-
Notifications
You must be signed in to change notification settings - Fork 10
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Audit rand #54
Comments
I audited some of it in the past and sent in a few small fixes. Unfortunately, having them take on extra dependencies is less likely because of how central the crate is, but there is probably still space to improve. |
This task should probably be broken up into the sub-crates. A lot of the unsafe code is mostly to use OS functions while in no_std mode, from what I've gathered. The first step is to figure where nontrivial unsafe code is. |
Extracted from a reddit post: [..] inspired me to have a quick look at uses of
So in my view, It looks like this repository is focussed on memory safety, so I'd just like to quickly mention that Rand has a few other safety concerns: that generated keys/values are filled with random data, that RNGs are correctly initialised, that CSPRNG state is not inadvertently leaked, that CSPRNGs correspond to published test vectors, and a few other bits like fork detection. |
To point number two, could those be replaced with |
|
If you're converting from |
Alternatively you can create a |
The |
Has a Rust (LLVM?) bug been filed on that? |
Yes, rustc bug: rust-lang/rust#70439 |
I've found some code that's unsound but doesn't pose a security issue and sent in a fix: rust-random/rand#959 |
I've also managed to get rid of unsafe code in |
Another small reduction: rust-random/rand#962 |
I've looked into https://github.com/rust-random/rand/blob/05a1273ea83eeb0c0ade64ea55600b7f1fa39ec5/rand_core/src/block.rs#L352-L373 and it seems this On the other hand, the uses of
Unfortunately, I probably won't have the time to make actual pull requests or look into the remaining unsafe code. |
MSRV bump from 1.32 to 1.34 should be harmless because even Debian Stable ships 1.34 by now. |
Rust 1.34 is also nearly a year old. I don't see any problem bumping to this version for the 0.8 release, which is what the master branch is already working towards. (Maybe should ping @vks and @newpavlov to check, but I don't see any issue.) |
Copying from rust-random/rand#957:
Conversion of |
https://crates.io/crates/rand
Currently the most downloaded crate on crates.io.
Contains quite a few
unsafe
The text was updated successfully, but these errors were encountered: