1// Overwrite links to crate items with intra-crate links
2//! [`Error::UNEXPECTED`]: Error::UNEXPECTED
3//! [`fill_uninit`]: fill_uninit
45#![no_std]
6#![doc(
7 html_logo_url = "https://www.rust-lang.org/logos/rust-logo-128x128-blk.png",
8 html_favicon_url = "https://www.rust-lang.org/favicon.ico"
9)]
10#![doc = "# getrandom: system\'s random number generator\n\n[![Build Status]][GitHub Actions]\n[![Crate]][crates.io]\n[![Documentation]][docs.rs]\n[![Dependency Status]][deps.rs]\n[![Downloads]][crates.io]\n[![License]][LICENSE-MIT]\n\n`getrandom` is a Rust library for retrieving random data from (operating) system sources.\n\nIt is assumed that the system always provides high-quality, cryptographically secure random\ndata, ideally backed by hardware entropy sources. This crate derives its name from\nthe Linux `getrandom` syscall but is cross-platform, roughly supporting the same set\nof platforms as Rust\'s `std` library.\n\nThis is a low-level API. Most users should prefer using a higher-level random-number\nlibrary like [`rand`].\n\n[`rand`]: https://crates.io/crates/rand\n\n## Usage\n\nAdd the `getrandom` dependency to your `Cargo.toml` file:\n\n```toml\n[dependencies]\ngetrandom = \"0.3\"\n```\n\nThen invoke the `fill` function on a byte buffer to fill it with random data:\n\n```rust\nfn get_random_u128() -> Result<u128, getrandom::Error> {\n let mut buf = [0u8; 16];\n getrandom::fill(&mut buf)?;\n Ok(u128::from_ne_bytes(buf))\n}\n```\n\n## Supported targets\n\n| Target | Target Triple | Implementation\n| ------------------ | ------------------ | --------------\n| Linux, Android | `*\u{2011}linux\u{2011}*` | [`getrandom`][1] system call if available, otherwise [`/dev/urandom`][2] after successfully polling `/dev/random`\n| Windows 10+ | `*\u{2011}windows\u{2011}*` | [`ProcessPrng`]\n| Windows 7, 8 | `*-win7\u{2011}windows\u{2011}*` | [`RtlGenRandom`]\n| macOS | `*\u{2011}apple\u{2011}darwin` | [`getentropy`][3]\n| iOS, tvOS, watchOS | `*\u{2011}apple\u{2011}{ios,tvos,watchos}` | [`CCRandomGenerateBytes`]\n| FreeBSD | `*\u{2011}freebsd` | [`getrandom`][5]\n| OpenBSD | `*\u{2011}openbsd` | [`getentropy`][7]\n| NetBSD | `*\u{2011}netbsd` | [`getrandom`][16] if available, otherwise [`kern.arandom`][8]\n| Dragonfly\u{a0}BSD | `*\u{2011}dragonfly` | [`getrandom`][9]\n| Solaris | `*\u{2011}solaris` | [`getrandom`][11] with `GRND_RANDOM`\n| illumos | `*\u{2011}illumos` | [`getrandom`][12]\n| Fuchsia\u{a0}OS | `*\u{2011}fuchsia` | [`cprng_draw`]\n| Redox | `*\u{2011}redox` | `/dev/urandom`\n| Haiku | `*\u{2011}haiku` | `/dev/urandom` (identical to `/dev/random`)\n| Hermit | `*-hermit` | [`sys_read_entropy`]\n| Hurd | `*-hurd-*` | [`getrandom`][17]\n| SGX | `x86_64\u{2011}*\u{2011}sgx` | [`RDRAND`]\n| VxWorks | `*\u{2011}wrs\u{2011}vxworks\u{2011}*` | `randABytes` after checking entropy pool initialization with `randSecure`\n| Emscripten | `*\u{2011}emscripten` | [`getentropy`][13]\n| WASI 0.1 | `wasm32\u{2011}wasip1` | [`random_get`]\n| WASI 0.2 | `wasm32\u{2011}wasip2` | [`get-random-u64`]\n| SOLID | `*-kmc-solid_*` | `SOLID_RNG_SampleRandomBytes`\n| Nintendo 3DS | `*-nintendo-3ds` | [`getrandom`][18]\n| ESP-IDF | `*\u{2011}espidf` | [`esp_fill_random`] WARNING: see \"Early Boot\" section below\n| PS Vita | `*-vita-*` | [`getentropy`][19]\n| QNX Neutrino | `*\u{2011}nto-qnx*` | [`/dev/urandom`][14] (identical to `/dev/random`)\n| AIX | `*-ibm-aix` | [`/dev/urandom`][15]\n| Cygwin | `*-cygwin` | [`getrandom`][20] (based on [`RtlGenRandom`])\n| Motor OS | `x86_64-unknown-motor` | [`RDRAND`]\n\nPull Requests that add support for new targets to `getrandom` are always welcome.\n\n### WebAssembly support\n\nThis crate fully supports the [WASI] and [Emscripten] targets. However,\nthe `wasm32-unknown-unknown` target (i.e. the target used by `wasm-pack`)\nis not automatically supported since, from the target name alone, we cannot deduce\nwhich JavaScript interface should be used (or if JavaScript is available at all).\n\nWe do not include support for this target in the default configuration because our JS backend\n(supporting web browsers, web workers and Node.js v19 or later) requires [`wasm-bindgen`],\n**bloating `Cargo.lock`** and **potentially breaking builds** on non-web WASM platforms.\n\nTo enable `getrandom`\'s functionality on `wasm32-unknown-unknown` using\n[`Crypto.getRandomValues`] via [`wasm-bindgen`], enable the `wasm_js` crate feature.\n\nWARNING: We strongly recommend against enabling this feature in libraries (except for tests)\nsince it is known to break non-Web WASM builds and further since the usage of `wasm-bindgen`\ncauses significant bloat to `Cargo.lock` (on all targets).\n\nThe only exception to this rule: if your crate already unconditionally depends on `wasm-bindgen`\nor `js-sys` on \"unknown\" WASM targets then it\'s acceptable to enable this feature unconditionally.\n\n### Opt-in backends\n\n`getrandom` also provides optional (opt-in) backends, which allow users to customize the source\nof randomness based on their specific needs:\n\n| Backend name | Target | Target Triple | Implementation\n| ------------------- | -------------------- | ------------------------ | --------------\n| `linux_getrandom` | Linux, Android | `*\u{2011}linux\u{2011}*` | [`getrandom`][1] system call (without `/dev/urandom` fallback). Bumps minimum supported Linux kernel version to 3.17 and Android API level to 23 (Marshmallow).\n| `linux_raw` | Linux, Android | `*\u{2011}linux\u{2011}*` | Same as `linux_getrandom`, but uses raw `asm!`-based syscalls instead of `libc`.\n| `rdrand` | x86, x86-64 | `x86_64-*`, `i686-*` | [`RDRAND`] instruction\n| `rndr` | AArch64 | `aarch64-*` | [`RNDR`] register\n| `efi_rng` | UEFI | `*-unknown\u{2011}uefi` | [`EFI_RNG_PROTOCOL`] with `EFI_RNG_ALGORITHM_RAW` (requires `std` and Nightly compiler)\n| `windows_legacy` | Windows | `*-windows-*` | [`RtlGenRandom`]\n| `custom` | All targets | `*` | User-provided custom implementation (see [custom backend])\n| `unsupported` | All targets | `*` | Always returns `Err(Error::UNSUPPORTED)` (see [unsupported backend])\n| `extern_impl` | All targets | `*` | Externally-provided custom implementation (see [externally implemented interface])\n\nOpt-in backends can be enabled using the `getrandom_backend` configuration flag.\nThe flag can be set either by specifying the `rustflags` field in [`.cargo/config.toml`]:\n```toml\n# It\'s recommended to set the flag on a per-target basis:\n[target.\'cfg(target_os = \"linux\")\']\nrustflags = [\'--cfg\', \'getrandom_backend=\"linux_getrandom\"\']\n```\n\nOr by using the `RUSTFLAGS` environment variable:\n\n```sh\nRUSTFLAGS=\'--cfg getrandom_backend=\"linux_getrandom\"\' cargo build\n```\n\nEnabling an opt-in backend will replace the backend used by default. Doing this for\nan incorrect target (e.g. using `linux_getrandom` while compiling for a Windows target)\nwill result in a compilation error. Be extremely careful while using opt-in backends,\nas incorrect configuration may result in vulnerable applications or applications\nthat always panic.