mirror/zig - zig - Bouvais Git

mirror/zig

Fork 0

mirror of https://github.com/ziglang/zig.git synced 2025-12-06 14:23:09 +00:00

Commit Graph

Author	SHA1	Message	Date
Andrew Kelley	013efaf139	std: introduce a thread-local CSPRNG for general use std.crypto.random * cross platform, even freestanding * can't fail. on initialization for some systems requires calling os.getrandom(), in which case there are rare but theoretically possible errors. The code panics in these cases, however the application may choose to override the default seed function and then handle the failure another way. * thread-safe * supports the full Random interface * cryptographically secure * no syscall required to initialize on Linux (AT_RANDOM) * calls arc4random on systems that support it `std.crypto.randomBytes` is removed in favor of `std.crypto.random.bytes`. I moved some of the Random implementations into their own files in the interest of organization. stage2 no longer requires passing a RNG; instead it uses this API. Closes #6704	2020-12-18 12:22:46 -07:00
Frank Denis	7f9e3e419c	Use @reduce	2020-11-07 20:30:13 +01:00
Frank Denis	bd07154242	Add mem.timingSafeEql() for constant-time array comparison This is a trivial implementation that just does a or[xor] loop. However, this pattern is used by virtually all crypto libraries and in practice, even without assembly barriers, LLVM never turns it into code with conditional jumps, even if one of the parameters is constant. This has been verified to still be the case with LLVM 11.0.0.	2020-11-07 20:18:43 +01:00

Author

SHA1

Message

Date

Andrew Kelley

013efaf139

std: introduce a thread-local CSPRNG for general use

std.crypto.random

* cross platform, even freestanding
* can't fail. on initialization for some systems requires calling
  os.getrandom(), in which case there are rare but theoretically
  possible errors. The code panics in these cases, however the
  application may choose to override the default seed function and then
  handle the failure another way.
* thread-safe
* supports the full Random interface
* cryptographically secure
* no syscall required to initialize on Linux (AT_RANDOM)
* calls arc4random on systems that support it

`std.crypto.randomBytes` is removed in favor of `std.crypto.random.bytes`.

I moved some of the Random implementations into their own files in the
interest of organization.

stage2 no longer requires passing a RNG; instead it uses this API.

Closes #6704

2020-12-18 12:22:46 -07:00

Frank Denis

7f9e3e419c

Use @reduce

2020-11-07 20:30:13 +01:00

Frank Denis

bd07154242

Add mem.timingSafeEql() for constant-time array comparison

This is a trivial implementation that just does a or[xor] loop.

However, this pattern is used by virtually all crypto libraries and
in practice, even without assembly barriers, LLVM never turns it into
code with conditional jumps, even if one of the parameters is constant.

This has been verified to still be the case with LLVM 11.0.0.

2020-11-07 20:18:43 +01:00

3 Commits