You're Invited:Meet the Socket Team at RSAC and BSidesSF 2026, March 23–26.RSVP
Socket
Book a DemoSign in
Socket
Book a DemoSign in

getrandom

Package Overview
Dependencies
Maintainers
1
Versions
47
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

getrandom - cargo Package Compare versions

Comparing version
0.3.3
 to
0.3.4
+59
src/backends/sanitizer.rs
use core::mem::MaybeUninit;
/// Unpoisons `buf` if MSAN support is enabled.
///
/// Most backends do not need to unpoison their output. Rust language- and
/// library- provided functionality unpoisons automatically. Similarly, libc
/// either natively supports MSAN and/or MSAN hooks libc-provided functions
/// to unpoison outputs on success. Only when all of these things are
/// bypassed do we need to do it ourselves.
///
/// The call to unpoison should be done as close to the write as possible.
/// For example, if the backend partially fills the output buffer in chunks,
/// each chunk should be unpoisoned individually. This way, the correctness of
/// the chunking logic can be validated (in part) using MSAN.
pub unsafe fn unpoison(buf: &mut [MaybeUninit<u8>]) {
cfg_if! {
if #[cfg(getrandom_msan)] {
extern "C" {
fn __msan_unpoison(a: *mut core::ffi::c_void, size: usize);
}
let a = buf.as_mut_ptr().cast();
let size = buf.len();
#[allow(unused_unsafe)] // TODO(MSRV 1.65): Remove this.
unsafe {
__msan_unpoison(a, size);
}
} else {
let _ = buf;
}
}
}
/// Interprets the result of the `getrandom` syscall of Linux, unpoisoning any
/// written part of `buf`.
///
/// `buf` must be the output buffer that was originally passed to the `getrandom`
/// syscall.
///
/// `ret` must be the result returned by `getrandom`. If `ret` is negative or
/// larger than the length of `buf` then nothing is done.
///
/// Memory Sanitizer only intercepts `getrandom` on this condition (from its
/// source code):
/// ```c
/// #define SANITIZER_INTERCEPT_GETRANDOM \
/// ((SI_LINUX && __GLIBC_PREREQ(2, 25)) || SI_FREEBSD || SI_SOLARIS)
/// ```
/// So, effectively, we have to assume that it is never intercepted on Linux.
#[cfg(any(target_os = "android", target_os = "linux"))]
pub unsafe fn unpoison_linux_getrandom_result(buf: &mut [MaybeUninit<u8>], ret: isize) {
if let Ok(bytes_written) = usize::try_from(ret) {
if let Some(written) = buf.get_mut(..bytes_written) {
#[allow(unused_unsafe)] // TODO(MSRV 1.65): Remove this.
unsafe {
unpoison(written)
}
}
}
}
+9
src/backends/unsupported.rs
//! Implementation that errors at runtime.
use crate::Error;
use core::mem::MaybeUninit;
pub use crate::util::{inner_u32, inner_u64};
pub fn fill_inner(_dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
Err(Error::UNSUPPORTED)
}
+48
src/backends/windows_legacy.rs
//! Legacy implementation for Windows XP and later
//!
//! For targets where we cannot use ProcessPrng (added in Windows 10), we use
//! RtlGenRandom. See windows.rs for a more detailed discussion of the Windows
//! RNG APIs (and why we don't use BCryptGenRandom). On versions prior to
//! Windows 10, this implementation is secure. On Windows 10 and later, this
//! implementation behaves identically to the windows.rs implementation, except
//! that it forces the loading of an additional DLL (advapi32.dll).
//!
//! This implementation will not work on UWP targets (which lack advapi32.dll),
//! but such targets require Windows 10, so can use the standard implementation.
use crate::Error;
use core::{ffi::c_void, mem::MaybeUninit};
pub use crate::util::{inner_u32, inner_u64};
#[cfg(not(windows))]
compile_error!("`windows_legacy` backend can be enabled only for Windows targets!");
// Binding to the Windows.Win32.Security.Authentication.Identity.RtlGenRandom
// API. Don't use windows-targets as it doesn't support Windows 7 targets.
#[link(name = "advapi32")]
extern "system" {
#[link_name = "SystemFunction036"]
fn RtlGenRandom(randombuffer: *mut c_void, randombufferlength: u32) -> BOOLEAN;
}
#[allow(clippy::upper_case_acronyms)]
type BOOLEAN = u8;
const TRUE: BOOLEAN = 1u8;
#[inline]
pub fn fill_inner(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
// Prevent overflow of u32
let chunk_size = usize::try_from(i32::MAX).expect("Windows does not support 16-bit targets");
for chunk in dest.chunks_mut(chunk_size) {
let chunk_len = u32::try_from(chunk.len()).expect("chunk size is bounded by i32::MAX");
let ret = unsafe { RtlGenRandom(chunk.as_mut_ptr().cast::<c_void>(), chunk_len) };
if ret != TRUE {
return Err(Error::WINDOWS_RTL_GEN_RANDOM);
}
}
Ok(())
}
impl Error {
/// Call to Windows [`RtlGenRandom`](https://docs.microsoft.com/en-us/windows/win32/api/ntsecapi/nf-ntsecapi-rtlgenrandom) failed.
pub(crate) const WINDOWS_RTL_GEN_RANDOM: Error = Self::new_internal(10);
}
+1
-1
.cargo_vcs_info.json
{
"git": {
"sha1": "82396406b28f23ba86e3e511d34a4f5dab0fda08"
"sha1": "38e4ad38309a85b56eef4fc759535ccfc322ba9a"
},
"path_in_vcs": ""
}
+4
-4
build.rs

