-
Notifications
You must be signed in to change notification settings - Fork 194
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use /dev/urandom on macOS #38
Comments
Miri would be sad about this, as we can hook Cc @oli-obk |
Note that |
As is noted in the second comment from briansmith/ring#149 Interestingly MacOS supports a My suggestion would be to take the same approach on MacOS as Linux. Try the For iOS we would try If we agree with this approach I am happy to implement. @RalfJung I think this would also make Miri happy. |
At first glance looks good to me and it will be great if you'll implement it! But before doing it I think we should wait for #13 to be closed first. |
The dedicated syscall for Linux works great for Miri, so I suppose the same would be true for macOS. :) |
Let me see if I'm understanding this correctly. We don't want to use
First, iOS:
Both of the downsides to using Now, macOS:
The main problem with this approach is that it's not supported on macOS. Unlike Linux, which has a stable syscall API, the stable API for macOS is the libc and other system libraries/frameworks. This means that there's not a way to "check" if Given this, it seems like the implementation options for macOS are:
Despite it's weirdness, I think approch (2) is the best, as we already have similar implementations, and it seems to solve most of the problems raised in rust-lang/rust#62082 |
Grand Central Dispatch is not initialised until the first call to By syscall I mean calling a function provided by So yes I agree with your option 2. This pattern is used fairly regularly in Rust's libstd and I think is compatible with miri. There's even a macro for it! |
|
@ebarnard that's awesome info (especially the macro), it's good to know that weak linkage is more reliable than I thought! So I think we're agreed with what to do here:
|
I've been looking into the iOS situation a bit more and it seems the header Therefore presumably it is a private API so we should probably just stick to using only |
Yes, it behaves similarly to the OpenBSD syscall so we would need |
@ebarnard |
Sounds very reasonable to me. |
See this comment by @RalfJung. It also should help with rust-random/rand#733.
Open question: do we need to read one byte from
/dev/random
to ensure that entropy pool has initialized?cc @ebarnard
The text was updated successfully, but these errors were encountered: