@@ -60,6 +60,8 @@ pub trait SecureRandom: sealed::Sealed {
6060/// On Windows, `fill` is implemented using the platform's API for secure
6161/// random number generation.
6262///
63+ /// On SGX, `fill()` is implemented using the `RDRAND` instruction.
64+ ///
6365/// Otherwise, `fill()` is implemented by reading from `/dev/urandom`. (This is
6466/// something that should be improved for any platform that adds something
6567/// better.)
@@ -93,7 +95,7 @@ impl SecureRandom for SystemRandom {
9395
9496impl sealed:: Sealed for SystemRandom { }
9597
96- #[ cfg( not( any( target_os = "linux" , target_os = "macos" , target_os = "ios" , windows) ) ) ]
98+ #[ cfg( not( any( target_os = "linux" , target_os = "macos" , target_os = "ios" , windows, target_env = "sgx" ) ) ) ]
9799use self :: urandom:: fill as fill_impl;
98100
99101#[ cfg( any(
@@ -107,6 +109,10 @@ use self::sysrand_or_urandom::fill as fill_impl;
107109
108110#[ cfg( any( target_os = "macos" , target_os = "ios" ) ) ]
109111use self :: darwin:: fill as fill_impl;
112+
113+ #[ cfg( target_env = "sgx" ) ]
114+ use self :: rdrandom:: fill as fill_impl;
115+
110116use crate :: sealed;
111117
112118#[ cfg( target_os = "linux" ) ]
@@ -275,6 +281,24 @@ mod darwin {
275281 }
276282}
277283
284+ #[ cfg( target_env = "sgx" ) ]
285+ mod rdrandom {
286+ use rdrand:: RdRand ;
287+ use crate :: error;
288+ use crate :: endian:: LittleEndian ;
289+
290+ pub fn fill ( dest : & mut [ u8 ] ) -> Result < ( ) , error:: Unspecified > {
291+ let rng = RdRand :: new ( ) . map_err ( |_| error:: Unspecified ) ?;
292+ for dst_chunk in dest. chunks_mut ( 8 ) {
293+ let src_num = rng. try_next_u64 ( ) . ok_or ( error:: Unspecified ) ?;
294+ let temp = LittleEndian :: from ( src_num) ;
295+ let src_chunk = temp. as_ref ( ) ;
296+ dst_chunk. copy_from_slice ( & src_chunk[ ..dst_chunk. len ( ) ] ) ;
297+ }
298+ Ok ( ( ) )
299+ }
300+ }
301+
278302#[ cfg( test) ]
279303mod tests {
280304 use crate :: rand:: { self , SecureRandom } ;
0 commit comments