Remove std dependancy for error handling

Author: josephlr

Cargo.toml

@@ -22,7 +22,7 @@ log = { version = "0.4", optional = true }
 cfg-if = "0.1"
 
 [target.'cfg(any(unix, target_os = "redox", target_os = "wasi"))'.dependencies]
-libc = "0.2.54"
+libc = "0.2.60"
 
 [target.wasm32-unknown-unknown.dependencies]
 wasm-bindgen = { version = "0.2.29", optional = true }

src/cloudabi.rs

@@ -8,23 +8,17 @@
 
 //! Implementation for CloudABI
 use crate::Error;
-use core::num::NonZeroU32;
 
 extern "C" {
     fn cloudabi_sys_random_get(buf: *mut u8, buf_len: usize) -> u16;
 }
 
 pub fn getrandom_inner(dest: &mut [u8]) -> Result<(), Error> {
     let errno = unsafe { cloudabi_sys_random_get(dest.as_mut_ptr(), dest.len()) };
-    if let Some(code) = NonZeroU32::new(errno as u32) {
-        error!("cloudabi_sys_random_get failed with code {}", code);
-        Err(Error::from(code))
+    if errno != 0 {
+        error!("cloudabi_sys_random_get: failed with {}", errno);
+        Err(Error::from_os_error(errno.into()))
     } else {
         Ok(()) // Zero means success for CloudABI
     }
 }
-
-#[inline(always)]
-pub fn error_msg_inner(_: NonZeroU32) -> Option<&'static str> {
-    None
-}

src/dummy.rs

@@ -6,17 +6,9 @@
 // option. This file may not be copied, modified, or distributed
 // except according to those terms.
 
-//! A dummy implementation for unsupported targets which always returns
-//! `Err(Error::UNAVAILABLE)`
-use crate::Error;
-use core::num::NonZeroU32;
+//! A dummy implementation for unsupported targets which always fails
+use crate::{error::UNSUPPORTED, Error};
 
 pub fn getrandom_inner(_: &mut [u8]) -> Result<(), Error> {
-    error!("no support for this platform");
-    Err(Error::UNAVAILABLE)
-}
-
-#[inline(always)]
-pub fn error_msg_inner(_: NonZeroU32) -> Option<&'static str> {
-    None
+    Err(Error::internal(UNSUPPORTED))
 }

src/error.rs

@@ -5,78 +5,166 @@
 // <LICENSE-MIT or https://opensource.org/licenses/MIT>, at your
 // option. This file may not be copied, modified, or distributed
 // except according to those terms.
-use core::convert::From;
 use core::fmt;
 use core::num::NonZeroU32;
 
-// A randomly-chosen 24-bit prefix for our codes
-pub(crate) const CODE_PREFIX: u32 = 0x57f4c500;
-const CODE_UNKNOWN: u32 = CODE_PREFIX | 0x00;
-const CODE_UNAVAILABLE: u32 = CODE_PREFIX | 0x01;
-
-/// The error type.
+/// A small and `no_std` compatible error type.
 ///
-/// This type is small and no-std compatible.
+/// The [`Error::raw_os_error()`] will indicate if the error is from the OS, and
+/// if so, which error code the OS gave the application. If such an error is
+/// encountered, please consult with your system documentation.
 #[derive(Copy, Clone, Eq, PartialEq)]
-pub struct Error(pub(crate) NonZeroU32);
+pub struct Error(NonZeroU32);
+
+// This NonZeroU32 in Error has enough room for two types of errors:
+//   - OS Errors:       in range [1, 1 << 31) (i.e. positive i32 values)
+//   - Custom Errors:   in range [1 << 31, 1 << 32) (in blocks of 1 << 16)
+const CUSTOM_START: u32 = 1 << 31;
+const BLOCK_SIZE: u32 = 1 << 16;
 
 impl Error {
-    /// An unknown error.
-    pub const UNKNOWN: Error = Error(unsafe { NonZeroU32::new_unchecked(CODE_UNKNOWN) });
+    /// Create a new error from a raw OS error number (errno).
+    pub fn from_os_error(errno: i32) -> Self {
+        assert!(errno > 0);
+        Self(NonZeroU32::new(errno as u32).unwrap())
+    }
 
-    /// No generator is available.
-    pub const UNAVAILABLE: Error = Error(unsafe { NonZeroU32::new_unchecked(CODE_UNAVAILABLE) });
+    /// Crate a custom error in the provided block (group of 2^16 error codes).
+    /// The provided block must not be negative, and block 0 is reserved for
+    /// custom errors in the `getrandom` crate.
+    pub fn custom_error(block: i16, code: u16) -> Self {
+        assert!(block >= 0);
+        let n = CUSTOM_START + (block as u32) * BLOCK_SIZE + (code as u32);
+        Self(NonZeroU32::new(n).unwrap())
+    }
 
-    /// Extract the error code.
+    /// Extract the raw OS error code (if this error came from the OS)
     ///
-    /// This may equal one of the codes defined in this library or may be a
-    /// system error code.
+    /// This method is identical to `std::io::Error::raw_os_error()`, except
+    /// that it works in `no_std` contexts. If this method returns `None`, the
+    /// error value can still be formatted via the `Diplay` implementation.
+    pub fn raw_os_error(&self) -> Option<i32> {
+        self.try_os_error().ok()
+    }
+
+    /// Extract the bare error code.
     ///
-    /// One may attempt to format this error via the `Display` implementation.
+    /// This code can either come from the underlying OS, or be a custom error.
+    /// Use [`raw_os_error()`] to disambiguate.
     pub fn code(&self) -> NonZeroU32 {
         self.0
     }
 
-    pub(crate) fn msg(&self) -> Option<&'static str> {
-        if let Some(msg) = crate::imp::error_msg_inner(self.0) {
-            Some(msg)
+    /// Helper method for creating internal errors
+    #[allow(dead_code)]
+    pub(crate) fn internal(code: u16) -> Self {
+        Self::custom_error(0, code)
+    }
+
+    /// Returns either the OS error or a (block, code) pair
+    fn try_os_error(&self) -> Result<i32, (i16, u16)> {
+        if self.0.get() < CUSTOM_START {
+            Ok(self.0.get() as i32)
         } else {
-            match *self {
-                Error::UNKNOWN => Some("getrandom: unknown error"),
-                Error::UNAVAILABLE => Some("getrandom: unavailable"),
-                _ => None,
-            }
+            let offset = self.0.get() - CUSTOM_START;
+            Err(((offset / BLOCK_SIZE) as i16, (offset % BLOCK_SIZE) as u16))
         }
     }
 }
 
+#[cfg(any(unix, target_os = "redox"))]
+fn os_err_desc(errno: i32, buf: &mut [u8]) -> Option<&str> {
+    let buf_ptr = buf.as_mut_ptr() as *mut libc::c_char;
+    if unsafe { libc::strerror_r(errno, buf_ptr, buf.len()) } != 0 {
+        return None;
+    }
+
+    // Take up to trailing null byte
+    let idx = buf.iter().position(|&b| b == 0).unwrap_or(buf.len());
+    core::str::from_utf8(&buf[..idx]).ok()
+}
+
+#[cfg(not(any(unix, target_os = "redox")))]
+fn os_err_desc(_errno: i32, _buf: &mut [u8]) -> Option<&str> {
+    None
+}
+
 impl fmt::Debug for Error {
-    fn fmt(&self, f: &mut fmt::Formatter) -> Result<(), fmt::Error> {
-        match self.msg() {
-            Some(msg) => write!(f, "Error(\"{}\")", msg),
-            None => write!(f, "Error(0x{:08X})", self.0),
+    fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
+        let mut dbg = f.debug_struct("Error");
+        match self.try_os_error() {
+            Ok(errno) => {
+                dbg.field("os_error", &errno);
+                let mut buf = [0u8; 128];
+                if let Some(desc) = os_err_desc(errno, &mut buf) {
+                    dbg.field("description", &desc);
+                }
+            }
+            Err((0, code)) => {
+                dbg.field("internal_code", &code);
+                if let Some(desc) = internal_desc(code) {
+                    dbg.field("description", &desc);
+                }
+            }
+            Err((block, code)) => {
+                dbg.field("block", &block);
+                dbg.field("custom_code", &code);
+            }
         }
+        dbg.finish()
     }
 }
 
 impl fmt::Display for Error {
-    fn fmt(&self, f: &mut fmt::Formatter) -> Result<(), fmt::Error> {
-        match self.msg() {
-            Some(msg) => write!(f, "{}", msg),
-            None => write!(f, "getrandom: unknown code 0x{:08X}", self.0),
+    fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
+        match self.try_os_error() {
+            Ok(errno) => {
+                let mut buf = [0u8; 128];
+                match os_err_desc(errno, &mut buf) {
+                    Some(desc) => f.write_str(desc),
+                    None => write!(f, "OS Error: {}", errno),
+                }
+            }
+            Err((0, code)) => match internal_desc(code) {
+                Some(desc) => f.write_str(desc),
+                None => write!(f, "Internal Error: {}", code),
+            },
+            Err((block, code)) => write!(f, "Custom Error: block={}, code={}", block, code),
         }
     }
 }
 
 impl From<NonZeroU32> for Error {
     fn from(code: NonZeroU32) -> Self {
-        Error(code)
+        Self(code)
     }
 }
 
-impl From<&Error> for Error {
-    fn from(error: &Error) -> Self {
-        *error
+/// Internal Error constants
+pub(crate) const UNSUPPORTED: u16 = 0;
+pub(crate) const UNKNOWN_IO_ERROR: u16 = 1;
+pub(crate) const SEC_RANDOM_FAILED: u16 = 2;
+pub(crate) const RTL_GEN_RANDOM_FAILED: u16 = 3;
+pub(crate) const FAILED_RDRAND: u16 = 4;
+pub(crate) const NO_RDRAND: u16 = 5;
+pub(crate) const BINDGEN_CRYPTO_UNDEF: u16 = 6;
+pub(crate) const BINDGEN_GRV_UNDEF: u16 = 7;
+pub(crate) const STDWEB_NO_RNG: u16 = 8;
+pub(crate) const STDWEB_RNG_FAILED: u16 = 9;
+
+fn internal_desc(code: u16) -> Option<&'static str> {
+    match code {
+        UNSUPPORTED => Some("getrandom: this target is not supported"),
+        UNKNOWN_IO_ERROR => Some("Unknown std::io::Error"),
+        SEC_RANDOM_FAILED => Some("SecRandomCopyBytes: call failed"),
+        RTL_GEN_RANDOM_FAILED => Some("RtlGenRandom: call failed"),
+        FAILED_RDRAND => Some("RDRAND: failed multiple times: CPU issue likely"),
+        NO_RDRAND => Some("RDRAND: instruction not supported"),
+        BINDGEN_CRYPTO_UNDEF => Some("wasm-bindgen: self.crypto is undefined"),
+        BINDGEN_GRV_UNDEF => Some("wasm-bindgen: crypto.getRandomValues is undefined"),
+        STDWEB_NO_RNG => Some("stdweb: no randomness source available"),
+        STDWEB_RNG_FAILED => Some("stdweb: failed to get randomness"),
+        _ => None,
     }
 }
 

src/error_impls.rs

@@ -7,28 +7,26 @@
 // except according to those terms.
 extern crate std;
 
-use crate::error::Error;
+use crate::{error::UNKNOWN_IO_ERROR, Error};
 use core::convert::From;
-use core::num::NonZeroU32;
-use std::{error, io};
+use std::io;
 
 impl From<io::Error> for Error {
     fn from(err: io::Error) -> Self {
-        err.raw_os_error()
-            .and_then(|code| NonZeroU32::new(code as u32))
-            .map(|code| Error(code))
-            // in practice this should never happen
-            .unwrap_or(Error::UNKNOWN)
+        match err.raw_os_error() {
+            Some(errno) => Self::from_os_error(errno),
+            None => Self::internal(UNKNOWN_IO_ERROR),
+        }
     }
 }
 
 impl From<Error> for io::Error {
     fn from(err: Error) -> Self {
-        match err.msg() {
-            Some(msg) => io::Error::new(io::ErrorKind::Other, msg),
-            None => io::Error::from_raw_os_error(err.0.get() as i32),
+        match err.raw_os_error() {
+            Some(errno) => io::Error::from_raw_os_error(errno),
+            None => io::Error::new(io::ErrorKind::Other, err),
         }
     }
 }
 
-impl error::Error for Error {}
+impl std::error::Error for Error {}

src/freebsd.rs

@@ -9,7 +9,6 @@
 //! Implementation for FreeBSD
 use crate::util_libc::{sys_fill_exact, Weak};
 use crate::Error;
-use core::num::NonZeroU32;
 use core::{mem, ptr};
 
 type GetRandomFn = unsafe extern "C" fn(*mut u8, libc::size_t, libc::c_uint) -> libc::ssize_t;
@@ -44,8 +43,3 @@ pub fn getrandom_inner(dest: &mut [u8]) -> Result<(), Error> {
         sys_fill_exact(dest, kern_arnd)
     }
 }
-
-#[inline(always)]
-pub fn error_msg_inner(_: NonZeroU32) -> Option<&'static str> {
-    None
-}

src/fuchsia.rs

@@ -8,7 +8,6 @@
 
 //! Implementation for Fuchsia Zircon
 use crate::Error;
-use core::num::NonZeroU32;
 
 #[link(name = "zircon")]
 extern "C" {
@@ -19,8 +18,3 @@ pub fn getrandom_inner(dest: &mut [u8]) -> Result<(), Error> {
     unsafe { zx_cprng_draw(dest.as_mut_ptr(), dest.len()) }
     Ok(())
 }
-
-#[inline(always)]
-pub fn error_msg_inner(_: NonZeroU32) -> Option<&'static str> {
-    None
-}

src/ios.rs

@@ -7,10 +7,7 @@
 // except according to those terms.
 
 //! Implementation for iOS
-extern crate std;
-
-use crate::Error;
-use core::num::NonZeroU32;
+use crate::{error::SEC_RANDOM_FAILED, Error};
 
 // TODO: Make extern once extern_types feature is stabilized. See:
 //   https://github.com/rust-lang/rust/issues/43467
@@ -27,14 +24,8 @@ extern "C" {
 pub fn getrandom_inner(dest: &mut [u8]) -> Result<(), Error> {
     let ret = unsafe { SecRandomCopyBytes(kSecRandomDefault, dest.len(), dest.as_mut_ptr()) };
     if ret == -1 {
-        error!("SecRandomCopyBytes call failed");
-        Err(Error::UNKNOWN)
+        Err(Error::internal(SEC_RANDOM_FAILED))
     } else {
         Ok(())
     }
 }
-
-#[inline(always)]
-pub fn error_msg_inner(_: NonZeroU32) -> Option<&'static str> {
-    None
-}

src/lib.rs

@@ -79,25 +79,8 @@
 //! `getrandom`, hence after the first successful call one can be reasonably
 //! confident that no errors will occur.
 //!
-//! On unsupported platforms, `getrandom` always fails with [`Error::UNAVAILABLE`].
-//!
-//! ## Error codes
-//! The crate uses the following custom error codes:
-//! - `0x57f4c500` (dec: 1475659008) - an unknown error. Constant:
-//! [`Error::UNKNOWN`]
-//! - `0x57f4c501` (dec: 1475659009) - no generator is available. Constant:
-//! [`Error::UNAVAILABLE`]
-//! - `0x57f4c580` (dec: 1475659136) - `self.crypto` is undefined,
-//! `wasm-bindgen` specific error.
-//! - `0x57f4c581` (dec: 1475659137) - `crypto.getRandomValues` is undefined,
-//! `wasm-bindgen` specific error.
-//!
-//! These codes are provided for reference only and should not be matched upon
-//! (but you can match on `Error` constants). The codes may change in future and
-//! such change will not be considered a breaking one.
-//!
-//! Other error codes will originate from an underlying system. In case if such
-//! error is encountered, please consult with your system documentation.
+//! On unsupported platforms, `getrandom` always fails. See the [`Error`] type
+//! for more information on what data is returned on failure.
 //!
 //! [1]: http://man7.org/linux/man-pages/man2/getrandom.2.html
 //! [2]: http://man7.org/linux/man-pages/man4/urandom.4.html
@@ -197,7 +180,6 @@ mod error_impls;
     target_os = "solaris",
     target_os = "illumos",
 ))]
-#[allow(dead_code)]
 mod use_file;
 
 // System-specific implementations.