@@ -29,3 +29,3 @@ use std::{env, ffi::OsString, process::Command};

let first_line = lines.next()?;
let minor_ver_str = first_line.split(".").nth(1)?;
let minor_ver_str = first_line.split('.').nth(1)?;
minor_ver_str.parse().ok()

@@ -38,4 +38,4 @@ }

println!("cargo:rerun-if-changed=build.rs");
let santizers = std::env::var("CARGO_CFG_SANITIZE").unwrap_or_default();
if santizers.contains("memory") {
let sanitizers = std::env::var("CARGO_CFG_SANITIZE").unwrap_or_default();
if sanitizers.contains("memory") {
println!("cargo:rustc-cfg=getrandom_msan");

@@ -53,3 +53,3 @@ }

Some(minor_ver) if minor_ver < WIN7_INTRODUCED_MINOR_VER => {
println!("cargo:rustc-cfg=getrandom_windows_legacy");
println!("cargo:rustc-cfg=getrandom_backend=\"windows_legacy\"");
}

@@ -56,0 +56,0 @@ None => println!("cargo:warning=Couldn't detect minor version of the Rust compiler"),

+63
-136
Cargo.lock

@@ -6,19 +6,14 @@ # This file is automatically @generated by Cargo.

[[package]]
name = "bitflags"
version = "2.9.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5c8214115b7bf84099f1309324e63141d4c5d7cc26862f97a0a857dbefe165bd"
[[package]]
name = "bumpalo"
version = "3.17.0"
version = "3.19.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1628fb46dfa0b37568d12e5edd512553eccf6a22a78e8bde00bb4aed84d5bdbf"
checksum = "46c5e41b57b8bba42a04676d81cb89e9ee8e859a1a66f80a5a72e1cb76b34d43"
[[package]]
name = "cc"
version = "1.2.21"
version = "1.2.41"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8691782945451c1c383942c4874dbe63814f61cb57ef773cda2972682b7bb3c0"
checksum = "ac9fe6cdbb24b6ade63616c0a0688e45bb56732262c158df3c0c4bea4ca47cb7"
dependencies = [
"find-msvc-tools",
"shlex",

@@ -29,23 +24,21 @@ ]

name = "cfg-if"
version = "1.0.0"
version = "1.0.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd"
checksum = "2fd1289c04a9ea8cb22300a459a72a385d7c73d3259e2ed7dcb2af674838cfa9"
[[package]]
name = "compiler_builtins"
version = "0.1.157"
name = "find-msvc-tools"
version = "0.1.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "74f103f5a97b25e3ed7134dee586e90bbb0496b33ba41816f0e7274e5bb73b50"
checksum = "52051878f80a721bb68ebfbc930e07b65ba72f2da88968ea5c06fd6ca3d3a127"
[[package]]
name = "getrandom"
version = "0.3.3"
version = "0.3.4"
dependencies = [
"cfg-if",
"compiler_builtins",
"js-sys",
"libc",
"r-efi",
"rustc-std-workspace-core",
"wasi",
"wasip2",
"wasm-bindgen",

@@ -57,5 +50,5 @@ "wasm-bindgen-test",

name = "js-sys"
version = "0.3.77"
version = "0.3.80"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1cfaf33c695fc6e08064efbc1f72ec937429614f25eef83af942d0e227c3a28f"
checksum = "852f13bec5eba4ba9afbeb93fd7c13fe56147f055939ae21c43a29a0ecb2702e"
dependencies = [

@@ -68,11 +61,11 @@ "once_cell",

name = "libc"
version = "0.2.171"
version = "0.2.177"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c19937216e9d3aa9956d9bb8dfc0b0c8beb6058fc4f7a4dc4d850edf86a237d6"
checksum = "2874a2af47a2325c2001a6e6fad9b16a53b802102b528163885171cf92b15976"
[[package]]
name = "log"
version = "0.4.27"
version = "0.4.28"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "13dc2df351e3202783a1fe0d44375f7295ffb4049267b0f3018346dc122a1d94"
checksum = "34080505efa8e45a4b816c349525ebe327ceaa8559756f0356cba97ef3bf7432"

@@ -97,5 +90,5 @@ [[package]]

name = "proc-macro2"
version = "1.0.95"
version = "1.0.101"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "02b3e5e68a3a1a02aad3ec490a98007cbc13c37cbe84a3cd7b8e406d76e7f778"
checksum = "89ae43fd86e4158d6db51ad8e2b80f313af9cc74f5c0e03ccb87de09998732de"
dependencies = [

@@ -107,5 +100,5 @@ "unicode-ident",

name = "quote"
version = "1.0.40"
version = "1.0.41"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1885c039570dc00dcb4ff087a89e185fd56bae234ddc7f056a945bf36467248d"
checksum = "ce25767e7b499d1b604768e7cde645d14cc8584231ea6b295e9c9eb22c02e1d1"
dependencies = [