\n\nNote that using an opt-in backend in a library (e.g. for tests or benchmarks)\nWILL NOT have any effect on its downstream users.\n\n[`.cargo/config.toml`]: https://doc.rust-lang.org/cargo/reference/config.html\n\n### Raw Linux syscall support\n\nCurrently the `linux_raw` backend supports only targets with stabilized `asm!` macro,\ni.e. `arm`, `aarch64`, `loongarch64`, `riscv32`, `riscv64`, `s390x`, `x86`, and `x86_64`.\n\nNote that the raw syscall backend may be slower than backends based on `libc::getrandom`,\ne.g. it does not implement vDSO optimizations and on `x86` it uses the infamously slow\n`int 0x80` instruction to perform syscall.\n\n### Custom backend\n\nIf this crate does not support your target out of the box or you have to use\na non-default entropy source, then you can provide a custom implementation.\nYou need to enable the custom backend as described in the\n[opt-in backends][opt-in] section.\n\nNext, you need to define an `extern` function with the following signature:\n\n```rust\nuse getrandom::Error;\n\n#[unsafe(no_mangle)]\nunsafe extern \"Rust\" fn __getrandom_v03_custom(\n dest: *mut u8,\n len: usize,\n) -> Result<(), Error> {\n todo!()\n}\n```\n\nThis function should, ideally, be defined in the root crate of your project,\ne.g. in your `main.rs`. This function MUST be defined only once for your\nproject, i.e. upstream library crates SHOULD NOT define it outside of\ntests and benchmarks. Improper configuration of this backend may result\nin linking errors.\n\nThe function accepts a pointer to a buffer that should be filled with random\ndata and its length in bytes. Note that the buffer MAY be uninitialized.\nOn success, the function should return `Ok(())` and fully fill the input buffer;\notherwise, it should return an error value.\n\nWhile wrapping functions which work with byte slices you should fully initialize\nthe buffer before passing it to the function:\n```rust\nuse getrandom::Error;\n\nfn my_entropy_source(buf: &mut [u8]) -> Result<(), getrandom::Error> {\n // ...\n Ok(())\n}\n\n#[unsafe(no_mangle)]\nunsafe extern \"Rust\" fn __getrandom_v03_custom(\n dest: *mut u8,\n len: usize,\n) -> Result<(), Error> {\n let buf = unsafe {\n // fill the buffer with zeros\n core::ptr::write_bytes(dest, 0, len);\n // create mutable byte slice\n core::slice::from_raw_parts_mut(dest, len)\n };\n my_entropy_source(buf)\n}\n```\n\n### Externally Implemented Interface\n\nUsing the nightly-only feature [`extern_item_impls`] it is possible to provide\na custom backend for `getrandom`, even to override an existing first-party implementation.\nFirst, enable the `extern_impl` opt-in backend to allow usage of this nightly feature.\nThen, you may provide implementations for `fill_uninit`, `u32`, and/or `u64`\nwith an attribute macro from the `implementation` module.\n\n[`extern_item_impls`]: https://github.com/rust-lang/rust/issues/125418\n\n```rust\nuse core::mem::MaybeUninit;\n\n#[cfg(getrandom_backend = \"extern_impl\")]\n#[getrandom::implementation::fill_uninit]\nfn my_fill_uninit_implementation(\n dest: &mut [MaybeUninit<u8>]\n) -> Result<(), getrandom::Error> {\n // ...\n Ok(())\n}\n```\n\nFor further details on what a suitable implementation for `fill_uninit` may look\nlike, see [custom backend].\n\n`getrandom` will provide a default implementation for `u32` and `u64`, but does\nnot currently provide a default for `fill_uninit`, even if one is normally\navailable for the current target. If no implementation is available,\na compilation error will be raised with instructions for how to provide\nan implementation.\n\n### Unsupported backend\n\nIn some rare scenarios, you might be compiling this crate for an unsupported\ntarget (e.g. `wasm32-unknown-unknown`), but this crate\'s functionality\nis not actually used by your code. If you are confident that `getrandom` is\nnot used in your project, but it gets pulled nevertheless by one of your\ndependencies, then you can enable the `unsupported` backend, which always\nreturns `Err(Error::UNSUPPORTED)`.\n\n### Platform Support\n\nThis crate generally supports the same operating system and platform versions\nthat the Rust standard library does. Additional targets may be supported using\nthe opt-in custom backend.\n\nThis means that as Rust drops support for old versions of operating systems\n(such as old Linux kernel versions, Android API levels, etc.) in stable releases,\n`getrandom` may create new patch releases that remove support for\noutdated platform versions.\n\n### `/dev/urandom` fallback on Linux and Android\n\nOn Linux targets, the `/dev/urandom` fallback is present only if either `target_env`\nis `musl`, or `target_arch` is one of the following: `aarch64`, `arm`, `powerpc`,\n`powerpc64`, `s390x`, `x86`, `x86_64`. Other supported targets [require][platform-support]\nkernel versions that support the `getrandom` system call, so the fallback is not needed.\n\nOn Android targets the fallback is present only for the following `target_arch`es:\n`aarch64`, `arm`, `x86`, `x86_64`. Other `target_arch`es (e.g. RISC-V) require\nsufficiently high API levels.\n\nThe fallback can be disabled by enabling the `linux_getrandom` opt-in backend.\nNote that doing so will bump minimum supported Linux kernel version to 3.17\nand Android API level to 23 (Marshmallow).\n\n### Early boot\n\nSometimes, early in the boot process, the OS has not collected enough\nentropy to securely seed its RNG. This is especially common on virtual\nmachines, where standard \"random\" events are hard to come by.\n\nSome operating system interfaces always block until the RNG is securely\nseeded. This can take anywhere from a few seconds to more than a minute.\nA few (Linux, NetBSD and Solaris) offer a choice between blocking and\ngetting an error; in these cases, we always choose to block.\n\nOn Linux (when the `getrandom` system call is not available), reading from\n`/dev/urandom` never blocks, even when the OS hasn\'t collected enough\nentropy yet. To avoid returning low-entropy bytes, we first poll\n`/dev/random` and only switch to `/dev/urandom` once this has succeeded.\n\nOn OpenBSD, this kind of entropy accounting isn\'t available, and on\nNetBSD, blocking on it is discouraged. On these platforms, nonblocking\ninterfaces are used, even when reliable entropy may not be available.\nOn the platforms where it is used, the reliability of entropy accounting\nitself isn\'t free from controversy. This library provides randomness\nsourced according to the platform\'s best practices, but each platform has\nits own limits on the grade of randomness it can promise in environments\nwith few sources of entropy.\n\nOn ESP-IDF, if `esp_fill_random` is used before enabling WiFi, BT, or the\nvoltage noise entropy source (SAR ADC), the Hardware RNG will only be seeded\nvia RC_FAST_CLK. This can occur during early boot unless\n`bootloader_random_enable()` is called. For more information see the\n[ESP-IDF RNG Docs][esp-idf-rng] or the\n[RNG section of the ESP32 Technical Reference Manual][esp-trng-docs].\n\n## Error handling\n\nWe always prioritize failure over returning known insecure \"random\" bytes.