summaryrefslogtreecommitdiffstats
path: root/third_party/rust/rand/src/rngs
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 19:33:14 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 19:33:14 +0000
commit36d22d82aa202bb199967e9512281e9a53db42c9 (patch)
tree105e8c98ddea1c1e4784a60a5a6410fa416be2de /third_party/rust/rand/src/rngs
parentInitial commit. (diff)
downloadfirefox-esr-36d22d82aa202bb199967e9512281e9a53db42c9.tar.xz
firefox-esr-36d22d82aa202bb199967e9512281e9a53db42c9.zip
Adding upstream version 115.7.0esr.upstream/115.7.0esr
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'third_party/rust/rand/src/rngs')
-rw-r--r--third_party/rust/rand/src/rngs/adapter/mod.rs16
-rw-r--r--third_party/rust/rand/src/rngs/adapter/read.rs150
-rw-r--r--third_party/rust/rand/src/rngs/adapter/reseeding.rs386
-rw-r--r--third_party/rust/rand/src/rngs/mock.rs87
-rw-r--r--third_party/rust/rand/src/rngs/mod.rs119
-rw-r--r--third_party/rust/rand/src/rngs/small.rs117
-rw-r--r--third_party/rust/rand/src/rngs/std.rs98
-rw-r--r--third_party/rust/rand/src/rngs/thread.rs143
-rw-r--r--third_party/rust/rand/src/rngs/xoshiro128plusplus.rs118
-rw-r--r--third_party/rust/rand/src/rngs/xoshiro256plusplus.rs122
10 files changed, 1356 insertions, 0 deletions
diff --git a/third_party/rust/rand/src/rngs/adapter/mod.rs b/third_party/rust/rand/src/rngs/adapter/mod.rs
new file mode 100644
index 0000000000..bd1d294323
--- /dev/null
+++ b/third_party/rust/rand/src/rngs/adapter/mod.rs
@@ -0,0 +1,16 @@
+// Copyright 2018 Developers of the Rand project.
+//
+// Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
+// https://www.apache.org/licenses/LICENSE-2.0> or the MIT license
+// <LICENSE-MIT or https://opensource.org/licenses/MIT>, at your
+// option. This file may not be copied, modified, or distributed
+// except according to those terms.
+
+//! Wrappers / adapters forming RNGs
+
+mod read;
+mod reseeding;
+
+#[allow(deprecated)]
+pub use self::read::{ReadError, ReadRng};
+pub use self::reseeding::ReseedingRng;
diff --git a/third_party/rust/rand/src/rngs/adapter/read.rs b/third_party/rust/rand/src/rngs/adapter/read.rs
new file mode 100644
index 0000000000..25a9ca7fca
--- /dev/null
+++ b/third_party/rust/rand/src/rngs/adapter/read.rs
@@ -0,0 +1,150 @@
+// Copyright 2018 Developers of the Rand project.
+// Copyright 2013 The Rust Project Developers.
+//
+// Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
+// https://www.apache.org/licenses/LICENSE-2.0> or the MIT license
+// <LICENSE-MIT or https://opensource.org/licenses/MIT>, at your
+// option. This file may not be copied, modified, or distributed
+// except according to those terms.
+
+//! A wrapper around any Read to treat it as an RNG.
+
+#![allow(deprecated)]
+
+use std::fmt;
+use std::io::Read;
+
+use rand_core::{impls, Error, RngCore};
+
+
+/// An RNG that reads random bytes straight from any type supporting
+/// [`std::io::Read`], for example files.
+///
+/// This will work best with an infinite reader, but that is not required.
+///
+/// This can be used with `/dev/urandom` on Unix but it is recommended to use
+/// [`OsRng`] instead.
+///
+/// # Panics
+///
+/// `ReadRng` uses [`std::io::Read::read_exact`], which retries on interrupts.
+/// All other errors from the underlying reader, including when it does not
+/// have enough data, will only be reported through [`try_fill_bytes`].
+/// The other [`RngCore`] methods will panic in case of an error.
+///
+/// [`OsRng`]: crate::rngs::OsRng
+/// [`try_fill_bytes`]: RngCore::try_fill_bytes
+#[derive(Debug)]
+#[deprecated(since="0.8.4", note="removal due to lack of usage")]
+pub struct ReadRng<R> {
+ reader: R,
+}
+
+impl<R: Read> ReadRng<R> {
+ /// Create a new `ReadRng` from a `Read`.
+ pub fn new(r: R) -> ReadRng<R> {
+ ReadRng { reader: r }
+ }
+}
+
+impl<R: Read> RngCore for ReadRng<R> {
+ fn next_u32(&mut self) -> u32 {
+ impls::next_u32_via_fill(self)
+ }
+
+ fn next_u64(&mut self) -> u64 {
+ impls::next_u64_via_fill(self)
+ }
+
+ fn fill_bytes(&mut self, dest: &mut [u8]) {
+ self.try_fill_bytes(dest).unwrap_or_else(|err| {
+ panic!(
+ "reading random bytes from Read implementation failed; error: {}",
+ err
+ )
+ });
+ }
+
+ fn try_fill_bytes(&mut self, dest: &mut [u8]) -> Result<(), Error> {
+ if dest.is_empty() {
+ return Ok(());
+ }
+ // Use `std::io::read_exact`, which retries on `ErrorKind::Interrupted`.
+ self.reader
+ .read_exact(dest)
+ .map_err(|e| Error::new(ReadError(e)))
+ }
+}
+
+/// `ReadRng` error type
+#[derive(Debug)]
+#[deprecated(since="0.8.4")]
+pub struct ReadError(std::io::Error);
+
+impl fmt::Display for ReadError {
+ fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
+ write!(f, "ReadError: {}", self.0)
+ }
+}
+
+impl std::error::Error for ReadError {
+ fn source(&self) -> Option<&(dyn std::error::Error + 'static)> {
+ Some(&self.0)
+ }
+}
+
+
+#[cfg(test)]
+mod test {
+ use std::println;
+
+ use super::ReadRng;
+ use crate::RngCore;
+
+ #[test]
+ fn test_reader_rng_u64() {
+ // transmute from the target to avoid endianness concerns.
+ #[rustfmt::skip]
+ let v = [0u8, 0, 0, 0, 0, 0, 0, 1,
+ 0, 4, 0, 0, 3, 0, 0, 2,
+ 5, 0, 0, 0, 0, 0, 0, 0];
+ let mut rng = ReadRng::new(&v[..]);
+
+ assert_eq!(rng.next_u64(), 1 << 56);
+ assert_eq!(rng.next_u64(), (2 << 56) + (3 << 32) + (4 << 8));
+ assert_eq!(rng.next_u64(), 5);
+ }
+
+ #[test]
+ fn test_reader_rng_u32() {
+ let v = [0u8, 0, 0, 1, 0, 0, 2, 0, 3, 0, 0, 0];
+ let mut rng = ReadRng::new(&v[..]);
+
+ assert_eq!(rng.next_u32(), 1 << 24);
+ assert_eq!(rng.next_u32(), 2 << 16);
+ assert_eq!(rng.next_u32(), 3);
+ }
+
+ #[test]
+ fn test_reader_rng_fill_bytes() {
+ let v = [1u8, 2, 3, 4, 5, 6, 7, 8];
+ let mut w = [0u8; 8];
+
+ let mut rng = ReadRng::new(&v[..]);
+ rng.fill_bytes(&mut w);
+
+ assert!(v == w);
+ }
+
+ #[test]
+ fn test_reader_rng_insufficient_bytes() {
+ let v = [1u8, 2, 3, 4, 5, 6, 7, 8];
+ let mut w = [0u8; 9];
+
+ let mut rng = ReadRng::new(&v[..]);
+
+ let result = rng.try_fill_bytes(&mut w);
+ assert!(result.is_err());
+ println!("Error: {}", result.unwrap_err());
+ }
+}
diff --git a/third_party/rust/rand/src/rngs/adapter/reseeding.rs b/third_party/rust/rand/src/rngs/adapter/reseeding.rs
new file mode 100644
index 0000000000..ae3fcbb2fc
--- /dev/null
+++ b/third_party/rust/rand/src/rngs/adapter/reseeding.rs
@@ -0,0 +1,386 @@
+// Copyright 2018 Developers of the Rand project.
+// Copyright 2013 The Rust Project Developers.
+//
+// Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
+// https://www.apache.org/licenses/LICENSE-2.0> or the MIT license
+// <LICENSE-MIT or https://opensource.org/licenses/MIT>, at your
+// option. This file may not be copied, modified, or distributed
+// except according to those terms.
+
+//! A wrapper around another PRNG that reseeds it after it
+//! generates a certain number of random bytes.
+
+use core::mem::size_of;
+
+use rand_core::block::{BlockRng, BlockRngCore};
+use rand_core::{CryptoRng, Error, RngCore, SeedableRng};
+
+/// A wrapper around any PRNG that implements [`BlockRngCore`], that adds the
+/// ability to reseed it.
+///
+/// `ReseedingRng` reseeds the underlying PRNG in the following cases:
+///
+/// - On a manual call to [`reseed()`].
+/// - After `clone()`, the clone will be reseeded on first use.
+/// - When a process is forked on UNIX, the RNGs in both the parent and child
+/// processes will be reseeded just before the next call to
+/// [`BlockRngCore::generate`], i.e. "soon". For ChaCha and Hc128 this is a
+/// maximum of fifteen `u32` values before reseeding.
+/// - After the PRNG has generated a configurable number of random bytes.
+///
+/// # When should reseeding after a fixed number of generated bytes be used?
+///
+/// Reseeding after a fixed number of generated bytes is never strictly
+/// *necessary*. Cryptographic PRNGs don't have a limited number of bytes they
+/// can output, or at least not a limit reachable in any practical way. There is
+/// no such thing as 'running out of entropy'.
+///
+/// Occasionally reseeding can be seen as some form of 'security in depth'. Even
+/// if in the future a cryptographic weakness is found in the CSPRNG being used,
+/// or a flaw in the implementation, occasionally reseeding should make
+/// exploiting it much more difficult or even impossible.
+///
+/// Use [`ReseedingRng::new`] with a `threshold` of `0` to disable reseeding
+/// after a fixed number of generated bytes.
+///
+/// # Limitations
+///
+/// It is recommended that a `ReseedingRng` (including `ThreadRng`) not be used
+/// from a fork handler.
+/// Use `OsRng` or `getrandom`, or defer your use of the RNG until later.
+///
+/// # Error handling
+///
+/// Although unlikely, reseeding the wrapped PRNG can fail. `ReseedingRng` will
+/// never panic but try to handle the error intelligently through some
+/// combination of retrying and delaying reseeding until later.
+/// If handling the source error fails `ReseedingRng` will continue generating
+/// data from the wrapped PRNG without reseeding.
+///
+/// Manually calling [`reseed()`] will not have this retry or delay logic, but
+/// reports the error.
+///
+/// # Example
+///
+/// ```
+/// use rand::prelude::*;
+/// use rand_chacha::ChaCha20Core; // Internal part of ChaChaRng that
+/// // implements BlockRngCore
+/// use rand::rngs::OsRng;
+/// use rand::rngs::adapter::ReseedingRng;
+///
+/// let prng = ChaCha20Core::from_entropy();
+/// let mut reseeding_rng = ReseedingRng::new(prng, 0, OsRng);
+///
+/// println!("{}", reseeding_rng.gen::<u64>());
+///
+/// let mut cloned_rng = reseeding_rng.clone();
+/// assert!(reseeding_rng.gen::<u64>() != cloned_rng.gen::<u64>());
+/// ```
+///
+/// [`BlockRngCore`]: rand_core::block::BlockRngCore
+/// [`ReseedingRng::new`]: ReseedingRng::new
+/// [`reseed()`]: ReseedingRng::reseed
+#[derive(Debug)]
+pub struct ReseedingRng<R, Rsdr>(BlockRng<ReseedingCore<R, Rsdr>>)
+where
+ R: BlockRngCore + SeedableRng,
+ Rsdr: RngCore;
+
+impl<R, Rsdr> ReseedingRng<R, Rsdr>
+where
+ R: BlockRngCore + SeedableRng,
+ Rsdr: RngCore,
+{
+ /// Create a new `ReseedingRng` from an existing PRNG, combined with a RNG
+ /// to use as reseeder.
+ ///
+ /// `threshold` sets the number of generated bytes after which to reseed the
+ /// PRNG. Set it to zero to never reseed based on the number of generated
+ /// values.
+ pub fn new(rng: R, threshold: u64, reseeder: Rsdr) -> Self {
+ ReseedingRng(BlockRng::new(ReseedingCore::new(rng, threshold, reseeder)))
+ }
+
+ /// Reseed the internal PRNG.
+ pub fn reseed(&mut self) -> Result<(), Error> {
+ self.0.core.reseed()
+ }
+}
+
+// TODO: this should be implemented for any type where the inner type
+// implements RngCore, but we can't specify that because ReseedingCore is private
+impl<R, Rsdr: RngCore> RngCore for ReseedingRng<R, Rsdr>
+where
+ R: BlockRngCore<Item = u32> + SeedableRng,
+ <R as BlockRngCore>::Results: AsRef<[u32]> + AsMut<[u32]>,
+{
+ #[inline(always)]
+ fn next_u32(&mut self) -> u32 {
+ self.0.next_u32()
+ }
+
+ #[inline(always)]
+ fn next_u64(&mut self) -> u64 {
+ self.0.next_u64()
+ }
+
+ fn fill_bytes(&mut self, dest: &mut [u8]) {
+ self.0.fill_bytes(dest)
+ }
+
+ fn try_fill_bytes(&mut self, dest: &mut [u8]) -> Result<(), Error> {
+ self.0.try_fill_bytes(dest)
+ }
+}
+
+impl<R, Rsdr> Clone for ReseedingRng<R, Rsdr>
+where
+ R: BlockRngCore + SeedableRng + Clone,
+ Rsdr: RngCore + Clone,
+{
+ fn clone(&self) -> ReseedingRng<R, Rsdr> {
+ // Recreating `BlockRng` seems easier than cloning it and resetting
+ // the index.
+ ReseedingRng(BlockRng::new(self.0.core.clone()))
+ }
+}
+
+impl<R, Rsdr> CryptoRng for ReseedingRng<R, Rsdr>
+where
+ R: BlockRngCore + SeedableRng + CryptoRng,
+ Rsdr: RngCore + CryptoRng,
+{
+}
+
+#[derive(Debug)]
+struct ReseedingCore<R, Rsdr> {
+ inner: R,
+ reseeder: Rsdr,
+ threshold: i64,
+ bytes_until_reseed: i64,
+ fork_counter: usize,
+}
+
+impl<R, Rsdr> BlockRngCore for ReseedingCore<R, Rsdr>
+where
+ R: BlockRngCore + SeedableRng,
+ Rsdr: RngCore,
+{
+ type Item = <R as BlockRngCore>::Item;
+ type Results = <R as BlockRngCore>::Results;
+
+ fn generate(&mut self, results: &mut Self::Results) {
+ let global_fork_counter = fork::get_fork_counter();
+ if self.bytes_until_reseed <= 0 || self.is_forked(global_fork_counter) {
+ // We get better performance by not calling only `reseed` here
+ // and continuing with the rest of the function, but by directly
+ // returning from a non-inlined function.
+ return self.reseed_and_generate(results, global_fork_counter);
+ }
+ let num_bytes = results.as_ref().len() * size_of::<Self::Item>();
+ self.bytes_until_reseed -= num_bytes as i64;
+ self.inner.generate(results);
+ }
+}
+
+impl<R, Rsdr> ReseedingCore<R, Rsdr>
+where
+ R: BlockRngCore + SeedableRng,
+ Rsdr: RngCore,
+{
+ /// Create a new `ReseedingCore`.
+ fn new(rng: R, threshold: u64, reseeder: Rsdr) -> Self {
+ use ::core::i64::MAX;
+ fork::register_fork_handler();
+
+ // Because generating more values than `i64::MAX` takes centuries on
+ // current hardware, we just clamp to that value.
+ // Also we set a threshold of 0, which indicates no limit, to that
+ // value.
+ let threshold = if threshold == 0 {
+ MAX
+ } else if threshold <= MAX as u64 {
+ threshold as i64
+ } else {
+ MAX
+ };
+
+ ReseedingCore {
+ inner: rng,
+ reseeder,
+ threshold: threshold as i64,
+ bytes_until_reseed: threshold as i64,
+ fork_counter: 0,
+ }
+ }
+
+ /// Reseed the internal PRNG.
+ fn reseed(&mut self) -> Result<(), Error> {
+ R::from_rng(&mut self.reseeder).map(|result| {
+ self.bytes_until_reseed = self.threshold;
+ self.inner = result
+ })
+ }
+
+ fn is_forked(&self, global_fork_counter: usize) -> bool {
+ // In theory, on 32-bit platforms, it is possible for
+ // `global_fork_counter` to wrap around after ~4e9 forks.
+ //
+ // This check will detect a fork in the normal case where
+ // `fork_counter < global_fork_counter`, and also when the difference
+ // between both is greater than `isize::MAX` (wrapped around).
+ //
+ // It will still fail to detect a fork if there have been more than
+ // `isize::MAX` forks, without any reseed in between. Seems unlikely
+ // enough.
+ (self.fork_counter.wrapping_sub(global_fork_counter) as isize) < 0
+ }
+
+ #[inline(never)]
+ fn reseed_and_generate(
+ &mut self, results: &mut <Self as BlockRngCore>::Results, global_fork_counter: usize,
+ ) {
+ #![allow(clippy::if_same_then_else)] // false positive
+ if self.is_forked(global_fork_counter) {
+ info!("Fork detected, reseeding RNG");
+ } else {
+ trace!("Reseeding RNG (periodic reseed)");
+ }
+
+ let num_bytes = results.as_ref().len() * size_of::<<R as BlockRngCore>::Item>();
+
+ if let Err(e) = self.reseed() {
+ warn!("Reseeding RNG failed: {}", e);
+ let _ = e;
+ }
+ self.fork_counter = global_fork_counter;
+
+ self.bytes_until_reseed = self.threshold - num_bytes as i64;
+ self.inner.generate(results);
+ }
+}
+
+impl<R, Rsdr> Clone for ReseedingCore<R, Rsdr>
+where
+ R: BlockRngCore + SeedableRng + Clone,
+ Rsdr: RngCore + Clone,
+{
+ fn clone(&self) -> ReseedingCore<R, Rsdr> {
+ ReseedingCore {
+ inner: self.inner.clone(),
+ reseeder: self.reseeder.clone(),
+ threshold: self.threshold,
+ bytes_until_reseed: 0, // reseed clone on first use
+ fork_counter: self.fork_counter,
+ }
+ }
+}
+
+impl<R, Rsdr> CryptoRng for ReseedingCore<R, Rsdr>
+where
+ R: BlockRngCore + SeedableRng + CryptoRng,
+ Rsdr: RngCore + CryptoRng,
+{
+}
+
+
+#[cfg(all(unix, not(target_os = "emscripten")))]
+mod fork {
+ use core::sync::atomic::{AtomicUsize, Ordering};
+ use std::sync::Once;
+
+ // Fork protection
+ //
+ // We implement fork protection on Unix using `pthread_atfork`.
+ // When the process is forked, we increment `RESEEDING_RNG_FORK_COUNTER`.
+ // Every `ReseedingRng` stores the last known value of the static in
+ // `fork_counter`. If the cached `fork_counter` is less than
+ // `RESEEDING_RNG_FORK_COUNTER`, it is time to reseed this RNG.
+ //
+ // If reseeding fails, we don't deal with this by setting a delay, but just
+ // don't update `fork_counter`, so a reseed is attempted as soon as
+ // possible.
+
+ static RESEEDING_RNG_FORK_COUNTER: AtomicUsize = AtomicUsize::new(0);
+
+ pub fn get_fork_counter() -> usize {
+ RESEEDING_RNG_FORK_COUNTER.load(Ordering::Relaxed)
+ }
+
+ extern "C" fn fork_handler() {
+ // Note: fetch_add is defined to wrap on overflow
+ // (which is what we want).
+ RESEEDING_RNG_FORK_COUNTER.fetch_add(1, Ordering::Relaxed);
+ }
+
+ pub fn register_fork_handler() {
+ static REGISTER: Once = Once::new();
+ REGISTER.call_once(|| {
+ // Bump the counter before and after forking (see #1169):
+ let ret = unsafe { libc::pthread_atfork(
+ Some(fork_handler),
+ Some(fork_handler),
+ Some(fork_handler),
+ ) };
+ if ret != 0 {
+ panic!("libc::pthread_atfork failed with code {}", ret);
+ }
+ });
+ }
+}
+
+#[cfg(not(all(unix, not(target_os = "emscripten"))))]
+mod fork {
+ pub fn get_fork_counter() -> usize {
+ 0
+ }
+ pub fn register_fork_handler() {}
+}
+
+
+#[cfg(feature = "std_rng")]
+#[cfg(test)]
+mod test {
+ use super::ReseedingRng;
+ use crate::rngs::mock::StepRng;
+ use crate::rngs::std::Core;
+ use crate::{Rng, SeedableRng};
+
+ #[test]
+ fn test_reseeding() {
+ let mut zero = StepRng::new(0, 0);
+ let rng = Core::from_rng(&mut zero).unwrap();
+ let thresh = 1; // reseed every time the buffer is exhausted
+ let mut reseeding = ReseedingRng::new(rng, thresh, zero);
+
+ // RNG buffer size is [u32; 64]
+ // Debug is only implemented up to length 32 so use two arrays
+ let mut buf = ([0u32; 32], [0u32; 32]);
+ reseeding.fill(&mut buf.0);
+ reseeding.fill(&mut buf.1);
+ let seq = buf;
+ for _ in 0..10 {
+ reseeding.fill(&mut buf.0);
+ reseeding.fill(&mut buf.1);
+ assert_eq!(buf, seq);
+ }
+ }
+
+ #[test]
+ fn test_clone_reseeding() {
+ #![allow(clippy::redundant_clone)]
+
+ let mut zero = StepRng::new(0, 0);
+ let rng = Core::from_rng(&mut zero).unwrap();
+ let mut rng1 = ReseedingRng::new(rng, 32 * 4, zero);
+
+ let first: u32 = rng1.gen();
+ for _ in 0..10 {
+ let _ = rng1.gen::<u32>();
+ }
+
+ let mut rng2 = rng1.clone();
+ assert_eq!(first, rng2.gen::<u32>());
+ }
+}
diff --git a/third_party/rust/rand/src/rngs/mock.rs b/third_party/rust/rand/src/rngs/mock.rs
new file mode 100644
index 0000000000..a1745a490d
--- /dev/null
+++ b/third_party/rust/rand/src/rngs/mock.rs
@@ -0,0 +1,87 @@
+// Copyright 2018 Developers of the Rand project.
+//
+// Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
+// https://www.apache.org/licenses/LICENSE-2.0> or the MIT license
+// <LICENSE-MIT or https://opensource.org/licenses/MIT>, at your
+// option. This file may not be copied, modified, or distributed
+// except according to those terms.
+
+//! Mock random number generator
+
+use rand_core::{impls, Error, RngCore};
+
+#[cfg(feature = "serde1")]
+use serde::{Serialize, Deserialize};
+
+/// A simple implementation of `RngCore` for testing purposes.
+///
+/// This generates an arithmetic sequence (i.e. adds a constant each step)
+/// over a `u64` number, using wrapping arithmetic. If the increment is 0
+/// the generator yields a constant.
+///
+/// ```
+/// use rand::Rng;
+/// use rand::rngs::mock::StepRng;
+///
+/// let mut my_rng = StepRng::new(2, 1);
+/// let sample: [u64; 3] = my_rng.gen();
+/// assert_eq!(sample, [2, 3, 4]);
+/// ```
+#[derive(Debug, Clone, PartialEq, Eq)]
+#[cfg_attr(feature = "serde1", derive(Serialize, Deserialize))]
+pub struct StepRng {
+ v: u64,
+ a: u64,
+}
+
+impl StepRng {
+ /// Create a `StepRng`, yielding an arithmetic sequence starting with
+ /// `initial` and incremented by `increment` each time.
+ pub fn new(initial: u64, increment: u64) -> Self {
+ StepRng {
+ v: initial,
+ a: increment,
+ }
+ }
+}
+
+impl RngCore for StepRng {
+ #[inline]
+ fn next_u32(&mut self) -> u32 {
+ self.next_u64() as u32
+ }
+
+ #[inline]
+ fn next_u64(&mut self) -> u64 {
+ let result = self.v;
+ self.v = self.v.wrapping_add(self.a);
+ result
+ }
+
+ #[inline]
+ fn fill_bytes(&mut self, dest: &mut [u8]) {
+ impls::fill_bytes_via_next(self, dest);
+ }
+
+ #[inline]
+ fn try_fill_bytes(&mut self, dest: &mut [u8]) -> Result<(), Error> {
+ self.fill_bytes(dest);
+ Ok(())
+ }
+}
+
+#[cfg(test)]
+mod tests {
+ #[test]
+ #[cfg(feature = "serde1")]
+ fn test_serialization_step_rng() {
+ use super::StepRng;
+
+ let some_rng = StepRng::new(42, 7);
+ let de_some_rng: StepRng =
+ bincode::deserialize(&bincode::serialize(&some_rng).unwrap()).unwrap();
+ assert_eq!(some_rng.v, de_some_rng.v);
+ assert_eq!(some_rng.a, de_some_rng.a);
+
+ }
+}
diff --git a/third_party/rust/rand/src/rngs/mod.rs b/third_party/rust/rand/src/rngs/mod.rs
new file mode 100644
index 0000000000..ac3c2c595d
--- /dev/null
+++ b/third_party/rust/rand/src/rngs/mod.rs
@@ -0,0 +1,119 @@
+// Copyright 2018 Developers of the Rand project.
+//
+// Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
+// https://www.apache.org/licenses/LICENSE-2.0> or the MIT license
+// <LICENSE-MIT or https://opensource.org/licenses/MIT>, at your
+// option. This file may not be copied, modified, or distributed
+// except according to those terms.
+
+//! Random number generators and adapters
+//!
+//! ## Background: Random number generators (RNGs)
+//!
+//! Computers cannot produce random numbers from nowhere. We classify
+//! random number generators as follows:
+//!
+//! - "True" random number generators (TRNGs) use hard-to-predict data sources
+//! (e.g. the high-resolution parts of event timings and sensor jitter) to
+//! harvest random bit-sequences, apply algorithms to remove bias and
+//! estimate available entropy, then combine these bits into a byte-sequence
+//! or an entropy pool. This job is usually done by the operating system or
+//! a hardware generator (HRNG).
+//! - "Pseudo"-random number generators (PRNGs) use algorithms to transform a
+//! seed into a sequence of pseudo-random numbers. These generators can be
+//! fast and produce well-distributed unpredictable random numbers (or not).
+//! They are usually deterministic: given algorithm and seed, the output
+//! sequence can be reproduced. They have finite period and eventually loop;
+//! with many algorithms this period is fixed and can be proven sufficiently
+//! long, while others are chaotic and the period depends on the seed.
+//! - "Cryptographically secure" pseudo-random number generators (CSPRNGs)
+//! are the sub-set of PRNGs which are secure. Security of the generator
+//! relies both on hiding the internal state and using a strong algorithm.
+//!
+//! ## Traits and functionality
+//!
+//! All RNGs implement the [`RngCore`] trait, as a consequence of which the
+//! [`Rng`] extension trait is automatically implemented. Secure RNGs may
+//! additionally implement the [`CryptoRng`] trait.
+//!
+//! All PRNGs require a seed to produce their random number sequence. The
+//! [`SeedableRng`] trait provides three ways of constructing PRNGs:
+//!
+//! - `from_seed` accepts a type specific to the PRNG
+//! - `from_rng` allows a PRNG to be seeded from any other RNG
+//! - `seed_from_u64` allows any PRNG to be seeded from a `u64` insecurely
+//! - `from_entropy` securely seeds a PRNG from fresh entropy
+//!
+//! Use the [`rand_core`] crate when implementing your own RNGs.
+//!
+//! ## Our generators
+//!
+//! This crate provides several random number generators:
+//!
+//! - [`OsRng`] is an interface to the operating system's random number
+//! source. Typically the operating system uses a CSPRNG with entropy
+//! provided by a TRNG and some type of on-going re-seeding.
+//! - [`ThreadRng`], provided by the [`thread_rng`] function, is a handle to a
+//! thread-local CSPRNG with periodic seeding from [`OsRng`]. Because this
+//! is local, it is typically much faster than [`OsRng`]. It should be
+//! secure, though the paranoid may prefer [`OsRng`].
+//! - [`StdRng`] is a CSPRNG chosen for good performance and trust of security
+//! (based on reviews, maturity and usage). The current algorithm is ChaCha12,
+//! which is well established and rigorously analysed.
+//! [`StdRng`] provides the algorithm used by [`ThreadRng`] but without
+//! periodic reseeding.
+//! - [`SmallRng`] is an **insecure** PRNG designed to be fast, simple, require
+//! little memory, and have good output quality.
+//!
+//! The algorithms selected for [`StdRng`] and [`SmallRng`] may change in any
+//! release and may be platform-dependent, therefore they should be considered
+//! **not reproducible**.
+//!
+//! ## Additional generators
+//!
+//! **TRNGs**: The [`rdrand`] crate provides an interface to the RDRAND and
+//! RDSEED instructions available in modern Intel and AMD CPUs.
+//! The [`rand_jitter`] crate provides a user-space implementation of
+//! entropy harvesting from CPU timer jitter, but is very slow and has
+//! [security issues](https://github.com/rust-random/rand/issues/699).
+//!
+//! **PRNGs**: Several companion crates are available, providing individual or
+//! families of PRNG algorithms. These provide the implementations behind
+//! [`StdRng`] and [`SmallRng`] but can also be used directly, indeed *should*
+//! be used directly when **reproducibility** matters.
+//! Some suggestions are: [`rand_chacha`], [`rand_pcg`], [`rand_xoshiro`].
+//! A full list can be found by searching for crates with the [`rng` tag].
+//!
+//! [`Rng`]: crate::Rng
+//! [`RngCore`]: crate::RngCore
+//! [`CryptoRng`]: crate::CryptoRng
+//! [`SeedableRng`]: crate::SeedableRng
+//! [`thread_rng`]: crate::thread_rng
+//! [`rdrand`]: https://crates.io/crates/rdrand
+//! [`rand_jitter`]: https://crates.io/crates/rand_jitter
+//! [`rand_chacha`]: https://crates.io/crates/rand_chacha
+//! [`rand_pcg`]: https://crates.io/crates/rand_pcg
+//! [`rand_xoshiro`]: https://crates.io/crates/rand_xoshiro
+//! [`rng` tag]: https://crates.io/keywords/rng
+
+#[cfg_attr(doc_cfg, doc(cfg(feature = "std")))]
+#[cfg(feature = "std")] pub mod adapter;
+
+pub mod mock; // Public so we don't export `StepRng` directly, making it a bit
+ // more clear it is intended for testing.
+
+#[cfg(all(feature = "small_rng", target_pointer_width = "64"))]
+mod xoshiro256plusplus;
+#[cfg(all(feature = "small_rng", not(target_pointer_width = "64")))]
+mod xoshiro128plusplus;
+#[cfg(feature = "small_rng")] mod small;
+
+#[cfg(feature = "std_rng")] mod std;
+#[cfg(all(feature = "std", feature = "std_rng"))] pub(crate) mod thread;
+
+#[cfg(feature = "small_rng")] pub use self::small::SmallRng;
+#[cfg(feature = "std_rng")] pub use self::std::StdRng;
+#[cfg(all(feature = "std", feature = "std_rng"))] pub use self::thread::ThreadRng;
+
+#[cfg_attr(doc_cfg, doc(cfg(feature = "getrandom")))]
+#[cfg(feature = "getrandom")] pub use rand_core::OsRng;
diff --git a/third_party/rust/rand/src/rngs/small.rs b/third_party/rust/rand/src/rngs/small.rs
new file mode 100644
index 0000000000..fb0e0d119b
--- /dev/null
+++ b/third_party/rust/rand/src/rngs/small.rs
@@ -0,0 +1,117 @@
+// Copyright 2018 Developers of the Rand project.
+//
+// Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
+// https://www.apache.org/licenses/LICENSE-2.0> or the MIT license
+// <LICENSE-MIT or https://opensource.org/licenses/MIT>, at your
+// option. This file may not be copied, modified, or distributed
+// except according to those terms.
+
+//! A small fast RNG
+
+use rand_core::{Error, RngCore, SeedableRng};
+
+#[cfg(target_pointer_width = "64")]
+type Rng = super::xoshiro256plusplus::Xoshiro256PlusPlus;
+#[cfg(not(target_pointer_width = "64"))]
+type Rng = super::xoshiro128plusplus::Xoshiro128PlusPlus;
+
+/// A small-state, fast non-crypto PRNG
+///
+/// `SmallRng` may be a good choice when a PRNG with small state, cheap
+/// initialization, good statistical quality and good performance are required.
+/// Note that depending on the application, [`StdRng`] may be faster on many
+/// modern platforms while providing higher-quality randomness. Furthermore,
+/// `SmallRng` is **not** a good choice when:
+/// - Security against prediction is important. Use [`StdRng`] instead.
+/// - Seeds with many zeros are provided. In such cases, it takes `SmallRng`
+/// about 10 samples to produce 0 and 1 bits with equal probability. Either
+/// provide seeds with an approximately equal number of 0 and 1 (for example
+/// by using [`SeedableRng::from_entropy`] or [`SeedableRng::seed_from_u64`]),
+/// or use [`StdRng`] instead.
+///
+/// The algorithm is deterministic but should not be considered reproducible
+/// due to dependence on platform and possible replacement in future
+/// library versions. For a reproducible generator, use a named PRNG from an
+/// external crate, e.g. [rand_xoshiro] or [rand_chacha].
+/// Refer also to [The Book](https://rust-random.github.io/book/guide-rngs.html).
+///
+/// The PRNG algorithm in `SmallRng` is chosen to be efficient on the current
+/// platform, without consideration for cryptography or security. The size of
+/// its state is much smaller than [`StdRng`]. The current algorithm is
+/// `Xoshiro256PlusPlus` on 64-bit platforms and `Xoshiro128PlusPlus` on 32-bit
+/// platforms. Both are also implemented by the [rand_xoshiro] crate.
+///
+/// # Examples
+///
+/// Initializing `SmallRng` with a random seed can be done using [`SeedableRng::from_entropy`]:
+///
+/// ```
+/// use rand::{Rng, SeedableRng};
+/// use rand::rngs::SmallRng;
+///
+/// // Create small, cheap to initialize and fast RNG with a random seed.
+/// // The randomness is supplied by the operating system.
+/// let mut small_rng = SmallRng::from_entropy();
+/// # let v: u32 = small_rng.gen();
+/// ```
+///
+/// When initializing a lot of `SmallRng`'s, using [`thread_rng`] can be more
+/// efficient:
+///
+/// ```
+/// use rand::{SeedableRng, thread_rng};
+/// use rand::rngs::SmallRng;
+///
+/// // Create a big, expensive to initialize and slower, but unpredictable RNG.
+/// // This is cached and done only once per thread.
+/// let mut thread_rng = thread_rng();
+/// // Create small, cheap to initialize and fast RNGs with random seeds.
+/// // One can generally assume this won't fail.
+/// let rngs: Vec<SmallRng> = (0..10)
+/// .map(|_| SmallRng::from_rng(&mut thread_rng).unwrap())
+/// .collect();
+/// ```
+///
+/// [`StdRng`]: crate::rngs::StdRng
+/// [`thread_rng`]: crate::thread_rng
+/// [rand_chacha]: https://crates.io/crates/rand_chacha
+/// [rand_xoshiro]: https://crates.io/crates/rand_xoshiro
+#[cfg_attr(doc_cfg, doc(cfg(feature = "small_rng")))]
+#[derive(Clone, Debug, PartialEq, Eq)]
+pub struct SmallRng(Rng);
+
+impl RngCore for SmallRng {
+ #[inline(always)]
+ fn next_u32(&mut self) -> u32 {
+ self.0.next_u32()
+ }
+
+ #[inline(always)]
+ fn next_u64(&mut self) -> u64 {
+ self.0.next_u64()
+ }
+
+ #[inline(always)]
+ fn fill_bytes(&mut self, dest: &mut [u8]) {
+ self.0.fill_bytes(dest);
+ }
+
+ #[inline(always)]
+ fn try_fill_bytes(&mut self, dest: &mut [u8]) -> Result<(), Error> {
+ self.0.try_fill_bytes(dest)
+ }
+}
+
+impl SeedableRng for SmallRng {
+ type Seed = <Rng as SeedableRng>::Seed;
+
+ #[inline(always)]
+ fn from_seed(seed: Self::Seed) -> Self {
+ SmallRng(Rng::from_seed(seed))
+ }
+
+ #[inline(always)]
+ fn from_rng<R: RngCore>(rng: R) -> Result<Self, Error> {
+ Rng::from_rng(rng).map(SmallRng)
+ }
+}
diff --git a/third_party/rust/rand/src/rngs/std.rs b/third_party/rust/rand/src/rngs/std.rs
new file mode 100644
index 0000000000..cdae8fab01
--- /dev/null
+++ b/third_party/rust/rand/src/rngs/std.rs
@@ -0,0 +1,98 @@
+// Copyright 2018 Developers of the Rand project.
+//
+// Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
+// https://www.apache.org/licenses/LICENSE-2.0> or the MIT license
+// <LICENSE-MIT or https://opensource.org/licenses/MIT>, at your
+// option. This file may not be copied, modified, or distributed
+// except according to those terms.
+
+//! The standard RNG
+
+use crate::{CryptoRng, Error, RngCore, SeedableRng};
+
+pub(crate) use rand_chacha::ChaCha12Core as Core;
+
+use rand_chacha::ChaCha12Rng as Rng;
+
+/// The standard RNG. The PRNG algorithm in `StdRng` is chosen to be efficient
+/// on the current platform, to be statistically strong and unpredictable
+/// (meaning a cryptographically secure PRNG).
+///
+/// The current algorithm used is the ChaCha block cipher with 12 rounds. Please
+/// see this relevant [rand issue] for the discussion. This may change as new
+/// evidence of cipher security and performance becomes available.
+///
+/// The algorithm is deterministic but should not be considered reproducible
+/// due to dependence on configuration and possible replacement in future
+/// library versions. For a secure reproducible generator, we recommend use of
+/// the [rand_chacha] crate directly.
+///
+/// [rand_chacha]: https://crates.io/crates/rand_chacha
+/// [rand issue]: https://github.com/rust-random/rand/issues/932
+#[cfg_attr(doc_cfg, doc(cfg(feature = "std_rng")))]
+#[derive(Clone, Debug, PartialEq, Eq)]
+pub struct StdRng(Rng);
+
+impl RngCore for StdRng {
+ #[inline(always)]
+ fn next_u32(&mut self) -> u32 {
+ self.0.next_u32()
+ }
+
+ #[inline(always)]
+ fn next_u64(&mut self) -> u64 {
+ self.0.next_u64()
+ }
+
+ #[inline(always)]
+ fn fill_bytes(&mut self, dest: &mut [u8]) {
+ self.0.fill_bytes(dest);
+ }
+
+ #[inline(always)]
+ fn try_fill_bytes(&mut self, dest: &mut [u8]) -> Result<(), Error> {
+ self.0.try_fill_bytes(dest)
+ }
+}
+
+impl SeedableRng for StdRng {
+ type Seed = <Rng as SeedableRng>::Seed;
+
+ #[inline(always)]
+ fn from_seed(seed: Self::Seed) -> Self {
+ StdRng(Rng::from_seed(seed))
+ }
+
+ #[inline(always)]
+ fn from_rng<R: RngCore>(rng: R) -> Result<Self, Error> {
+ Rng::from_rng(rng).map(StdRng)
+ }
+}
+
+impl CryptoRng for StdRng {}
+
+
+#[cfg(test)]
+mod test {
+ use crate::rngs::StdRng;
+ use crate::{RngCore, SeedableRng};
+
+ #[test]
+ fn test_stdrng_construction() {
+ // Test value-stability of StdRng. This is expected to break any time
+ // the algorithm is changed.
+ #[rustfmt::skip]
+ let seed = [1,0,0,0, 23,0,0,0, 200,1,0,0, 210,30,0,0,
+ 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0];
+
+ let target = [10719222850664546238, 14064965282130556830];
+
+ let mut rng0 = StdRng::from_seed(seed);
+ let x0 = rng0.next_u64();
+
+ let mut rng1 = StdRng::from_rng(rng0).unwrap();
+ let x1 = rng1.next_u64();
+
+ assert_eq!([x0, x1], target);
+ }
+}
diff --git a/third_party/rust/rand/src/rngs/thread.rs b/third_party/rust/rand/src/rngs/thread.rs
new file mode 100644
index 0000000000..baebb1d99c
--- /dev/null
+++ b/third_party/rust/rand/src/rngs/thread.rs
@@ -0,0 +1,143 @@
+// Copyright 2018 Developers of the Rand project.
+//
+// Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
+// https://www.apache.org/licenses/LICENSE-2.0> or the MIT license
+// <LICENSE-MIT or https://opensource.org/licenses/MIT>, at your
+// option. This file may not be copied, modified, or distributed
+// except according to those terms.
+
+//! Thread-local random number generator
+
+use core::cell::UnsafeCell;
+use std::rc::Rc;
+use std::thread_local;
+
+use super::std::Core;
+use crate::rngs::adapter::ReseedingRng;
+use crate::rngs::OsRng;
+use crate::{CryptoRng, Error, RngCore, SeedableRng};
+
+// Rationale for using `UnsafeCell` in `ThreadRng`:
+//
+// Previously we used a `RefCell`, with an overhead of ~15%. There will only
+// ever be one mutable reference to the interior of the `UnsafeCell`, because
+// we only have such a reference inside `next_u32`, `next_u64`, etc. Within a
+// single thread (which is the definition of `ThreadRng`), there will only ever
+// be one of these methods active at a time.
+//
+// A possible scenario where there could be multiple mutable references is if
+// `ThreadRng` is used inside `next_u32` and co. But the implementation is
+// completely under our control. We just have to ensure none of them use
+// `ThreadRng` internally, which is nonsensical anyway. We should also never run
+// `ThreadRng` in destructors of its implementation, which is also nonsensical.
+
+
+// Number of generated bytes after which to reseed `ThreadRng`.
+// According to benchmarks, reseeding has a noticeable impact with thresholds
+// of 32 kB and less. We choose 64 kB to avoid significant overhead.
+const THREAD_RNG_RESEED_THRESHOLD: u64 = 1024 * 64;
+
+/// A reference to the thread-local generator
+///
+/// An instance can be obtained via [`thread_rng`] or via `ThreadRng::default()`.
+/// This handle is safe to use everywhere (including thread-local destructors),
+/// though it is recommended not to use inside a fork handler.
+/// The handle cannot be passed between threads (is not `Send` or `Sync`).
+///
+/// `ThreadRng` uses the same PRNG as [`StdRng`] for security and performance
+/// and is automatically seeded from [`OsRng`].
+///
+/// Unlike `StdRng`, `ThreadRng` uses the [`ReseedingRng`] wrapper to reseed
+/// the PRNG from fresh entropy every 64 kiB of random data as well as after a
+/// fork on Unix (though not quite immediately; see documentation of
+/// [`ReseedingRng`]).
+/// Note that the reseeding is done as an extra precaution against side-channel
+/// attacks and mis-use (e.g. if somehow weak entropy were supplied initially).
+/// The PRNG algorithms used are assumed to be secure.
+///
+/// [`ReseedingRng`]: crate::rngs::adapter::ReseedingRng
+/// [`StdRng`]: crate::rngs::StdRng
+#[cfg_attr(doc_cfg, doc(cfg(all(feature = "std", feature = "std_rng"))))]
+#[derive(Clone, Debug)]
+pub struct ThreadRng {
+ // Rc is explicitly !Send and !Sync
+ rng: Rc<UnsafeCell<ReseedingRng<Core, OsRng>>>,
+}
+
+thread_local!(
+ // We require Rc<..> to avoid premature freeing when thread_rng is used
+ // within thread-local destructors. See #968.
+ static THREAD_RNG_KEY: Rc<UnsafeCell<ReseedingRng<Core, OsRng>>> = {
+ let r = Core::from_rng(OsRng).unwrap_or_else(|err|
+ panic!("could not initialize thread_rng: {}", err));
+ let rng = ReseedingRng::new(r,
+ THREAD_RNG_RESEED_THRESHOLD,
+ OsRng);
+ Rc::new(UnsafeCell::new(rng))
+ }
+);
+
+/// Retrieve the lazily-initialized thread-local random number generator,
+/// seeded by the system. Intended to be used in method chaining style,
+/// e.g. `thread_rng().gen::<i32>()`, or cached locally, e.g.
+/// `let mut rng = thread_rng();`. Invoked by the `Default` trait, making
+/// `ThreadRng::default()` equivalent.
+///
+/// For more information see [`ThreadRng`].
+#[cfg_attr(doc_cfg, doc(cfg(all(feature = "std", feature = "std_rng"))))]
+pub fn thread_rng() -> ThreadRng {
+ let rng = THREAD_RNG_KEY.with(|t| t.clone());
+ ThreadRng { rng }
+}
+
+impl Default for ThreadRng {
+ fn default() -> ThreadRng {
+ crate::prelude::thread_rng()
+ }
+}
+
+impl RngCore for ThreadRng {
+ #[inline(always)]
+ fn next_u32(&mut self) -> u32 {
+ // SAFETY: We must make sure to stop using `rng` before anyone else
+ // creates another mutable reference
+ let rng = unsafe { &mut *self.rng.get() };
+ rng.next_u32()
+ }
+
+ #[inline(always)]
+ fn next_u64(&mut self) -> u64 {
+ // SAFETY: We must make sure to stop using `rng` before anyone else
+ // creates another mutable reference
+ let rng = unsafe { &mut *self.rng.get() };
+ rng.next_u64()
+ }
+
+ fn fill_bytes(&mut self, dest: &mut [u8]) {
+ // SAFETY: We must make sure to stop using `rng` before anyone else
+ // creates another mutable reference
+ let rng = unsafe { &mut *self.rng.get() };
+ rng.fill_bytes(dest)
+ }
+
+ fn try_fill_bytes(&mut self, dest: &mut [u8]) -> Result<(), Error> {
+ // SAFETY: We must make sure to stop using `rng` before anyone else
+ // creates another mutable reference
+ let rng = unsafe { &mut *self.rng.get() };
+ rng.try_fill_bytes(dest)
+ }
+}
+
+impl CryptoRng for ThreadRng {}
+
+
+#[cfg(test)]
+mod test {
+ #[test]
+ fn test_thread_rng() {
+ use crate::Rng;
+ let mut r = crate::thread_rng();
+ r.gen::<i32>();
+ assert_eq!(r.gen_range(0..1), 0);
+ }
+}
diff --git a/third_party/rust/rand/src/rngs/xoshiro128plusplus.rs b/third_party/rust/rand/src/rngs/xoshiro128plusplus.rs
new file mode 100644
index 0000000000..ece98fafd6
--- /dev/null
+++ b/third_party/rust/rand/src/rngs/xoshiro128plusplus.rs
@@ -0,0 +1,118 @@
+// Copyright 2018 Developers of the Rand project.
+//
+// Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
+// https://www.apache.org/licenses/LICENSE-2.0> or the MIT license
+// <LICENSE-MIT or https://opensource.org/licenses/MIT>, at your
+// option. This file may not be copied, modified, or distributed
+// except according to those terms.
+
+#[cfg(feature="serde1")] use serde::{Serialize, Deserialize};
+use rand_core::impls::{next_u64_via_u32, fill_bytes_via_next};
+use rand_core::le::read_u32_into;
+use rand_core::{SeedableRng, RngCore, Error};
+
+/// A xoshiro128++ random number generator.
+///
+/// The xoshiro128++ algorithm is not suitable for cryptographic purposes, but
+/// is very fast and has excellent statistical properties.
+///
+/// The algorithm used here is translated from [the `xoshiro128plusplus.c`
+/// reference source code](http://xoshiro.di.unimi.it/xoshiro128plusplus.c) by
+/// David Blackman and Sebastiano Vigna.
+#[derive(Debug, Clone, PartialEq, Eq)]
+#[cfg_attr(feature="serde1", derive(Serialize, Deserialize))]
+pub struct Xoshiro128PlusPlus {
+ s: [u32; 4],
+}
+
+impl SeedableRng for Xoshiro128PlusPlus {
+ type Seed = [u8; 16];
+
+ /// Create a new `Xoshiro128PlusPlus`. If `seed` is entirely 0, it will be
+ /// mapped to a different seed.
+ #[inline]
+ fn from_seed(seed: [u8; 16]) -> Xoshiro128PlusPlus {
+ if seed.iter().all(|&x| x == 0) {
+ return Self::seed_from_u64(0);
+ }
+ let mut state = [0; 4];
+ read_u32_into(&seed, &mut state);
+ Xoshiro128PlusPlus { s: state }
+ }
+
+ /// Create a new `Xoshiro128PlusPlus` from a `u64` seed.
+ ///
+ /// This uses the SplitMix64 generator internally.
+ fn seed_from_u64(mut state: u64) -> Self {
+ const PHI: u64 = 0x9e3779b97f4a7c15;
+ let mut seed = Self::Seed::default();
+ for chunk in seed.as_mut().chunks_mut(8) {
+ state = state.wrapping_add(PHI);
+ let mut z = state;
+ z = (z ^ (z >> 30)).wrapping_mul(0xbf58476d1ce4e5b9);
+ z = (z ^ (z >> 27)).wrapping_mul(0x94d049bb133111eb);
+ z = z ^ (z >> 31);
+ chunk.copy_from_slice(&z.to_le_bytes());
+ }
+ Self::from_seed(seed)
+ }
+}
+
+impl RngCore for Xoshiro128PlusPlus {
+ #[inline]
+ fn next_u32(&mut self) -> u32 {
+ let result_starstar = self.s[0]
+ .wrapping_add(self.s[3])
+ .rotate_left(7)
+ .wrapping_add(self.s[0]);
+
+ let t = self.s[1] << 9;
+
+ self.s[2] ^= self.s[0];
+ self.s[3] ^= self.s[1];
+ self.s[1] ^= self.s[2];
+ self.s[0] ^= self.s[3];
+
+ self.s[2] ^= t;
+
+ self.s[3] = self.s[3].rotate_left(11);
+
+ result_starstar
+ }
+
+ #[inline]
+ fn next_u64(&mut self) -> u64 {
+ next_u64_via_u32(self)
+ }
+
+ #[inline]
+ fn fill_bytes(&mut self, dest: &mut [u8]) {
+ fill_bytes_via_next(self, dest);
+ }
+
+ #[inline]
+ fn try_fill_bytes(&mut self, dest: &mut [u8]) -> Result<(), Error> {
+ self.fill_bytes(dest);
+ Ok(())
+ }
+}
+
+#[cfg(test)]
+mod tests {
+ use super::*;
+
+ #[test]
+ fn reference() {
+ let mut rng = Xoshiro128PlusPlus::from_seed(
+ [1, 0, 0, 0, 2, 0, 0, 0, 3, 0, 0, 0, 4, 0, 0, 0]);
+ // These values were produced with the reference implementation:
+ // http://xoshiro.di.unimi.it/xoshiro128plusplus.c
+ let expected = [
+ 641, 1573767, 3222811527, 3517856514, 836907274, 4247214768,
+ 3867114732, 1355841295, 495546011, 621204420,
+ ];
+ for &e in &expected {
+ assert_eq!(rng.next_u32(), e);
+ }
+ }
+}
diff --git a/third_party/rust/rand/src/rngs/xoshiro256plusplus.rs b/third_party/rust/rand/src/rngs/xoshiro256plusplus.rs
new file mode 100644
index 0000000000..8ffb18b803
--- /dev/null
+++ b/third_party/rust/rand/src/rngs/xoshiro256plusplus.rs
@@ -0,0 +1,122 @@
+// Copyright 2018 Developers of the Rand project.
+//
+// Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
+// https://www.apache.org/licenses/LICENSE-2.0> or the MIT license
+// <LICENSE-MIT or https://opensource.org/licenses/MIT>, at your
+// option. This file may not be copied, modified, or distributed
+// except according to those terms.
+
+#[cfg(feature="serde1")] use serde::{Serialize, Deserialize};
+use rand_core::impls::fill_bytes_via_next;
+use rand_core::le::read_u64_into;
+use rand_core::{SeedableRng, RngCore, Error};
+
+/// A xoshiro256++ random number generator.
+///
+/// The xoshiro256++ algorithm is not suitable for cryptographic purposes, but
+/// is very fast and has excellent statistical properties.
+///
+/// The algorithm used here is translated from [the `xoshiro256plusplus.c`
+/// reference source code](http://xoshiro.di.unimi.it/xoshiro256plusplus.c) by
+/// David Blackman and Sebastiano Vigna.
+#[derive(Debug, Clone, PartialEq, Eq)]
+#[cfg_attr(feature="serde1", derive(Serialize, Deserialize))]
+pub struct Xoshiro256PlusPlus {
+ s: [u64; 4],
+}
+
+impl SeedableRng for Xoshiro256PlusPlus {
+ type Seed = [u8; 32];
+
+ /// Create a new `Xoshiro256PlusPlus`. If `seed` is entirely 0, it will be
+ /// mapped to a different seed.
+ #[inline]
+ fn from_seed(seed: [u8; 32]) -> Xoshiro256PlusPlus {
+ if seed.iter().all(|&x| x == 0) {
+ return Self::seed_from_u64(0);
+ }
+ let mut state = [0; 4];
+ read_u64_into(&seed, &mut state);
+ Xoshiro256PlusPlus { s: state }
+ }
+
+ /// Create a new `Xoshiro256PlusPlus` from a `u64` seed.
+ ///
+ /// This uses the SplitMix64 generator internally.
+ fn seed_from_u64(mut state: u64) -> Self {
+ const PHI: u64 = 0x9e3779b97f4a7c15;
+ let mut seed = Self::Seed::default();
+ for chunk in seed.as_mut().chunks_mut(8) {
+ state = state.wrapping_add(PHI);
+ let mut z = state;
+ z = (z ^ (z >> 30)).wrapping_mul(0xbf58476d1ce4e5b9);
+ z = (z ^ (z >> 27)).wrapping_mul(0x94d049bb133111eb);
+ z = z ^ (z >> 31);
+ chunk.copy_from_slice(&z.to_le_bytes());
+ }
+ Self::from_seed(seed)
+ }
+}
+
+impl RngCore for Xoshiro256PlusPlus {
+ #[inline]
+ fn next_u32(&mut self) -> u32 {
+ // The lowest bits have some linear dependencies, so we use the
+ // upper bits instead.
+ (self.next_u64() >> 32) as u32
+ }
+
+ #[inline]
+ fn next_u64(&mut self) -> u64 {
+ let result_plusplus = self.s[0]
+ .wrapping_add(self.s[3])
+ .rotate_left(23)
+ .wrapping_add(self.s[0]);
+
+ let t = self.s[1] << 17;
+
+ self.s[2] ^= self.s[0];
+ self.s[3] ^= self.s[1];
+ self.s[1] ^= self.s[2];
+ self.s[0] ^= self.s[3];
+
+ self.s[2] ^= t;
+
+ self.s[3] = self.s[3].rotate_left(45);
+
+ result_plusplus
+ }
+
+ #[inline]
+ fn fill_bytes(&mut self, dest: &mut [u8]) {
+ fill_bytes_via_next(self, dest);
+ }
+
+ #[inline]
+ fn try_fill_bytes(&mut self, dest: &mut [u8]) -> Result<(), Error> {
+ self.fill_bytes(dest);
+ Ok(())
+ }
+}
+
+#[cfg(test)]
+mod tests {
+ use super::*;
+
+ #[test]
+ fn reference() {
+ let mut rng = Xoshiro256PlusPlus::from_seed(
+ [1, 0, 0, 0, 0, 0, 0, 0, 2, 0, 0, 0, 0, 0, 0, 0,
+ 3, 0, 0, 0, 0, 0, 0, 0, 4, 0, 0, 0, 0, 0, 0, 0]);
+ // These values were produced with the reference implementation:
+ // http://xoshiro.di.unimi.it/xoshiro256plusplus.c
+ let expected = [
+ 41943041, 58720359, 3588806011781223, 3591011842654386,
+ 9228616714210784205, 9973669472204895162, 14011001112246962877,
+ 12406186145184390807, 15849039046786891736, 10450023813501588000,
+ ];
+ for &e in &expected {
+ assert_eq!(rng.next_u64(), e);
+ }
+ }
+}