@@ -117,13 +110,7 @@ "proc-macro2",

name = "r-efi"
version = "5.2.0"
version = "5.3.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "74765f6d916ee2faa39bc8e68e4f3ed8949b48cccdac59983d287a7cb71ce9c5"
checksum = "69cdb34c158ceb288df11e18b4bd39de994f6657d83847bdffdbd7f346754b0f"
[[package]]
name = "rustc-std-workspace-core"
version = "1.0.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "aa9c45b374136f52f2d6311062c7146bff20fec063c3f5d46a410bd937746955"
[[package]]
name = "same-file"

@@ -145,5 +132,5 @@ version = "1.0.6"

name = "syn"
version = "2.0.101"
version = "2.0.106"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8ce2b7fc941b3a24138a0a7cf8e858bfc6a992e7978a068a5c760deb0ed43caf"
checksum = "ede7c438028d4436d71104916910f5bb611972c5cfd7f89b8300a8186e6fada6"
dependencies = [

@@ -157,5 +144,5 @@ "proc-macro2",

name = "unicode-ident"
version = "1.0.18"
version = "1.0.19"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5a5f39404a5da50712a4c1eecf25e90dd62b613502b7e925fd4e4d19b5c96512"
checksum = "f63a545481291138910575129486daeaf8ac54aee4387fe7906919f7830c7d9d"

@@ -173,8 +160,8 @@ [[package]]

[[package]]
name = "wasi"
version = "0.14.2+wasi-0.2.4"
name = "wasip2"
version = "1.0.1+wasi-0.2.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9683f9a5a998d873c0d21fcbe3c083009670149a8fab228644b8bd36b2c48cb3"
checksum = "0562428422c63773dad2c345a1882263bbf4d65cf3f42e90921f787ef5ad58e7"
dependencies = [
"wit-bindgen-rt",
"wit-bindgen",
]

@@ -184,5 +171,5 @@

name = "wasm-bindgen"
version = "0.2.100"
version = "0.2.103"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1edc8929d7499fc4e8f0be2262a241556cfc54a0bea223790e71446f2aab1ef5"
checksum = "ab10a69fbd0a177f5f649ad4d8d3305499c42bab9aef2f7ff592d0ec8f833819"
dependencies = [

@@ -192,2 +179,3 @@ "cfg-if",

"wasm-bindgen-macro",
"wasm-bindgen-shared",
]

@@ -197,5 +185,5 @@

name = "wasm-bindgen-backend"
version = "0.2.100"
version = "0.2.103"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "2f0a0651a5c2bc21487bde11ee802ccaf4c51935d0d3d42a6101f98161700bc6"
checksum = "0bb702423545a6007bbc368fde243ba47ca275e549c8a28617f56f6ba53b1d1c"
dependencies = [

@@ -212,5 +200,5 @@ "bumpalo",

name = "wasm-bindgen-futures"
version = "0.4.50"
version = "0.4.53"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "555d470ec0bc3bb57890405e5d4322cc9ea83cebb085523ced7be4144dac1e61"
checksum = "a0b221ff421256839509adbb55998214a70d829d3a28c69b4a6672e9d2a42f67"
dependencies = [

@@ -226,5 +214,5 @@ "cfg-if",

name = "wasm-bindgen-macro"
version = "0.2.100"
version = "0.2.103"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7fe63fc6d09ed3792bd0897b314f53de8e16568c2b3f7982f468c0bf9bd0b407"
checksum = "fc65f4f411d91494355917b605e1480033152658d71f722a90647f56a70c88a0"
dependencies = [

@@ -237,5 +225,5 @@ "quote",

name = "wasm-bindgen-macro-support"
version = "0.2.100"
version = "0.2.103"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8ae87ea40c9f689fc23f209965b6fb8a99ad69aeeb0231408be24920604395de"
checksum = "ffc003a991398a8ee604a401e194b6b3a39677b3173d6e74495eb51b82e99a32"
dependencies = [

@@ -251,5 +239,5 @@ "proc-macro2",

name = "wasm-bindgen-shared"
version = "0.2.100"
version = "0.2.103"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1a05d73b933a847d6cccdda8f838a22ff101ad9bf93e33684f39c1f5f0eece3d"
checksum = "293c37f4efa430ca14db3721dfbe48d8c33308096bd44d80ebaa775ab71ba1cf"
dependencies = [

@@ -261,5 +249,5 @@ "unicode-ident",

name = "wasm-bindgen-test"
version = "0.3.50"
version = "0.3.53"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "66c8d5e33ca3b6d9fa3b4676d774c5778031d27a578c2b007f905acf816152c3"
checksum = "aee0a0f5343de9221a0d233b04520ed8dc2e6728dce180b1dcd9288ec9d9fa3c"
dependencies = [

@@ -275,5 +263,5 @@ "js-sys",

name = "wasm-bindgen-test-macro"
version = "0.3.50"
version = "0.3.53"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "17d5042cc5fa009658f9a7333ef24291b1291a25b6382dd68862a7f3b969f69b"
checksum = "a369369e4360c2884c3168d22bded735c43cccae97bbc147586d4b480edd138d"
dependencies = [

@@ -287,5 +275,5 @@ "proc-macro2",

name = "web-sys"
version = "0.3.77"
version = "0.3.80"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "33b6dd2ef9186f1f2072e409e99cd22a975331a6b3591b12c764e0e55c60d5d2"
checksum = "fbe734895e869dc429d78c4b433f8d17d95f8d05317440b4fad5ab2d33e596dc"
dependencies = [

@@ -298,5 +286,5 @@ "js-sys",

name = "winapi-util"
version = "0.1.9"
version = "0.1.11"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "cf221c93e13a30d793f7645a0e7762c55d169dbb0a49671918a2319d289b10bb"
checksum = "c2a7b1c03c876122aa43f3020e6c3c3ee5c05081c9a00739faf7503aeba10d22"
dependencies = [

@@ -307,81 +295,20 @@ "windows-sys",

[[package]]
name = "windows-sys"
version = "0.59.0"
name = "windows-link"
version = "0.2.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1e38bc4d79ed67fd075bcc251a1c39b32a1776bbe92e5bef1f0bf1f8c531853b"
dependencies = [
"windows-targets",
]
checksum = "f0805222e57f7521d6a62e36fa9163bc891acd422f971defe97d64e70d0a4fe5"
[[package]]
name = "windows-targets"
version = "0.52.6"
name = "windows-sys"
version = "0.61.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9b724f72796e036ab90c1021d4780d4d3d648aca59e491e6b98e725b84e99973"
checksum = "ae137229bcbd6cdf0f7b80a31df61766145077ddf49416a728b02cb3921ff3fc"
dependencies = [
"windows_aarch64_gnullvm",
"windows_aarch64_msvc",
"windows_i686_gnu",
"windows_i686_gnullvm",
"windows_i686_msvc",
"windows_x86_64_gnu",
"windows_x86_64_gnullvm",
"windows_x86_64_msvc",
"windows-link",
]
[[package]]
name = "windows_aarch64_gnullvm"
version = "0.52.6"
name = "wit-bindgen"
version = "0.46.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "32a4622180e7a0ec044bb555404c800bc9fd9ec262ec147edd5989ccd0c02cd3"
[[package]]
name = "windows_aarch64_msvc"
version = "0.52.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "09ec2a7bb152e2252b53fa7803150007879548bc709c039df7627cabbd05d469"
[[package]]
name = "windows_i686_gnu"
version = "0.52.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8e9b5ad5ab802e97eb8e295ac6720e509ee4c243f69d781394014ebfe8bbfa0b"
[[package]]
name = "windows_i686_gnullvm"
version = "0.52.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0eee52d38c090b3caa76c563b86c3a4bd71ef1a819287c19d586d7334ae8ed66"
[[package]]
name = "windows_i686_msvc"
version = "0.52.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "240948bc05c5e7c6dabba28bf89d89ffce3e303022809e73deaefe4f6ec56c66"
[[package]]
name = "windows_x86_64_gnu"
version = "0.52.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "147a5c80aabfbf0c7d901cb5895d1de30ef2907eb21fbbab29ca94c5b08b1a78"
[[package]]
name = "windows_x86_64_gnullvm"
version = "0.52.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "24d5b23dc417412679681396f2b49f3de8c1473deb516bd34410872eff51ed0d"
[[package]]
name = "windows_x86_64_msvc"
version = "0.52.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec"
[[package]]
name = "wit-bindgen-rt"
version = "0.39.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6f42320e61fe2cfd34354ecb597f86f413484a798ba44a8ca1165c58d42da6c1"
dependencies = [
"bitflags",
]
checksum = "f17a85883d4e6d00e8a97c586de764dabcc06133f7f1d55dce5cdc070ad7fe59"
+7
-21
Cargo.toml

@@ -16,3 +16,3 @@ # THIS FILE IS AUTOMATICALLY GENERATED BY CARGO

name = "getrandom"
version = "0.3.3"
version = "0.3.4"
authors = ["The Rand Project Developers"]

@@ -36,2 +36,5 @@ build = "build.rs"

[package.metadata.docs.rs]
features = ["std"]
[package.metadata.cross.target.x86_64-unknown-netbsd]

@@ -47,10 +50,3 @@ pre-build = [

[package.metadata.docs.rs]
features = ["std"]
[features]
rustc-dep-of-std = [
"dep:compiler_builtins",
"dep:core",
]
std = []

@@ -77,11 +73,2 @@ wasm_js = [

[dependencies.compiler_builtins]
version = "0.1"
optional = true
[dependencies.core]
version = "1.0"
optional = true
package = "rustc-std-workspace-core"
[target.'cfg(all(any(target_os = "linux", target_os = "android"), not(any(all(target_os = "linux", target_env = ""), getrandom_backend = "custom", getrandom_backend = "linux_raw", getrandom_backend = "rdrand", getrandom_backend = "rndr"))))'.dependencies.libc]

@@ -104,4 +91,4 @@ version = "0.2.154"

[target.'cfg(all(target_arch = "wasm32", target_os = "wasi", target_env = "p2"))'.dependencies.wasi]
version = "0.14"
[target.'cfg(all(target_arch = "wasm32", target_os = "wasi", target_env = "p2"))'.dependencies.wasip2]
version = "1"
default-features = false

@@ -145,5 +132,4 @@

check-cfg = [
'cfg(getrandom_backend, values("custom", "efi_rng", "rdrand", "rndr", "linux_getrandom", "linux_raw", "wasm_js"))',
'cfg(getrandom_backend, values("custom", "efi_rng", "rdrand", "rndr", "linux_getrandom", "linux_raw", "wasm_js", "windows_legacy", "unsupported"))',
"cfg(getrandom_msan)",
"cfg(getrandom_windows_legacy)",
"cfg(getrandom_test_linux_fallback)",

@@ -150,0 +136,0 @@ "cfg(getrandom_test_linux_without_fallback)",

+48
-3
CHANGELOG.md

@@ -7,2 +7,46 @@ # Changelog

## [0.3.4] - 2025-10-14
### Major change to `wasm_js` backend
Now, when the `wasm_js` feature is enabled, the `wasm_js` backend will be used
by default. Users of `wasm32-unknown-unknown` targeting JavaScript environments
like the Web and Node.js will no longer need to specify:
```
--cfg getrandom_backend="wasm_js"
```
in `RUSTFLAGS` for the crate to compile. They can now simple enable a feature.
Note: this should not affect non-JS users of the `wasm32-unknown-unknown`
target. Using `--cfg getrandom_backend` will still override the source of
randomness _even if_ the `wasm_js` feature is enabled. This includes
`--cfg getrandom_backend=custom` and `--cfg getrandom_backend=unsupported`.
For more information, see the discussions in [#671], [#675], and [#730].
### Added
- `unsupported` opt-in backend [#667]
- `windows_legacy` opt-in backend [#724]
### Changed
- Implement Memory Sanitizer unpoisoning more precisely [#678]
- Relax MSRV for the `linux_raw` opt-in backend on ARM targets [#688]
- Use `getrandom` syscall on all RISC-V Linux targets [#699]
- Replaced `wasi` dependency with `wasip2` [#721]
- Enable `wasm_js` backend by default if the `wasm_js` feature is enabled [#730]
### Removed
- Unstable `rustc-dep-of-std` crate feature [#694]
[#667]: https://github.com/rust-random/getrandom/pull/667
[#671]: https://github.com/rust-random/getrandom/issues/671
[#675]: https://github.com/rust-random/getrandom/pull/675
[#678]: https://github.com/rust-random/getrandom/pull/678
[#688]: https://github.com/rust-random/getrandom/pull/688
[#694]: https://github.com/rust-random/getrandom/pull/694
[#699]: https://github.com/rust-random/getrandom/pull/699
[#721]: https://github.com/rust-random/getrandom/pull/721
[#724]: https://github.com/rust-random/getrandom/pull/724
[#730]: https://github.com/rust-random/getrandom/pull/730
## [0.3.3] - 2025-05-09

@@ -14,3 +58,3 @@

## Fixed
### Fixed
- Error handling in WASI p1 [#661]

@@ -86,3 +130,3 @@

- Internet Explorer 11 support [#554]
- Target-specific assocciated `Error` constants [#562]
- Target-specific associated `Error` constants [#562]

@@ -235,3 +279,3 @@ ### Changed

- Use getentropy on Emscripten [#307]
- Solaris: consistantly use `/dev/random` source [#310]
- Solaris: consistently use `/dev/random` source [#310]
- Move 3ds selection above rdrand/js/custom fallback [#312]

@@ -594,2 +638,3 @@ - Remove buffer zeroing from Node.js implementation [#315]

[0.3.4]: https://github.com/rust-random/getrandom/compare/v0.3.3...v0.3.4
[0.3.3]: https://github.com/rust-random/getrandom/compare/v0.3.2...v0.3.3

@@ -596,0 +641,0 @@ [0.3.2]: https://github.com/rust-random/getrandom/compare/v0.3.1...v0.3.2

+25
-29
README.md

@@ -87,5 +87,7 @@ # getrandom: system's random number generator

| `rndr` | AArch64 | `aarch64-*` | [`RNDR`] register
| `wasm_js` | Web Browser, Node.js | `wasm32‑unknown‑unknown`, `wasm32v1-none` | [`Crypto.getRandomValues`]. Requires feature `wasm_js` ([see below](#webassembly-support)).
| `efi_rng` | UEFI | `*-unknown‑uefi` | [`EFI_RNG_PROTOCOL`] with `EFI_RNG_ALGORITHM_RAW` (requires `std` and Nigthly compiler)
| `wasm_js` | Web Browser, Node.js | `wasm32‑unknown‑unknown`, `wasm32v1-none` | [`Crypto.getRandomValues`]. Enabled by the `wasm_js` feature ([see below](#webassembly-support)).
| `efi_rng` | UEFI | `*-unknown‑uefi` | [`EFI_RNG_PROTOCOL`] with `EFI_RNG_ALGORITHM_RAW` (requires `std` and Nightly compiler)
| `windows_legacy` | Windows | `*-windows-*` | [`RtlGenRandom`]
| `custom` | All targets | `*` | User-provided custom implementation (see [custom backend])
| `unsupported` | All targets | `*` | Always returns `Err(Error::UNSUPPORTED)` (see [unsupported backend])

@@ -133,19 +135,18 @@ Opt-in backends can be enabled using the `getrandom_backend` configuration flag.

