Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow to change default entropy source with configuration flags #498

Closed
newpavlov opened this issue Sep 5, 2024 · 0 comments · Fixed by #504
Closed

Allow to change default entropy source with configuration flags #498

newpavlov opened this issue Sep 5, 2024 · 0 comments · Fixed by #504

Comments

@newpavlov
Copy link
Member

newpavlov commented Sep 5, 2024

Some platforms provide hardware-based "true" RNG sources which can be faster and have smaller footprint than using OS-provided APIs. For example: the RDRAND instruction (x86), the RNDR register (ARM, see #494), the seed CSR (RISC-V). In most cases users should prefer OS-provided APIs because they are more widely available, likely less buggy (see comments in the rdrand module), and there are less security concerns about them. But in some controlled cases it could be useful to be able to switch to these entropy sources.

Crate features could be used for that, but they are not a good fit since, strictly speaking, change of entropy backend is not "additive". Some users also misuse those features and enable them unconditionally in library crates. It's probably better to use configuration flags (i.e. cfg(getrandom = "rdrand")). In future we may replace them with something like mutually exclusive features.

This configuration flag should probably replace the existing linux_disable_fallback, rdrand, and js features. The last one is the most debatable. It's the most used feature compared to the other two, so replacing it with a configuration flag may result in complaints from developers targeting Web WASM.

We also can gate support of "problematic" targets such as ESP-IDF (see #397) behind such flag to improve visibility of potential issues with such targets.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

1 participant