\nGenerally, on supported platforms, failure is highly unlikely, though not\nimpossible. If an error does occur, it is likely that it will occur\non every call to `getrandom`. Therefore, after the first successful call,\none can be reasonably confident that no errors will occur.\n\n## Panic handling\n\nWe strive to eliminate all potential panics from our backend implementations.\nIn other words, when compiled with optimizations enabled, the generated\nbinary code for `getrandom` functions should not contain any panic branches.\nEven if the platform misbehaves and returns an unexpected result,\nour code should correctly handle it and return an error, e.g.\n[`Error::UNEXPECTED`].\n\n## Sanitizer support\n\nIf your code uses [`fill_uninit`] and you enable\n[MemorySanitizer](https://doc.rust-lang.org/beta/unstable-book/compiler-flags/sanitizer.html#memorysanitizer)\n(i.e. `-Zsanitizer=memory`), we will automatically handle unpoisoning\nof the destination buffer filled by `fill_uninit`.\n\nYou can run sanitizer tests for your crate dependent on `getrandom` like this:\n```sh\nRUSTFLAGS=\"-Zsanitizer=memory\" cargo test -Zbuild-std --target=x86_64-unknown-linux-gnu\n```\n\n## Minimum Supported Rust Version\n\nThis crate requires Rust 1.85 or later.\n\n## License\n\nThe `getrandom` library is distributed under either of\n\n * [Apache License, Version 2.0][LICENSE-APACHE]\n * [MIT license][LICENSE-MIT]\n\nat your option.\n\n### Contribution\n\nUnless you explicitly state otherwise, any contribution intentionally submitted\nfor inclusion in the work by you, as defined in the Apache-2.0 license, shall be\ndual licensed as above, without any additional terms or conditions.\n\n[//]: # (badges)\n\n[GitHub Actions]: https://github.com/rust-random/getrandom/actions?query=branch:master\n[Build Status]: https://github.com/rust-random/getrandom/actions/workflows/tests.yml/badge.svg?branch=master\n[crates.io]: https://crates.io/crates/getrandom\n[Crate]: https://img.shields.io/crates/v/getrandom\n[docs.rs]: https://docs.rs/getrandom\n[Documentation]: https://docs.rs/getrandom/badge.svg\n[deps.rs]: https://deps.rs/repo/github/rust-random/getrandom\n[Dependency Status]: https://deps.rs/repo/github/rust-random/getrandom/status.svg\n[Downloads]: https://img.shields.io/crates/d/getrandom\n[License]: https://img.shields.io/crates/l/getrandom\n\n[//]: # (supported targets)\n\n[1]: https://manned.org/getrandom.2\n[2]: https://manned.org/urandom.4\n[3]: https://www.unix.com/man-page/mojave/2/getentropy/\n[4]: https://www.unix.com/man-page/mojave/4/urandom/\n[5]: https://www.freebsd.org/cgi/man.cgi?query=getrandom&manpath=FreeBSD+12.0-stable\n[7]: https://man.openbsd.org/getentropy.2\n[8]: https://man.netbsd.org/sysctl.7\n[9]: https://leaf.dragonflybsd.org/cgi/web-man?command=getrandom\n[11]: https://docs.oracle.com/cd/E88353_01/html/E37841/getrandom-2.html\n[12]: https://illumos.org/man/2/getrandom\n[13]: https://github.com/emscripten-core/emscripten/pull/12240\n[14]: https://www.qnx.com/developers/docs/7.1/index.html#com.qnx.doc.neutrino.utilities/topic/r/random.html\n[15]: https://www.ibm.com/docs/en/aix/7.3?topic=files-random-urandom-devices\n[16]: https://man.netbsd.org/getrandom.2\n[17]: https://www.gnu.org/software/libc/manual/html_mono/libc.html#index-getrandom\n[18]: https://github.com/rust3ds/shim-3ds/commit/b01d2568836dea2a65d05d662f8e5f805c64389d\n[19]: https://github.com/vitasdk/newlib/blob/2d869fe47aaf02b8e52d04e9a2b79d5b210fd016/newlib/libc/sys/vita/getentropy.c\n[20]: https://github.com/cygwin/cygwin/blob/main/winsup/cygwin/libc/getentropy.cc\n\n[`ProcessPrng`]: https://learn.microsoft.com/en-us/windows/win32/seccng/processprng\n[`RtlGenRandom`]: https://learn.microsoft.com/en-us/windows/win32/api/ntsecapi/nf-ntsecapi-rtlgenrandom\n[`Crypto.getRandomValues`]: https://www.w3.org/TR/WebCryptoAPI/#Crypto-method-getRandomValues\n[`RDRAND`]: https://software.intel.com/en-us/articles/intel-digital-random-number-generator-drng-software-implementation-guide\n[`RNDR`]: https://developer.arm.com/documentation/ddi0601/2024-06/AArch64-Registers/RNDR--Random-Number\n[`CCRandomGenerateBytes`]: https://opensource.apple.com/source/CommonCrypto/CommonCrypto-60074/include/CommonRandom.h.auto.html\n[`cprng_draw`]: https://fuchsia.dev/fuchsia-src/zircon/syscalls/cprng_draw\n[`esp_fill_random`]: https://docs.espressif.com/projects/esp-idf/en/stable/esp32/api-reference/system/random.html#functions\n[esp-idf-rng]: https://docs.espressif.com/projects/esp-idf/en/stable/esp32/api-reference/system/random.html\n[esp-trng-docs]: https://www.espressif.com/sites/default/files/documentation/esp32_technical_reference_manual_en.pdf#rng\n[`EFI_RNG_PROTOCOL`]: https://uefi.org/specs/UEFI/2.10/37_Secure_Technologies.html#efi-rng-protocol\n[`random_get`]: https://github.com/WebAssembly/WASI/blob/snapshot-01/phases/snapshot/docs.md#-random_getbuf-pointeru8-buf_len-size---errno\n[`get-random-u64`]: https://github.com/WebAssembly/WASI/blob/v0.2.1/wasip2/random/random.wit#L23-L28\n[configuration flags]: #configuration-flags\n[custom backend]: #custom-backend\n[unsupported backend]: #unsupported-backend\n[`wasm-bindgen`]: https://github.com/rustwasm/wasm-bindgen\n[`module`]: https://rustwasm.github.io/wasm-bindgen/reference/attributes/on-js-imports/module.html\n[`sys_read_entropy`]: https://github.com/hermit-os/kernel/blob/315f58ff5efc81d9bf0618af85a59963ff55f8b1/src/syscalls/entropy.rs#L47-L55\n[platform-support]: https://doc.rust-lang.org/stable/rustc/platform-support.html\n[WASI]: https://github.com/WebAssembly/WASI\n[Emscripten]: https://emscripten.org\n[opt-in]: #opt-in-backends\n[externally implemented interface]: #externally-implemented-interface\n\n[//]: # (licenses)\n\n[LICENSE-APACHE]: https://github.com/rust-random/getrandom/blob/master/LICENSE-APACHE\n[LICENSE-MIT]: https://github.com/rust-random/getrandom/blob/master/LICENSE-MIT\n\n[`Error::UNEXPECTED`]: https://docs.rs/getrandom/latest/getrandom/struct.Error.html#associatedconstant.UNEXPECTED\n[`fill_uninit`]: https://docs.rs/getrandom/latest/getrandom/fn.fill_uninit.html\n"include_str!("../README.md")]
11#![cfg_attr(docsrs, feature(doc_cfg))]
12#![cfg_attr(getrandom_backend = "efi_rng", feature(uefi_std))]
13#![cfg_attr(getrandom_backend = "extern_impl", feature(extern_item_impls))]
1415#[macro_use]
16extern crate cfg_if;
1718use core::mem::MaybeUninit;
1920mod backends;
21mod error;
22mod util;
2324#[cfg(feature = "std")]
25mod error_std_impls;
2627/// `rand_core` adapter
28#[cfg(feature = "sys_rng")]
29mod sys_rng;
3031#[cfg(feature = "sys_rng")]
32pub use rand_core;
33#[cfg(feature = "sys_rng")]
34pub use sys_rng::SysRng;
3536pub use crate::error::{Error, RawOsError};
3738/// Attribute macros for overwriting the core functionality of this crate.
39///
40/// This allows `getrandom` to provide a default implementation and a common interface
41/// for all crates to use, while giving users a safe way to override that default where required.
42///
43/// Must be enabled via the `extern_impl` opt-in backend, as this functionality
44/// is currently limited to nightly.
45///
46/// # Examples
47///
48/// ```rust
49/// # use core::mem::MaybeUninit;
50/// # #[cfg(getrandom_backend = "extern_impl")]
51/// #[getrandom::implementation::fill_uninit]
52/// fn my_fill_uninit_implementation(
53/// dest: &mut [MaybeUninit<u8>]
54/// ) -> Result<(), getrandom::Error> {
55/// // ...
56/// # let _ = dest;
57/// # Err(Error::UNSUPPORTED)
58/// }
59/// ```
60#[cfg(getrandom_backend = "extern_impl")]
61pub mod implementation {
62pub use crate::backends::extern_impl::{fill_uninit, u32, u64};
63}
6465/// Fill `dest` with random bytes from the system's preferred random number source.
66///
67/// This function returns an error on any failure, including partial reads. We
68/// make no guarantees regarding the contents of `dest` on error. If `dest` is
69/// empty, `getrandom` immediately returns success, making no calls to the
70/// underlying operating system.
71///
72/// Blocking is possible, at least during early boot; see module documentation.
73///
74/// In general, `getrandom` will be fast enough for interactive usage, though
75/// significantly slower than a user-space CSPRNG; for the latter consider
76/// [`rand::thread_rng`](https://docs.rs/rand/*/rand/fn.thread_rng.html).
77///
78/// # Examples
79///
80/// ```
81/// # fn main() -> Result<(), getrandom::Error> {
82/// let mut buf = [0u8; 32];
83/// getrandom::fill(&mut buf)?;
84/// # Ok(()) }
85/// ```
86#[inline]
87pub fn fill(dest: &mut [u8]) -> Result<(), Error> {
88// SAFETY: The `&mut MaybeUninit<_>` reference doesn't escape,
89 // and `fill_uninit` guarantees it will never de-initialize
90 // any part of `dest`.
91fill_uninit(unsafe { util::slice_as_uninit_mut(dest) })?;
92Ok(())
93}
9495/// Fill potentially uninitialized buffer `dest` with random bytes from
96/// the system's preferred random number source and return a mutable
97/// reference to those bytes.
98///
99/// On successful completion this function is guaranteed to return a slice
100/// which points to the same memory as `dest` and has the same length.
101/// In other words, it's safe to assume that `dest` is initialized after
102/// this function has returned `Ok`.
103///
104/// No part of `dest` will ever be de-initialized at any point, regardless
105/// of what is returned.
106///
107/// # Examples
108///
109/// ```ignore
110/// # // We ignore this test since `uninit_array` is unstable.
111/// #![feature(maybe_uninit_uninit_array)]
112/// # fn main() -> Result<(), getrandom::Error> {
113/// let mut buf = core::mem::MaybeUninit::uninit_array::<1024>();
114/// let buf: &mut [u8] = getrandom::fill_uninit(&mut buf)?;
115/// # Ok(()) }
116/// ```
117#[inline]
118pub fn fill_uninit(dest: &mut [MaybeUninit<u8>]) -> Result<&mut [u8], Error> {
119if !dest.is_empty() {
120 backends::fill_inner(dest)?;
121 }
122123#[cfg(getrandom_msan)]
124unsafe extern "C" {
125fn __msan_unpoison(a: *mut core::ffi::c_void, size: usize);
126 }
127128// SAFETY: `dest` has been fully initialized by `imp::fill_inner`
129 // since it returned `Ok`.
130Ok(unsafe { util::slice_assume_init_mut(dest) })
131}
132133/// Get random `u32` from the system's preferred random number source.
134///
135/// # Examples
136///
137/// ```
138/// # fn main() -> Result<(), getrandom::Error> {
139/// let rng_seed = getrandom::u32()?;
140/// # Ok(()) }
141/// ```
142#[inline]
143pub fn u32() -> Result<u32, Error> {
144 backends::inner_u32()
145}
146147/// Get random `u64` from the system's preferred random number source.
148///
149/// # Examples
150///
151/// ```
152/// # fn main() -> Result<(), getrandom::Error> {
153/// let rng_seed = getrandom::u64()?;
154/// # Ok(()) }
155/// ```
156#[inline]
157pub fn u64() -> Result<u64, Error> {
158 backends::inner_u64()
159}