We do not include support for this target in the default configuration because
our JS backend (supporting web browsers, web workers and Node.js v19 or later)
requires [`wasm-bindgen`], **bloating `Cargo.lock`** and
**potentially breaking builds** on non-web WASM platforms.
To enable `getrandom`'s functionality on `wasm32-unknown-unknown` using the Web
Crypto methods [described above][opt-in] via [`wasm-bindgen`], do
*both* of the following:
Crypto methods [described above][opt-in] via [`wasm-bindgen`], enable the
`wasm_js` feature flag. Setting `RUSTFLAGS='--cfg getrandom_backend="wasm_js"'`
is allowed but is no longer required and does nothing (it was required in a
prior version of this crate).
- Use the `wasm_js` feature flag, i.e.
`getrandom = { version = "0.3", features = ["wasm_js"] }`.
On its own, this only makes the backend available. (As a side effect this
will make your `Cargo.lock` significantly larger if you are not already
using [`wasm-bindgen`], but otherwise enabling this feature is harmless.)
- Set `RUSTFLAGS='--cfg getrandom_backend="wasm_js"'` ([see above][opt-in]).
WARNING: enabling the `wasm_js` feature will bloat `Cargo.lock` on all platforms
(where [`wasm-bindgen`] is not an existing dependency) and is known to cause
build issues on some non-web WASM platforms, even when a different backend is
selected via `getrandom_backend`.
This backend supports both web browsers (main window and Web Workers)
and Node.js (v19 or later) environments.
WARNING: It is highly recommended to enable the `wasm_js` feature only for
binary crates and tests, i.e. avoid unconditionally enabling it in library crates.
### Custom backend

@@ -208,16 +209,10 @@

If you are confident that `getrandom` is not used in your project, but
it gets pulled nevertheless by one of your dependencies, then you can
use the following custom backend, which always returns the "unsupported" error:
```rust
use getrandom::Error;
### Unsupported backend
#[no_mangle]
unsafe extern "Rust" fn __getrandom_v03_custom(
dest: *mut u8,
len: usize,
) -> Result<(), Error> {
Err(Error::UNSUPPORTED)
}
```
In some rare scenarios, you might be compiling this crate for an unsupported
target (e.g. `wasm32-unknown-unknown`), but this crate's functionality
is not actually used by your code. If you are confident that `getrandom` is
not used in your project, but it gets pulled nevertheless by one of your
dependencies, then you can enable the `unsupported` backend, which always
returns `Err(Error::UNSUPPORTED)`.

@@ -379,2 +374,3 @@ ### Platform Support

[custom backend]: #custom-backend
[unsupported backend]: #unsupported-backend
[`wasm-bindgen`]: https://github.com/rustwasm/wasm-bindgen

@@ -381,0 +377,0 @@ [`module`]: https://rustwasm.github.io/wasm-bindgen/reference/attributes/on-js-imports/module.html

+41
-13
src/backends.rs

@@ -5,3 +5,4 @@ //! System-specific implementations.

//! `fn fill_inner(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error>`.
//! The function MUST fully initialize `dest` when `Ok(())` is returned.
//! The function MUST fully initialize `dest` when `Ok(())` is returned;
//! the function may need to use `sanitizer::unpoison` as well.
//! The function MUST NOT ever write uninitialized bytes into `dest`,

@@ -16,5 +17,7 @@ //! regardless of what value it returns.

mod getrandom;
mod sanitizer;
pub use getrandom::*;
} else if #[cfg(getrandom_backend = "linux_raw")] {
mod linux_raw;
mod sanitizer;
pub use linux_raw::*;

@@ -30,3 +33,6 @@ } else if #[cfg(getrandom_backend = "rdrand")] {

pub use efi_rng::*;
} else if #[cfg(all(getrandom_backend = "wasm_js"))] {
} else if #[cfg(getrandom_backend = "windows_legacy")] {
mod windows_legacy;
pub use windows_legacy::*;
} else if #[cfg(getrandom_backend = "wasm_js")] {
cfg_if! {

@@ -44,4 +50,8 @@ if #[cfg(feature = "wasm_js")] {

}
} else if #[cfg(getrandom_backend = "unsupported")] {
mod unsupported;
pub use unsupported::*;
} else if #[cfg(all(target_os = "linux", target_env = ""))] {
mod linux_raw;
mod sanitizer;
pub use linux_raw::*;

@@ -100,3 +110,11 @@ } else if #[cfg(target_os = "espidf")] {

// are used in practice to target pre-3.17 kernels.
target_env = "musl",
all(
target_env = "musl",
not(
any(
target_arch = "riscv64",
target_arch = "riscv32",
),
),
),
),

@@ -107,2 +125,3 @@ )

mod linux_android_with_fallback;
mod sanitizer;
pub use linux_android_with_fallback::*;

@@ -122,2 +141,4 @@ } else if #[cfg(any(

mod getrandom;
#[cfg(any(target_os = "android", target_os = "linux"))]
mod sanitizer;
pub use getrandom::*;

@@ -165,5 +186,5 @@ } else if #[cfg(target_os = "solaris")] {

pub use solid::*;
} else if #[cfg(all(windows, any(target_vendor = "win7", getrandom_windows_legacy)))] {
mod windows7;
pub use windows7::*;
} else if #[cfg(all(windows, target_vendor = "win7"))] {
mod windows_legacy;
pub use windows_legacy::*;
} else if #[cfg(windows)] {

@@ -176,9 +197,16 @@ mod windows;

} else if #[cfg(all(target_arch = "wasm32", any(target_os = "unknown", target_os = "none")))] {
compile_error!(concat!(
"The wasm32-unknown-unknown targets are not supported by default; \
you may need to enable the \"wasm_js\" configuration flag. Note \
that enabling the `wasm_js` feature flag alone is insufficient. \
For more information see: \
https://docs.rs/getrandom/", env!("CARGO_PKG_VERSION"), "/#webassembly-support"
));
cfg_if! {
if #[cfg(feature = "wasm_js")] {
mod wasm_js;
pub use wasm_js::*;
} else {
compile_error!(concat!(
"The wasm32-unknown-unknown targets are not supported by default; \
you may need to enable the \"wasm_js\" configuration flag. Note \
that enabling the `wasm_js` feature flag alone is insufficient. \
For more information see: \
https://docs.rs/getrandom/", env!("CARGO_PKG_VERSION"), "/#webassembly-support"
));
}
}
} else {

@@ -185,0 +213,0 @@ compile_error!(concat!(

+9
-1
src/backends/getrandom.rs

@@ -29,4 +29,12 @@ //! Implementation using getrandom(2).

util_libc::sys_fill_exact(dest, |buf| unsafe {
libc::getrandom(buf.as_mut_ptr().cast(), buf.len(), 0)
let ret = libc::getrandom(buf.as_mut_ptr().cast(), buf.len(), 0);
#[cfg(any(target_os = "android", target_os = "linux"))]
#[allow(unused_unsafe)] // TODO(MSRV 1.65): Remove this.
unsafe {
super::sanitizer::unpoison_linux_getrandom_result(buf, ret);
}
ret
})
}
+4
-2
src/backends/linux_android_with_fallback.rs
//! Implementation for Linux / Android with `/dev/urandom` fallback
use super::use_file;
use super::{sanitizer, use_file};
use crate::Error;

@@ -98,5 +98,7 @@ use core::{

util_libc::sys_fill_exact(dest, |buf| unsafe {
getrandom_fn(buf.as_mut_ptr().cast(), buf.len(), 0)
let ret = getrandom_fn(buf.as_mut_ptr().cast(), buf.len(), 0);
sanitizer::unpoison_linux_getrandom_result(buf, ret);
ret
})
}
}
+16
-9
src/backends/linux_raw.rs
//! Implementation for Linux / Android using `asm!`-based syscalls.
use super::sanitizer;
pub use crate::util::{inner_u32, inner_u64};
use crate::{Error, MaybeUninit};
pub use crate::util::{inner_u32, inner_u64};
#[cfg(not(any(target_os = "android", target_os = "linux")))]

@@ -16,3 +16,3 @@ compile_error!("`linux_raw` backend can be enabled only for Linux/Android targets!");

if #[cfg(target_arch = "arm")] {
const __NR_getrandom: u32 = 384;
// TODO(MSRV-1.78): Also check `target_abi = "eabi"`.
// In thumb-mode, r7 is the frame pointer and is not permitted to be used in

@@ -26,6 +26,6 @@ // an inline asm operand, so we have to use a different register and copy it

"mov {tmp}, r7",
"mov r7, {nr}",
// TODO(MSRV-1.82): replace with `nr = const __NR_getrandom,`
"mov r7, #384",
"svc 0",
"mov r7, {tmp}",
nr = const __NR_getrandom,
tmp = out(reg) _,

@@ -38,2 +38,7 @@ inlateout("r0") buf => r0,

} else if #[cfg(target_arch = "aarch64")] {
// TODO(MSRV-1.78): Also check `any(target_abi = "", target_abi = "ilp32")` above.
// According to the ILP32 patch for the kernel that hasn't yet
// been merged into the mainline, "AARCH64/ILP32 ABI uses standard
// syscall table [...] with the exceptions listed below," where
// getrandom is not mentioned as an exception.
const __NR_getrandom: u32 = 278;

@@ -49,2 +54,3 @@ core::arch::asm!(

} else if #[cfg(target_arch = "loongarch64")] {
// TODO(MSRV-1.78): Also check `any(target_abi = "", target_abi = "ilp32")` above.
const __NR_getrandom: u32 = 278;

@@ -94,6 +100,6 @@ core::arch::asm!(

} else if #[cfg(target_arch = "x86_64")] {
#[cfg(target_pointer_width = "64")]
const __NR_getrandom: u32 = 318;
#[cfg(target_pointer_width = "32")]
const __NR_getrandom: u32 = (1 << 30) + 318;
// TODO(MSRV-1.78): Add `any(target_abi = "", target_abi = "x32")` above.
const __X32_SYSCALL_BIT: u32 = 0x40000000;
const OFFSET: u32 = if cfg!(target_pointer_width = "32") { __X32_SYSCALL_BIT } else { 0 };
const __NR_getrandom: u32 = OFFSET + 318;

@@ -126,2 +132,3 @@ core::arch::asm!(

let ret = unsafe { getrandom_syscall(dest.as_mut_ptr().cast(), dest.len(), 0) };
unsafe { sanitizer::unpoison_linux_getrandom_result(dest, ret) };
match usize::try_from(ret) {

@@ -128,0 +135,0 @@ Ok(0) => return Err(Error::UNEXPECTED),

+1
-1
src/backends/use_file.rs

@@ -30,3 +30,3 @@ //! Implementations that just need to read from a file

// If/when we add support for a target where that isn't the case, we may
// need to use a different atomic type or make other accomodations. The
// need to use a different atomic type or make other accommodations. The
// compiler will let us know if/when that is the case, because the

@@ -33,0 +33,0 @@ // `FD.store(fd)` would fail to compile.

+2
-5
src/backends/wasi_p2.rs
//! Implementation for WASI Preview 2.
use crate::Error;
use core::mem::MaybeUninit;
use wasi::random::random::get_random_u64;
use core::{mem::MaybeUninit, ptr::copy_nonoverlapping};
use wasip2::random::random::get_random_u64;

@@ -19,5 +19,2 @@ #[inline]

pub fn fill_inner(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
use core::ptr::copy_nonoverlapping;
use wasi::random::random::get_random_u64;
let (prefix, chunks, suffix) = unsafe { dest.align_to_mut::<MaybeUninit<u64>>() };

@@ -24,0 +21,0 @@ 

+1
-1
src/backends/windows.rs

@@ -47,3 +47,3 @@ //! Implementation for Windows 10 and later

}
#[allow(clippy::upper_case_acronyms)]
#[allow(clippy::upper_case_acronyms, clippy::incompatible_msrv)]
type BOOL = core::ffi::c_int; // MSRV 1.64, similarly OK for this backend.

@@ -50,0 +50,0 @@ const TRUE: BOOL = 1;

+1
-1
src/error.rs

@@ -203,3 +203,3 @@ #[cfg(feature = "std")]

} else {
write!(f, "OS Error: {}", errno)
write!(f, "OS Error: {errno}")
}

@@ -206,0 +206,0 @@ }

+2
-7
src/lib.rs

@@ -12,3 +12,3 @@ // Overwrite links to crate items with intra-crate links

#![warn(rust_2018_idioms, unused_lifetimes, missing_docs)]
#![cfg_attr(docsrs, feature(doc_auto_cfg))]
#![cfg_attr(docsrs, feature(doc_cfg))]
#![cfg_attr(getrandom_backend = "efi_rng", feature(uefi_std))]

@@ -110,8 +110,3 @@ #![deny(

// since it returned `Ok`.
Ok(unsafe {
#[cfg(getrandom_msan)]
__msan_unpoison(dest.as_mut_ptr().cast(), dest.len());
util::slice_assume_init_mut(dest)
})
Ok(unsafe { util::slice_assume_init_mut(dest) })
}

@@ -118,0 +113,0 @@ 

-45
src/backends/windows7.rs
//! Legacy implementation for Windows XP and later
//!
//! For targets where we cannot use ProcessPrng (added in Windows 10), we use
//! RtlGenRandom. See windows.rs for a more detailed discussion of the Windows
//! RNG APIs (and why we don't use BCryptGenRandom). On versions prior to
//! Windows 10, this implementation is secure. On Windows 10 and later, this
//! implementation behaves identically to the windows.rs implementation, except
//! that it forces the loading of an additonal DLL (advapi32.dll).
//!
//! This implementation will not work on UWP targets (which lack advapi32.dll),
//! but such targets require Windows 10, so can use the standard implementation.
use crate::Error;
use core::{ffi::c_void, mem::MaybeUninit};
pub use crate::util::{inner_u32, inner_u64};
// Binding to the Windows.Win32.Security.Authentication.Identity.RtlGenRandom
// API. Don't use windows-targets as it doesn't support Windows 7 targets.
#[link(name = "advapi32")]
extern "system" {
#[link_name = "SystemFunction036"]
fn RtlGenRandom(randombuffer: *mut c_void, randombufferlength: u32) -> BOOLEAN;
}
#[allow(clippy::upper_case_acronyms)]
type BOOLEAN = u8;
const TRUE: BOOLEAN = 1u8;
#[inline]
pub fn fill_inner(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
// Prevent overflow of u32
let chunk_size = usize::try_from(i32::MAX).expect("Windows does not support 16-bit targets");
for chunk in dest.chunks_mut(chunk_size) {
let chunk_len = u32::try_from(chunk.len()).expect("chunk size is bounded by i32::MAX");
let ret = unsafe { RtlGenRandom(chunk.as_mut_ptr().cast::<c_void>(), chunk_len) };
if ret != TRUE {
return Err(Error::WINDOWS_RTL_GEN_RANDOM);
}
}
Ok(())
}
impl Error {
/// Call to Windows [`RtlGenRandom`](https://docs.microsoft.com/en-us/windows/win32/api/ntsecapi/nf-ntsecapi-rtlgenrandom) failed.
pub(crate) const WINDOWS_RTL_GEN_RANDOM: Error = Self::new_internal(10);
}
Cargo.toml.orig

Sorry, the diff of this file is not supported yet