Skip to content

Add no_op backend #666

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 2 commits into from
Closed

Add no_op backend #666

wants to merge 2 commits into from

Conversation

@dsherret
Copy link
Contributor

@dsherret dsherret commented May 17, 2025

There are times when I go to use a crate in Wasm and some dependency of a dependency uses this crate for randomness, but I'm not using the functionality that needs the randomness. Providing a custom backend doesn't work because then it creates a wasm export and I want my wasm interface clean. For scenarios like this, it's useful to be able to just have this crate not provide any randomness at all.

dhardy
dhardy requested changes May 17, 2025
View reviewed changes
Copy link
Member

@dhardy dhardy left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The given impl isn't a no-op, and pretending that we randomized dest is not okay for any other dependency needing a securely-generated random key. It is a security hazard.

(This comment is also not an approval of the idea of adding a no-op backend.)

src/backends/no_op.rs
Comment on lines +7 to +12
pub fn fill_inner(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
for byte in dest {
byte.write(0);
}
Ok(())
}
Copy link
Member

@dhardy dhardy May 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should fail, reliably.

@dsherret
Copy link
Contributor Author

dsherret commented May 17, 2025
edited
Loading

The given impl isn't a no-op

Do you have a suggestion for a better name?

and pretending that we randomized dest is not okay for any other dependency needing a securely-generated random key. It is a security hazard.

There are cases where it's completely fine. It doesn't seem like it's pretending when it's in the description?

@dsherret
Copy link
Contributor Author

dsherret commented May 17, 2025
edited
Loading

Maybe a better solution would be to have an implementation that does a runtime panic or error? Again, in my case this code is never hit/run. I just need it to compile for wasm32-unknown-unkown without creating a bunch of bloat or changing the wasm module's interface.

@dsherret dsherret mentioned this pull request May 17, 2025
Merged
@dsherret
Copy link
Contributor Author

dsherret commented May 17, 2025

I opened #667 as an alternative.

@dhardy
Copy link
Member

dhardy commented May 18, 2025
edited
Loading

There are cases where it's completely fine. It doesn't seem like it's pretending when it's in the description?

It's not about what this backend claims to do; it's about what getrandom claims to do:

getrandom is a Rust library for retrieving random data from (operating) system sources.

It is assumed that the system always provides high-quality, cryptographically secure random data, ideally backed by hardware entropy sources. This crate derives its name from the Linux getrandom syscall but is cross-platform, roughly supporting the same set of platforms as Rust’s std library.

Who knows if someone might accidentally build deployment code using this backend?

Your alternative looks more acceptable.

@dhardy dhardy closed this May 18, 2025
@newpavlov newpavlov mentioned this pull request May 20, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dhardy dhardy dhardy requested changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@dsherret @dhardy