Merge branch 'master' into log-display

Author: dhardy

README.md

@@ -25,9 +25,6 @@ extern crate rand;
 
 ### Versions
 
-The `rand` crate has been at version `0.3` since March 2015. If you wish to
-avoid all breaking changes you may wish to stick with this version.
-
 Version `0.4`was released in December 2017. It contains almost no breaking
 changes since the `0.3` series, but nevertheless contains some significant
 new code, including a new "external" entropy source (`JitterRng`) and `no_std`

rand-derive/README.md

@@ -9,7 +9,7 @@ Add this to your `Cargo.toml`:
 
 ```toml
 [dependencies]
-rand = "0.3"
+rand = "0.4"
 rand_macros = "0.2"
 ```
 

src/jitter.rs

@@ -742,7 +742,12 @@ impl Rng for JitterRng {
     }
 
     fn fill_bytes(&mut self, dest: &mut [u8]) {
-        impls::fill_bytes_via_u64(self, dest)
+        // Fill using `next_u32`. This is faster for filling small slices (four
+        // bytes or less), while the overhead is negligible.
+        //
+        // This is done especially for wrappers that implement `next_u32`
+        // themselves via `fill_bytes`.
+        impls::fill_bytes_via_u32(self, dest)
     }
 }
 

src/lib.rs

@@ -239,7 +239,7 @@
 
 #![doc(html_logo_url = "https://www.rust-lang.org/logos/rust-logo-128x128-blk.png",
        html_favicon_url = "https://www.rust-lang.org/favicon.ico",
-       html_root_url = "https://docs.rs/rand/0.3")]
+       html_root_url = "https://docs.rs/rand/0.4")]
 
 #![deny(missing_debug_implementations)]
 
@@ -259,6 +259,7 @@
 #[cfg(not(feature = "log"))] macro_rules! debug { ($($x:tt)*) => () }
 #[cfg(all(feature="std", not(feature = "log")))] macro_rules! info { ($($x:tt)*) => () }
 #[cfg(all(feature="std", not(feature = "log")))] macro_rules! warn { ($($x:tt)*) => () }
+#[cfg(all(feature="std", not(feature = "log")))] macro_rules! error { ($($x:tt)*) => () }
 
 
 use core::{marker, mem};
@@ -287,7 +288,7 @@ use prng::Isaac64Rng as IsaacWordRng;
 
 use distributions::{Range, IndependentSample};
 use distributions::range::SampleRange;
-#[cfg(feature="std")] use reseeding::{ReseedingRng, ReseedWithNew};
+#[cfg(feature="std")] use reseeding::ReseedingRng;
 
 // public modules
 pub mod distributions;
@@ -843,29 +844,7 @@ pub trait NewRng: SeedableRng {
 #[cfg(feature="std")]
 impl<R: SeedableRng> NewRng for R {
     fn new() -> Result<Self, Error> {
-        // Note: error handling would be easier with try/catch blocks
-        fn new_os<T: SeedableRng>() -> Result<T, Error> {
-            let mut r = OsRng::new()?;
-            T::from_rng(&mut r)
-        }
-
-        fn new_jitter<T: SeedableRng>() -> Result<T, Error> {
-            let mut r = JitterRng::new()?;
-            T::from_rng(&mut r)
-        }
-
-        trace!("Seeding new RNG");
-        new_os().or_else(|e1| {
-            warn!("OsRng failed [falling back to JitterRng]: {}", e1);
-            new_jitter().map_err(|_e2| {
-                warn!("JitterRng failed: {}", _e2);
-                // TODO: can we somehow return both error sources?
-                Error::with_cause(
-                    ErrorKind::Unavailable,
-                    "seeding a new RNG failed: both OS and Jitter entropy sources failed",
-                    e1)
-            })
-        })
+        R::from_rng(EntropyRng::new())
     }
 }
 
@@ -963,20 +942,19 @@ pub fn weak_rng() -> XorShiftRng {
 #[cfg(feature="std")]
 #[derive(Clone, Debug)]
 pub struct ThreadRng {
-    rng: Rc<RefCell<ReseedingRng<StdRng, ReseedWithNew>>>,
+    rng: Rc<RefCell<ReseedingRng<StdRng, EntropyRng>>>,
 }
 
 #[cfg(feature="std")]
 thread_local!(
-    static THREAD_RNG_KEY: Rc<RefCell<ReseedingRng<StdRng, ReseedWithNew>>> = {
+    static THREAD_RNG_KEY: Rc<RefCell<ReseedingRng<StdRng, EntropyRng>>> = {
         const THREAD_RNG_RESEED_THRESHOLD: u64 = 32_768;
-        let r = match StdRng::new() {
-            Ok(r) => r,
-            Err(e) => panic!("could not initialize thread_rng: {:?}", e)
-        };
+        let mut entropy_source = EntropyRng::new();
+        let r = StdRng::from_rng(&mut entropy_source)
+            .expect("could not initialize thread_rng");
         let rng = ReseedingRng::new(r,
                                     THREAD_RNG_RESEED_THRESHOLD,
-                                    ReseedWithNew);
+                                    entropy_source);
         Rc::new(RefCell::new(rng))
     }
 );
@@ -1017,6 +995,127 @@ impl Rng for ThreadRng {
     }
 }
 
+/// An RNG provided specifically for seeding PRNG's.
+///
+/// `EntropyRng` uses the interface for random numbers provided by the operating
+/// system ([`OsRng`]). If that returns an error, it will fall back to the
+/// [`JitterRng`] entropy collector. Every time it will then check if `OsRng`
+/// is still not available, and switch back if possible.
+///
+/// [`OsRng`]: os/struct.OsRng.html
+/// [`JitterRng`]: jitter/struct.JitterRng.html
+#[cfg(feature="std")]
+#[derive(Debug)]
+pub struct EntropyRng {
+    rng: EntropySource,
+}
+
+#[cfg(feature="std")]
+#[derive(Debug)]
+enum EntropySource {
+    Os(OsRng),
+    Jitter(JitterRng),
+    None,
+}
+
+#[cfg(feature="std")]
+impl EntropyRng {
+    /// Create a new `EntropyRng`.
+    ///
+    /// This method will do no system calls or other initialization routines,
+    /// those are done on first use. This is done to make `new` infallible,
+    /// and `try_fill_bytes` the only place to report errors.
+    pub fn new() -> Self {
+        EntropyRng { rng: EntropySource::None }
+    }
+}
+
+#[cfg(feature="std")]
+impl Rng for EntropyRng {
+    fn next_u32(&mut self) -> u32 {
+        impls::next_u32_via_fill(self)
+    }
+
+    fn next_u64(&mut self) -> u64 {
+        impls::next_u64_via_fill(self)
+    }
+
+    fn fill_bytes(&mut self, dest: &mut [u8]) {
+        self.try_fill_bytes(dest).unwrap();
+    }
+
+    fn try_fill_bytes(&mut self, dest: &mut [u8]) -> Result<(), Error> {
+        fn try_os_new(dest: &mut [u8]) -> Result<OsRng, Error>
+        {
+            let mut rng = OsRng::new()?;
+            rng.try_fill_bytes(dest)?;
+            Ok(rng)
+        }
+
+        fn try_jitter_new(dest: &mut [u8]) -> Result<JitterRng, Error>
+        {
+            let mut rng = JitterRng::new()?;
+            rng.try_fill_bytes(dest)?;
+            Ok(rng)
+        }
+
+        let mut switch_rng = None;
+        match self.rng {
+            EntropySource::None => {
+                let os_rng_result = try_os_new(dest);
+                match os_rng_result {
+                    Ok(os_rng) => {
+                        switch_rng = Some(EntropySource::Os(os_rng));
+                    }
+                    Err(os_rng_error) => {
+                        warn!("EntropyRng: OsRng failed [falling back to JitterRng]: {}",
+                              os_rng_error);
+                        match try_jitter_new(dest) {
+                            Ok(jitter_rng) => {
+                                switch_rng = Some(EntropySource::Jitter(jitter_rng));
+                            }
+                            Err(_jitter_error) => {
+                                warn!("EntropyRng: JitterRng failed: {}",
+                                      _jitter_error);
+                                return Err(os_rng_error);
+                            }
+                        }
+                    }
+                }
+            }
+            EntropySource::Os(ref mut rng) => {
+                let os_rng_result = rng.try_fill_bytes(dest);
+                if let Err(os_rng_error) = os_rng_result {
+                    warn!("EntropyRng: OsRng failed [falling back to JitterRng]: {}",
+                          os_rng_error);
+                    match try_jitter_new(dest) {
+                        Ok(jitter_rng) => {
+                            switch_rng = Some(EntropySource::Jitter(jitter_rng));
+                        }
+                        Err(_jitter_error) => {
+                            warn!("EntropyRng: JitterRng failed: {}",
+                                  _jitter_error);
+                            return Err(os_rng_error);
+                        }
+                    }
+                }
+            }
+            EntropySource::Jitter(ref mut rng) => {
+                if let Ok(os_rng) = try_os_new(dest) {
+                    info!("EntropyRng: OsRng available [switching back from JitterRng]");
+                    switch_rng = Some(EntropySource::Os(os_rng));
+                } else {
+                    return rng.try_fill_bytes(dest); // use JitterRng
+                }
+            }
+        }
+        if let Some(rng) = switch_rng {
+            self.rng = rng;
+        }
+        Ok(())
+    }
+}
+
 /// Generates a random value using the thread-local random number generator.
 ///
 /// `random()` can generate various types of random things, and so may require

src/os.rs

@@ -64,48 +64,52 @@ impl Rng for OsRng {
     }
 
     fn fill_bytes(&mut self, dest: &mut [u8]) {
+        use std::{time, thread};
+
         // We cannot return Err(..), so we try to handle before panicking.
-        const WAIT_DUR_MS: u32 = 100;   // retry every 100ms
-        const MAX_WAIT: u32 = (10 * 1000) / WAIT_DUR_MS;    // max 10s
-        const TRANSIENT_STEP: u32 = MAX_WAIT / 8;
+        const MAX_RETRY_PERIOD: u32 = 10; // max 10s
+        const WAIT_DUR_MS: u32 = 100; // retry every 100ms
+        let wait_dur = time::Duration::from_millis(WAIT_DUR_MS as u64);
+        const RETRY_LIMIT: u32 = (MAX_RETRY_PERIOD * 1000) / WAIT_DUR_MS;
+        const TRANSIENT_RETRIES: u32 = 8;
         let mut err_count = 0;
-        let mut log_err = 0;    // log when err_count >= log_err
-        
+        let mut error_logged = false;
+
         loop {
             if let Err(e) = self.try_fill_bytes(dest) {
-                if log_err == 0 {
-                    warn!("OsRng failed: {}", e);
+                if err_count >= RETRY_LIMIT {
+                    error!("OsRng failed too many times; last error: {:?}", e);
+                    panic!("OsRng failed too many times; last error: {:?}", e);
                 }
-                
-                if e.kind().should_retry() {
-                    if err_count > MAX_WAIT {
-                        panic!("Too many RNG errors or timeout; last error: {}", e.msg());
-                    }
-                    
-                    if e.kind().should_wait() {
-                        err_count += 1;
-                        if err_count >= log_err {
-                            log_err += TRANSIENT_STEP;
-                            warn!("OsRng: waiting and retrying ...");
-                        }
-                        #[cfg(feature="std")]{
-                            let dur = ::std::time::Duration::from_millis(WAIT_DUR_MS as u64);
-                            ::std::thread::sleep(dur);
+
+                match e.kind() {
+                    ErrorKind::Transient => {
+                        if !error_logged {
+                            warn!("OsRng failed; retrying up to {} times. Error: {:?}",
+                                    TRANSIENT_RETRIES, e);
+                            error_logged = true;
                         }
-                    } else {
-                        err_count += TRANSIENT_STEP;
-                        if err_count >= log_err {
-                            log_err += TRANSIENT_STEP;
-                            warn!("OsRng: retrying ...");
+                        err_count += (RETRY_LIMIT + TRANSIENT_RETRIES - 1)
+                                / TRANSIENT_RETRIES;    // round up
+                        continue;
+                    }
+                    ErrorKind::NotReady => {
+                        if !error_logged {
+                            warn!("OsRng failed; waiting up to {}s and retrying. Error: {:?}",
+                                    MAX_RETRY_PERIOD, e);
+                            error_logged = true;
                         }
+                        err_count += 1;
+                        thread::sleep(wait_dur);
+                        continue;
+                    }
+                    _ => {
+                        error!("OsRng failed: {:?}", e);
+                        panic!("OsRng fatal error: {:?}", e);
                     }
-                    
-                    continue;
                 }
-                
-                panic!("Fatal RNG error: {}", e.msg());
             }
-            
+
             break;
         }
     }
@@ -239,7 +243,11 @@ mod imp {
                     // Potentially this would waste bytes, but since we use
                     // /dev/urandom blocking only happens if not initialised.
                     // Also, wasting the bytes in v doesn't matter very much.
-                    return Err(Error::new(ErrorKind::NotReady, "getrandom not ready"));
+                    return Err(Error::with_cause(
+                        ErrorKind::NotReady,
+                        "getrandom not ready",
+                        err,
+                    ));
                 } else {
                     return Err(Error::with_cause(
                         ErrorKind::Unavailable,
@@ -338,12 +346,16 @@ mod imp {
 
         pub fn try_fill_bytes(&mut self, v: &mut [u8]) -> Result<(), Error> {
             trace!("OsRng: reading {} bytes via cloadabi::random_get", v.len());
-            if unsafe { cloudabi::random_get(v) } == cloudabi::errno::SUCCESS {
+            let errno = unsafe { cloudabi::random_get(v) };
+            if errno == cloudabi::errno::SUCCESS {
                 Ok(())
             } else {
-                Err(Error::new(
+                // Cloudlibc provides its own `strerror` implementation so we
+                // can use `from_raw_os_error` here.
+                Err(Error::with_cause(
                     ErrorKind::Unavailable,
                     "random_get() system call failed",
+                    io::Error::from_raw_os_error(errno),
                 ))
             }
         }
@@ -421,9 +433,10 @@ mod imp {
                                  ptr::null(), 0)
                 };
                 if ret == -1 || s_len != s.len() {
-                    return Err(Error::new(
+                    return Err(Error::with_cause(
                         ErrorKind::Unavailable,
-                        "kern.arandom sysctl failed"));
+                        "kern.arandom sysctl failed",
+                        io::Error::last_os_error()));
                 }
             }
             Ok(())