summaryrefslogtreecommitdiffstats
path: root/third_party/rust/getrandom/src/apple-other.rs
diff options
context:
space:
mode:
Diffstat (limited to 'third_party/rust/getrandom/src/apple-other.rs')
-rw-r--r--third_party/rust/getrandom/src/apple-other.rs27
1 files changed, 12 insertions, 15 deletions
diff --git a/third_party/rust/getrandom/src/apple-other.rs b/third_party/rust/getrandom/src/apple-other.rs
index 8f904859ca..167d8cf0fa 100644
--- a/third_party/rust/getrandom/src/apple-other.rs
+++ b/third_party/rust/getrandom/src/apple-other.rs
@@ -1,24 +1,21 @@
-// Copyright 2018 Developers of the Rand project.
-//
-// Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
-// https://www.apache.org/licenses/LICENSE-2.0> or the MIT license
-// <LICENSE-MIT or https://opensource.org/licenses/MIT>, at your
-// option. This file may not be copied, modified, or distributed
-// except according to those terms.
-
-//! Implementation for iOS
+//! Implementation for iOS, tvOS, and watchOS where `getentropy` is unavailable.
use crate::Error;
-use core::{ffi::c_void, mem::MaybeUninit, ptr::null};
+use core::{ffi::c_void, mem::MaybeUninit};
-#[link(name = "Security", kind = "framework")]
+// libsystem contains the libc of Darwin, and every binary ends up linked against it either way. This
+// makes it a more lightweight choice compared to `Security.framework`.
extern "C" {
- fn SecRandomCopyBytes(rnd: *const c_void, count: usize, bytes: *mut u8) -> i32;
+ // This RNG uses a thread-local CSPRNG to provide data, which is seeded by the operating system's root CSPRNG.
+ // Its the best option after `getentropy` on modern Darwin-based platforms that also avoids the
+ // high startup costs and linking of Security.framework.
+ //
+ // While its just an implementation detail, `Security.framework` just calls into this anyway.
+ fn CCRandomGenerateBytes(bytes: *mut c_void, size: usize) -> i32;
}
pub fn getrandom_inner(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
- // Apple's documentation guarantees kSecRandomDefault is a synonym for NULL.
- let ret = unsafe { SecRandomCopyBytes(null(), dest.len(), dest.as_mut_ptr() as *mut u8) };
- // errSecSuccess (from SecBase.h) is always zero.
+ let ret = unsafe { CCRandomGenerateBytes(dest.as_mut_ptr() as *mut c_void, dest.len()) };
+ // kCCSuccess (from CommonCryptoError.h) is always zero.
if ret != 0 {
Err(Error::IOS_SEC_RANDOM)
} else {
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-28 13:24:55 +0000