rust-random
diff --git a/‎README.md
Lines changed: 285 additions & 27 deletions b/‎README.md
Lines changed: 285 additions & 27 deletions
@@ -1,22 +1,10 @@
-# getrandom
+# getrandom: (operating) system's random number generator
 
 [![Build Status]][GitHub Actions] [![Crate]][crates.io] [![Documentation]][docs.rs] [![Dependency Status]][deps.rs] [![Downloads]][crates.io] [![License]][LICENSE-MIT]
 
-[GitHub Actions]: https://github.com/rust-random/getrandom/actions?query=workflow:Tests+branch:master
-[Build Status]: https://github.com/rust-random/getrandom/actions/workflows/tests.yml/badge.svg?branch=master
-[crates.io]: https://crates.io/crates/getrandom
-[Crate]: https://img.shields.io/crates/v/getrandom
-[docs.rs]: https://docs.rs/getrandom
-[Documentation]: https://docs.rs/getrandom/badge.svg
-[deps.rs]: https://deps.rs/repo/github/rust-random/getrandom
-[Dependency Status]: https://deps.rs/repo/github/rust-random/getrandom/status.svg
-[Downloads]: https://img.shields.io/crates/d/getrandom
-[LICENSE-MIT]: https://raw.githubusercontent.com/rust-random/getrandom/master/LICENSE-MIT
-[License]: https://img.shields.io/crates/l/getrandom
-
+`getrandom` is a Rust library for retrieving random data from (operating) system sources.
 
-A Rust library for retrieving random data from (operating) system sources. It is
-assumed that the system always provides high-quality cryptographically secure random
+It is assumed that the system always provides high-quality cryptographically secure random
 data, ideally backed by hardware entropy sources. This crate derives its name
 from Linux's `getrandom` function, but is cross-platform, roughly supporting
 the same set of platforms as Rust's `std` lib.
@@ -35,7 +23,7 @@ Add this to your `Cargo.toml`:
 getrandom = "0.2"
 ```
 
-Then invoke the `getrandom` function:
+Then invoke the `fill` function:
 
 ```rust
 fn get_random_buf() -> Result<[u8; 32], getrandom::Error> {
@@ -45,22 +33,231 @@ fn get_random_buf() -> Result<[u8; 32], getrandom::Error> {
 }
 ```
 
-For more information about supported targets, entropy sources, `no_std` targets,
-crate features, WASM support and Custom RNGs see the
-[`getrandom` documentation](https://docs.rs/getrandom/latest) and
-[`getrandom::Error` documentation](https://docs.rs/getrandom/latest/getrandom/struct.Error.html).
+## Supported targets
 
-## Minimum Supported Rust Version
+| Target             | Target Triple      | Implementation
+| ------------------ | ------------------ | --------------
+| Linux, Android     | `*‑linux‑*`        | [`getrandom`][1] system call if available, otherwise [`/dev/urandom`][2] after successfully polling `/dev/random`
+| Windows 10+        | `*‑windows‑*`      | [`ProcessPrng`]
+| Windows 7, 8       | `*-win7‑windows‑*` | [`RtlGenRandom`]
+| macOS              | `*‑apple‑darwin`   | [`getentropy`][3]
+| iOS, tvOS, watchOS | `*‑apple‑{ios,tvos,watchos}` | [`CCRandomGenerateBytes`]
+| FreeBSD            | `*‑freebsd`        | [`getrandom`][5]
+| OpenBSD            | `*‑openbsd`        | [`getentropy`][7]
+| NetBSD             | `*‑netbsd`         | [`getrandom`][16] if available, otherwise [`kern.arandom`][8]
+| Dragonfly BSD      | `*‑dragonfly`      | [`getrandom`][9]
+| Solaris            | `*‑solaris`        | [`getrandom`][11] with `GRND_RANDOM`
+| illumos            | `*‑illumos`        | [`getrandom`][12]
+| Fuchsia OS         | `*‑fuchsia`        | [`cprng_draw`]
+| Redox              | `*‑redox`          | `/dev/urandom`
+| Haiku              | `*‑haiku`          | `/dev/urandom` (identical to `/dev/random`)
+| Hermit             | `*-hermit`         | [`sys_read_entropy`]
+| Hurd               | `*-hurd-*`         | [`getrandom`][17]
+| SGX                | `x86_64‑*‑sgx`     | [`RDRAND`]
+| VxWorks            | `*‑wrs‑vxworks‑*`  | `randABytes` after checking entropy pool initialization with `randSecure`
+| Emscripten         | `*‑emscripten`     | [`getentropy`][13]
+| WASI 0.1           | `wasm32‑wasip1`    | [`random_get`]
+| WASI 0.2           | `wasm32‑wasip2`    | [`get-random-u64`]
+| SOLID              | `*-kmc-solid_*`    | `SOLID_RNG_SampleRandomBytes`
+| Nintendo 3DS       | `*-nintendo-3ds`   | [`getrandom`][18]
+| PS Vita            | `*-vita-*`         | [`getentropy`][13]
+| QNX Neutrino       | `*‑nto-qnx*`       | [`/dev/urandom`][14] (identical to `/dev/random`)
+| AIX                | `*-ibm-aix`        | [`/dev/urandom`][15]
 
-This crate requires Rust 1.60.0 or later.
+Pull Requests that add support for new targets to `getrandom` are always welcome.
+
+### Opt-in backends
+
+`getrandom` also provides optional backends which can be enabled using `getrandom_backend`
+configuration flag:
+
+| Backend name      | Target               | Target Triple        | Implementation
+| ----------------- | -------------------- | -------------------- | --------------
+| `linux_getrandom` | Linux, Android       | `*‑linux‑*`          | [`getrandom`][1] system call (without `/dev/urandom` fallback). Bumps minimum supported Linux kernel version to 3.17 and Android API level to 23 (Marshmallow).
+| `linux_rustix`    | Linux, Android       | `*‑linux‑*`          | Same as `linux_getrandom`, but uses [`rustix`] instead of `libc`.
+| `rdrand`          | x86, x86-64          | `x86_64-*`, `i686-*` | [`RDRAND`] instruction
+| `rndr`            | AArch64              | `aarch64-*`          | [`RNDR`] register
+| `esp_idf`         | ESP-IDF              | `*‑espidf`           | [`esp_fill_random`]. WARNING: can return low quality entropy without proper hardware configuration!
+| `wasm_js`         | Web Browser, Node.js | `wasm*‑*‑unknown`    | [`Crypto.getRandomValues`] if available, then [`crypto.randomFillSync`] if on Node.js (see [WebAssembly support])
+| `custom`          | All targets          | `*`                  | User-provided custom implementation (see [custom backend])
+
+The configuration flag can be enabled either by specifying the `rustflags` field in
+[`.cargo/config.toml`] (note that it can be done on a per-target basis), or by using
+`RUSTFLAGS` environment variable:
+
+```sh
+RUSTFLAGS='--cfg getrandom_backend="linux_getrandom"' cargo build
+```
+
+Enabling an opt-in backend will replace backend used by default. Doing it for a wrong target
+(e.g. using `linux_getrandom` while compiling for a Windows target) will result
+in a compilation error. Be extremely carefull while using opt-in backends, since incorrect
+configuration may result in vulnerable or in always panicking applications.
+
+Note that using an opt-in backend in a library (e.g. for tests or benchmarks)
+WILL NOT have any effect on its downstream users.
+
+[`.cargo/config.toml`]: https://doc.rust-lang.org/cargo/reference/config.html
+
+### WebAssembly support
+
+This crate fully supports the [WASI] and [Emscripten] targets. However,
+the `wasm32-unknown-unknown` target (i.e. the target used by `wasm-pack`)
+is not automatically supported since, from the target name alone, we cannot deduce
+which JavaScript interface should be used (or if JavaScript is available at all).
+
+Instead, *if the `wasm_js` backend is enabled*, this crate will assume
+that you are building for an environment containing JavaScript, and will
+call the appropriate methods. Both web browser (main window and Web Workers)
+and Node.js environments are supported, invoking the methods
+[described above](#opt-in-backends) using the [`wasm-bindgen`] toolchain.
+
+To enable the `wasm_js` backend, you can add the following lines to your
+project's `.cargo/config.toml` file:
+```toml
+[target.wasm32-unknown-unknown]
+rustflags = ['--cfg', 'getrandom_backend="wasm_js"']
+```
+
+#### Node.js ES module support
+
+Node.js supports both [CommonJS modules] and [ES modules]. Due to
+limitations in wasm-bindgen's [`module`] support, we cannot directly
+support ES Modules running on Node.js. However, on Node v15 and later, the
+module author can add a simple shim to support the Web Cryptography API:
+```js
+import { webcrypto } from 'node:crypto'
+globalThis.crypto = webcrypto
+```
+This crate will then use the provided `webcrypto` implementation.
+
+### Custom backend
+
+If this crate does not support your target out of box or you have to use
+a non-default entropy source, then you can provide a custom implementation.
+You need to enable the custom backend as described in the [configuration flags]
+section. Next, you need to define an `extern` function with the following
+signature:
+
+```rust
+use getrandom::Error;
+
+#[no_mangle]
+unsafe extern "Rust" fn __getrandom_v03_custom(
+    dest: *mut u8,
+    len: usize,
+) -> Result<(), Error> {
+    todo!()
+}
+```
+
+This function ideally should be defined in the root crate of your project,
+e.g. in your `main.rs`. This function MUST be defined only once for your
+project, i.e. upstream library crates SHOULD NOT define it outside of
+tests and benchmarks. Improper configuration of this backend may result
+in linking errors.
+
+The function accepts pointer to buffer which should be filled with random
+data and length in bytes. Note that the buffer MAY be uninitialized.
+On success the function should return 0 and fully fill the input buffer,
+every other return result will be interpreted as an error code.
+
+If you are confident that `getrandom` is not used in your project, but
+it gets pulled nevertheless by one of your dependencies, then you can
+use the following custom backend which always returns "unsupported" error:
+```rust
+use getrandom::Error;
+
+#[no_mangle]
+unsafe extern "Rust" fn __getrandom_v03_custom(
+    dest: *mut u8,
+    len: usize,
+) -> Result<(), Error> {
+    Err(Error::UNSUPPORTED)
+}
+```
+
+### Platform Support
+This crate generally supports the same operating system and platform versions
+that the Rust standard library does. Additional targets may be supported using
+pluggable custom implementations.
+
+This means that as Rust drops support for old versions of operating systems
+(such as old Linux kernel versions, Android API levels, etc) in stable releases,
+`getrandom` may create new patch releases (`0.N.x`) that remove support for
+outdated platform versions.
+
+### `/dev/urandom` fallback on Linux and Android
+
+On Linux targets the fallback is present only if either `target_env` is `musl`,
+or `target_arch` is one of the following: `aarch64`, `arm`, `powerpc`, `powerpc64`,
+`s390x`, `x86`, `x86_64`. Other supported targets [require][platform-support]
+kernel versions which support `getrandom` system call, so fallback is not needed.
+
+On Android targets the fallback is present only for the following `target_arch`es:
+`aarch64`, `arm`, `x86`, `x86_64`. Other `target_arch`es (e.g. RISC-V) require
+sufficiently high API levels.
+
+The fallback can be disabled by enabling the `linux_getrandom` opt-in backend.
+Note that doing so will bump minimum supported Linux kernel version to 3.17 and
+Android API level to 23 (Marshmallow).
+
+### Early boot
 
-## Platform Support
+Sometimes, early in the boot process, the OS has not collected enough
+entropy to securely seed its RNG. This is especially common on virtual
+machines, where standard "random" events are hard to come by.
 
-This crate generally supports the same operating system and platform versions that the Rust standard library does. 
