mut dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
37+
pub fn fill_uninit(mut dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
3638
while !dest.is_empty() {
3739
let res = unsafe { sys_read_entropy(dest.as_mut_ptr().cast::<u8>(), dest.len(), 0) };
3840
match res {

src/backends/linux_android.rs

+2-2
Original file line numberDiff line numberDiff line change
@@ -2,15 +2,15 @@
22
use crate::Error;
33
use core::mem::MaybeUninit;
44

5-
pub use crate::util::{inner_u32, inner_u64};
5+
pub use crate::default_impls::{insecure_fill_uninit, insecure_u32, insecure_u64, u32, u64};
66

77
#[path = "../util_libc.rs"]
88
mod util_libc;
99

1010
#[cfg(not(any(target_os = "android", target_os = "linux")))]
1111
compile_error!("`linux_getrandom` backend can be enabled only for Linux/Android targets!");
1212

13-
pub fn fill_inner(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
13+
pub fn fill_uninit(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
1414
util_libc::sys_fill_exact(dest, |buf| unsafe {
1515
libc::getrandom(buf.as_mut_ptr().cast(), buf.len(), 0)
1616
})

src/backends/linux_android_with_fallback.rs

+3-3
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@ use core::{
99
};
1010
use use_file::util_libc;
1111

12-
pub use crate::util::{inner_u32, inner_u64};
12+
pub use crate::default_impls::{insecure_fill_uninit, insecure_u32, insecure_u64, u32, u64};
1313

1414
type GetRandomFn = unsafe extern "C" fn(*mut c_void, libc::size_t, libc::c_uint) -> libc::ssize_t;
1515

@@ -56,10 +56,10 @@ fn init() -> NonNull<c_void> {
5656
// prevent inlining of the fallback implementation
5757
#[inline(never)]
5858
fn use_file_fallback(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
59-
use_file::fill_inner(dest)
59+
use_file::fill_uninit(dest)
6060
}
6161

62-
pub fn fill_inner(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
62+
pub fn fill_uninit(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
6363
// Despite being only a single atomic variable, we still cannot always use
6464
// Ordering::Relaxed, as we need to make sure a successful call to `init`
6565
// is "ordered before" any data read through the returned pointer (which

src/backends/linux_rustix.rs

+2-2
Original file line numberDiff line numberDiff line change
@@ -2,12 +2,12 @@
22
use crate::{Error, MaybeUninit};
33
use rustix::rand::{getrandom_uninit, GetRandomFlags};
44

5-
pub use crate::util::{inner_u32, inner_u64};
5+
pub use crate::default_impls::{insecure_fill_uninit, insecure_u32, insecure_u64, u32, u64};
66

77
#[cfg(not(any(target_os = "android", target_os = "linux")))]
88
compile_error!("`linux_rustix` backend can be enabled only for Linux/Android targets!");
99

10-
pub fn fill_inner(mut dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
10+
pub fn fill_uninit(mut dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
1111
loop {
1212
let res = getrandom_uninit(dest, GetRandomFlags::empty()).map(|(res, _)| res.len());
1313
match res {

src/backends/netbsd.rs

+2-2
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@ use core::{
1212
sync::atomic::{AtomicPtr, Ordering},
1313
};
1414

15-
pub use crate::util::{inner_u32, inner_u64};
15+
pub use crate::default_impls::{insecure_fill_uninit, insecure_u32, insecure_u64, u32, u64};
1616

1717
#[path = "../util_libc.rs"]
1818
mod util_libc;
@@ -62,7 +62,7 @@ fn init() -> *mut c_void {
6262
ptr
6363
}
6464

65-
pub fn fill_inner(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
65+
pub fn fill_uninit(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
6666
// Despite being only a single atomic variable, we still cannot always use
6767
// Ordering::Relaxed, as we need to make sure a successful call to `init`
6868
// is "ordered before" any data read through the returned pointer (which

src/backends/rdrand.rs

+5-3
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,8 @@
22
use crate::{util::slice_as_uninit, Error};
33
use core::mem::{size_of, MaybeUninit};
44

5+
pub use crate::default_impls::{insecure_fill_uninit, insecure_u32, insecure_u64};
6+
57
#[path = "../lazy.rs"]
68
mod lazy;
79

@@ -147,23 +149,23 @@ unsafe fn rdrand_u64() -> Option<u64> {
147149
Some((u64::from(a) << 32) || u64::from(b))
148150
}
149151

150-
pub fn inner_u32() -> Result<u32, Error> {
152+
pub fn u32() -> Result<u32, Error> {
151153
if !RDRAND_GOOD.unsync_init(is_rdrand_good) {
152154
return Err(Error::NO_RDRAND);
153155
}
154156
// SAFETY: After this point, we know rdrand is supported.
155157
unsafe { rdrand_u32() }.ok_or(Error::FAILED_RDRAND)
156158
}
157159

158-
pub fn inner_u64() -> Result<u64, Error> {
160+
pub fn u64() -> Result<u64, Error> {
159161
if !RDRAND_GOOD.unsync_init(is_rdrand_good) {
160162
return Err(Error::NO_RDRAND);
161163
}
162164
// SAFETY: After this point, we know rdrand is supported.
163165
unsafe { rdrand_u64() }.ok_or(Error::FAILED_RDRAND)
164166
}
165167

166-
pub fn fill_inner(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
168+
pub fn fill_uninit(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
167169
if !RDRAND_GOOD.unsync_init(is_rdrand_good) {
168170
return Err(Error::NO_RDRAND);
169171
}

src/backends/rndr.rs

+5-3
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,8 @@ use crate::{
99
use core::arch::asm;
1010
use core::mem::{size_of, MaybeUninit};
1111

12+
pub use crate::default_impls::{insecure_fill_uninit, insecure_u32, insecure_u64};
13+
1214
#[cfg(not(target_arch = "aarch64"))]
1315
compile_error!("the `rndr` backend can be enabled only for AArch64 targets!");
1416

@@ -104,7 +106,7 @@ fn is_rndr_available() -> bool {
104106
}
105107
}
106108

107-
pub fn inner_u32() -> Result<u32, Error> {
109+
pub fn u32() -> Result<u32, Error> {
108110
if is_rndr_available() {
109111
// SAFETY: after this point, we know the `rand` target feature is enabled
110112
let res = unsafe { rndr() };
@@ -114,7 +116,7 @@ pub fn inner_u32() -> Result<u32, Error> {
114116
}
115117
}
116118

117-
pub fn inner_u64() -> Result<u64, Error> {
119+
pub fn u64() -> Result<u64, Error> {
118120
if is_rndr_available() {
119121
// SAFETY: after this point, we know the `rand` target feature is enabled
120122
let res = unsafe { rndr() };
@@ -124,7 +126,7 @@ pub fn inner_u64() -> Result<u64, Error> {
124126
}
125127
}
126128

127-
pub fn fill_inner(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
129+
pub fn fill_uninit(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
128130
if is_rndr_available() {
129131
// SAFETY: after this point, we know the `rand` target feature is enabled
130132
unsafe { rndr_fill(dest).ok_or(Error::RNDR_FAILURE) }

src/backends/solaris.rs

+2-2
Original file line numberDiff line numberDiff line change
@@ -15,14 +15,14 @@
1515
use crate::Error;
1616
use core::{ffi::c_void, mem::MaybeUninit};
1717

18-
pub use crate::util::{inner_u32, inner_u64};
18+
pub use crate::default_impls::{insecure_fill_uninit, insecure_u32, insecure_u64, u32, u64};
1919

2020
#[path = "../util_libc.rs"]
2121
mod util_libc;
2222

2323
const MAX_BYTES: usize = 1024;
2424

25-
pub fn fill_inner(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
25+
pub fn fill_uninit(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
2626
for chunk in dest.chunks_mut(MAX_BYTES) {
2727
let ptr = chunk.as_mut_ptr().cast::<c_void>();
2828
let ret = unsafe { libc::getrandom(ptr, chunk.len(), libc::GRND_RANDOM) };

src/backends/solid.rs

+2-2
Original file line numberDiff line numberDiff line change
@@ -2,13 +2,13 @@
22
use crate::Error;
33
use core::mem::MaybeUninit;
44

5-
pub use crate::util::{inner_u32, inner_u64};
5+
pub use crate::default_impls::{insecure_fill_uninit, insecure_u32, insecure_u64, u32, u64};
66

77
extern "C" {
88
pub fn SOLID_RNG_SampleRandomBytes(buffer: *mut u8, length: usize) -> i32;
99
}
1010

11-
pub fn fill_inner(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
11+
pub fn fill_uninit(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
1212
let ret = unsafe { SOLID_RNG_SampleRandomBytes(dest.as_mut_ptr().cast::<u8>(), dest.len()) };
1313
if ret >= 0 {
1414
Ok(())

src/backends/use_file.rs

+2-2
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@ use core::{
77
};
88

99
#[cfg(not(any(target_os = "android", target_os = "linux")))]
10-
pub use crate::util::{inner_u32, inner_u64};
10+
pub use crate::default_impls::{insecure_fill_uninit, insecure_u32, insecure_u64, u32, u64};
1111

1212
#[path = "../util_libc.rs"]
1313
pub(super) mod util_libc;
@@ -40,7 +40,7 @@ const FD_ONGOING_INIT: libc::c_int = -2;
4040
// `Ordering::Acquire` to synchronize with it.
4141
static FD: AtomicI32 = AtomicI32::new(FD_UNINIT);
4242

43-
pub fn fill_inner(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
43+
pub fn fill_uninit(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
4444
let mut fd = FD.load(Ordering::Acquire);
4545
if fd == FD_UNINIT || fd == FD_ONGOING_INIT {
4646
fd = open_or_wait()?;

src/backends/vxworks.rs

+2-2
Original file line numberDiff line numberDiff line change
@@ -9,9 +9,9 @@ use core::{
99
#[path = "../util_libc.rs"]
1010
mod util_libc;
1111

12-
pub use crate::util::{inner_u32, inner_u64};
12+
pub use crate::default_impls::{insecure_fill_uninit, insecure_u32, insecure_u64, u32, u64};
1313

14-
pub fn fill_inner(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
14+
pub fn fill_uninit(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
1515
static RNG_INIT: AtomicBool = AtomicBool::new(false);
1616
while !RNG_INIT.load(Relaxed) {
1717
let ret = unsafe { libc::randSecure() };

src/backends/wasi_p1.rs

+2-2
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22
use crate::Error;
33
use core::mem::MaybeUninit;
44

5-
pub use crate::util::{inner_u32, inner_u64};
5+
pub use crate::default_impls::{insecure_fill_uninit, insecure_u32, insecure_u64, u32, u64};
66

77
// This linking is vendored from the wasi crate:
88
// https://docs.rs/wasi/0.11.0+wasi-snapshot-preview1/src/wasi/lib_generated.rs.html#2344-2350
@@ -11,7 +11,7 @@ extern "C" {
1111
fn random_get(arg0: i32, arg1: i32) -> i32;
1212
}
1313

14-
pub fn fill_inner(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
14+
pub fn fill_uninit(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
1515
// Based on the wasi code:
1616
// https://docs.rs/wasi/0.11.0+wasi-snapshot-preview1/src/wasi/lib_generated.rs.html#2046-2062
1717
// Note that size of an allocated object can not be bigger than isize::MAX bytes.

0 commit comments

Comments
 (0)