-Additional targets may be supported using pluggable custom implementations.
+Some operating system interfaces always block until the RNG is securely
+seeded. This can take anywhere from a few seconds to more than a minute.
+A few (Linux, NetBSD and Solaris) offer a choice between blocking and
+getting an error; in these cases, we always choose to block.
 
-This means that as Rust drops support for old versions of operating systems (such as old Linux kernel versions, Android API levels, etc)
-in stable releases, `getrandom` may create new patch releases (`0.N.x`) that remove support for outdated platform versions.
+On Linux (when the `getrandom` system call is not available), reading from
+`/dev/urandom` never blocks, even when the OS hasn't collected enough
+entropy yet. To avoid returning low-entropy bytes, we first poll
+`/dev/random` and only switch to `/dev/urandom` once this has succeeded.
+
+On OpenBSD, this kind of entropy accounting isn't available, and on
+NetBSD, blocking on it is discouraged. On these platforms, nonblocking
+interfaces are used, even when reliable entropy may not be available.
+On the platforms where it is used, the reliability of entropy accounting
+itself isn't free from controversy. This library provides randomness
+sourced according to the platform's best practices, but each platform has
+its own limits on the grade of randomness it can promise in environments
+with few sources of entropy.
+
+## Error handling
+
+We always choose failure over returning known insecure "random" bytes. In
+general, on supported platforms, failure is highly unlikely, though not
+impossible. If an error does occur, then it is likely that it will occur
+on every call to `getrandom`, hence after the first successful call one
+can be reasonably confident that no errors will occur.
+
+## Panic handling
+
+We strive to eliminate all potential panics from our implementation.
+In other words, when compiled with enabled optimizations, generated
+binary code for `getrandom` functions should not contain any panic
+branches. Even if platform misbiheaves and returns an unexpected
+result, our code should correctly handle it and return an error like
+[`Error::UNEXPECTED`].
+
+## Sanitizer support
+
+If your code uses [`fill_uninit`] and you use memory sanitizer
+(i.e. `-Zsanitizer=memory`), then you need to pass `getrandom_sanitize`
+configuration flag for `fill_uninit` to unpoison destination buffer.
+
+For example, it can be done like this (requires Nightly compiler):
+```sh
+RUSTFLAGS="-Zsanitizer=memory --cfg getrandom_sanitize" cargo test -Zbuild-std --target=x86_64-unknown-linux-gnu
+```
+
+## Minimum Supported Rust Version
+
+This crate requires Rust 1.60.0 or later.
 
 ## License
 
@@ -77,5 +274,66 @@ Unless you explicitly state otherwise, any contribution intentionally submitted
 for inclusion in the work by you, as defined in the Apache-2.0 license, shall be
 dual licensed as above, without any additional terms or conditions.
 
+[//]: # (badges)
+
+[GitHub Actions]: https://github.com/rust-random/getrandom/actions?query=workflow:Tests+branch:master
+[Build Status]: https://github.com/rust-random/getrandom/actions/workflows/tests.yml/badge.svg?branch=master
+[crates.io]: https://crates.io/crates/getrandom
+[Crate]: https://img.shields.io/crates/v/getrandom
+[docs.rs]: https://docs.rs/getrandom
+[Documentation]: https://docs.rs/getrandom/badge.svg
+[deps.rs]: https://deps.rs/repo/github/rust-random/getrandom
+[Dependency Status]: https://deps.rs/repo/github/rust-random/getrandom/status.svg
+[Downloads]: https://img.shields.io/crates/d/getrandom
+[License]: https://img.shields.io/crates/l/getrandom
+
+[//]: # (supported targets)
+
+[1]: https://manned.org/getrandom.2
+[2]: https://manned.org/urandom.4
+[3]: https://www.unix.com/man-page/mojave/2/getentropy/
+[4]: https://www.unix.com/man-page/mojave/4/urandom/
+[5]: https://www.freebsd.org/cgi/man.cgi?query=getrandom&manpath=FreeBSD+12.0-stable
+[7]: https://man.openbsd.org/getentropy.2
+[8]: https://man.netbsd.org/sysctl.7
+[9]: https://leaf.dragonflybsd.org/cgi/web-man?command=getrandom
+[11]: https://docs.oracle.com/cd/E88353_01/html/E37841/getrandom-2.html
+[12]: https://illumos.org/man/2/getrandom
+[13]: https://github.com/emscripten-core/emscripten/pull/12240
+[14]: https://www.qnx.com/developers/docs/7.1/index.html#com.qnx.doc.neutrino.utilities/topic/r/random.html
+[15]: https://www.ibm.com/docs/en/aix/7.3?topic=files-random-urandom-devices
+[16]: https://man.netbsd.org/getrandom.2
+[17]: https://www.gnu.org/software/libc/manual/html_mono/libc.html#index-getrandom
+[18]: https://github.com/rust3ds/shim-3ds/commit/b01d2568836dea2a65d05d662f8e5f805c64389d
+
+[`ProcessPrng`]: https://learn.microsoft.com/en-us/windows/win32/seccng/processprng
+[`RtlGenRandom`]: https://learn.microsoft.com/en-us/windows/win32/api/ntsecapi/nf-ntsecapi-rtlgenrandom
+[`Crypto.getRandomValues`]: https://www.w3.org/TR/WebCryptoAPI/#Crypto-method-getRandomValues
+[`RDRAND`]: https://software.intel.com/en-us/articles/intel-digital-random-number-generator-drng-software-implementation-guide
+[`RNDR`]: https://developer.arm.com/documentation/ddi0601/2024-06/AArch64-Registers/RNDR--Random-Number
+[`CCRandomGenerateBytes`]: https://opensource.apple.com/source/CommonCrypto/CommonCrypto-60074/include/CommonRandom.h.auto.html
+[`cprng_draw`]: https://fuchsia.dev/fuchsia-src/zircon/syscalls/cprng_draw
+[`crypto.randomFillSync`]: https://nodejs.org/api/crypto.html#cryptorandomfillsyncbuffer-offset-size
+[`esp_fill_random`]: https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/random.html#_CPPv415esp_fill_randomPv6size_t
+[`random_get`]: https://github.com/WebAssembly/WASI/blob/snapshot-01/phases/snapshot/docs.md#-random_getbuf-pointeru8-buf_len-size---errno
+[`get-random-u64`]: https://github.com/WebAssembly/WASI/blob/v0.2.1/wasip2/random/random.wit#L23-L28
+[WebAssembly support]: #webassembly-support
+[configuration flags]: #configuration-flags
+[custom backend]: #custom-backend
+[`wasm-bindgen`]: https://github.com/rustwasm/wasm-bindgen
+[`module`]: https://rustwasm.github.io/wasm-bindgen/reference/attributes/on-js-imports/module.html
+[CommonJS modules]: https://nodejs.org/api/modules.html
+[ES modules]: https://nodejs.org/api/esm.html
+[`sys_read_entropy`]: https://github.com/hermit-os/kernel/blob/315f58ff5efc81d9bf0618af85a59963ff55f8b1/src/syscalls/entropy.rs#L47-L55
+[platform-support]: https://doc.rust-lang.org/stable/rustc/platform-support.html
+[WASI]: https://github.com/CraneStation/wasi
+[Emscripten]: https://www.hellorust.com/setup/emscripten/
+[`rustix`]: https://docs.rs/rustix
+
+[//]: # (licenses)
+
 [LICENSE-APACHE]: https://github.com/rust-random/getrandom/blob/master/LICENSE-APACHE
 [LICENSE-MIT]: https://github.com/rust-random/getrandom/blob/master/LICENSE-MIT
+
+[`Error::UNEXPECTED`]: https://docs.rs/getrandom/latest/getrandom/struct.Error.html#associatedconstant.UNEXPECTED
+[`fill_uninit`]: https://docs.rs/getrandom/latest/getrandom/fn.fill_uninit.html