Add hermit support

We can just use secure_rand64, which should allow us to avoid aarch64
issues.

Note we have to build all of libstd to test this, see
  hermit-os/hermit-rs#103
for more information.

Signed-off-by: Joe Richey <[email protected]>

Author: josephlr

.github/workflows/tests.yml

@@ -293,12 +293,13 @@ jobs:
           override: true
       - name: UEFI (RDRAND)
         run: cargo build -Z build-std=core --features=rdrand --target=x86_64-unknown-uefi
-      - name: Hermit (RDRAND)
-        run: cargo build -Z build-std=core --features=rdrand --target=x86_64-unknown-hermit
       - name: L4Re (RDRAND)
         run: cargo build -Z build-std=core --features=rdrand --target=x86_64-unknown-l4re-uclibc
       - name: VxWorks
         run: cargo build -Z build-std=core --target=x86_64-wrs-vxworks
+      # Switch to build-std=core when https://github.com/hermitcore/rusty-hermit/pull/103 is fixed.
+      - name: Hermit
+        run: cargo build -Z build-std --target=x86_64-unknown-hermit
 
   clippy-fmt:
     name: Clippy + rustfmt

Cargo.toml

@@ -23,6 +23,9 @@ libc = { version = "0.2.64", default-features = false }
 [target.'cfg(target_os = "wasi")'.dependencies]
 wasi = "0.10"
 
+[target.'cfg(target_os = "hermit")'.dependencies]
+hermit-abi = "0.1.17"
+
 [target.'cfg(all(target_arch = "wasm32", target_os = "unknown"))'.dependencies]
 wasm-bindgen = { version = "0.2.62", default-features = false, optional = true }
 js-sys = { version = "0.3", optional = true }

src/error.rs

@@ -53,6 +53,8 @@ impl Error {
     pub const NODE_CRYPTO: Error = internal_error(12);
     /// NodeJS does not have support for `crypto.randomFillSync`.
     pub const NODE_RANDOM_FILL_SYNC: Error = internal_error(13);
+    /// RustyHermit target is missing required RNG hardware.
+    pub const HERMIT_HARDWARE_UNAVAILABLE: Error = internal_error(14);
 
     /// Codes below this point represent OS Errors (i.e. positive i32 values).
     /// Codes at or above this point, but below [`Error::CUSTOM_START`] are

src/hermit.rs

@@ -0,0 +1,24 @@
+//! Implementation for Hermit uses `secure_rand64` instead of `rand` so that we
+//! fail instead of returning insecure random numbers.
+use crate::Error;
+use hermit_abi::secure_rand64;
+
+fn secure_bytes() -> Result<[u8; 8], Error> {
+    // SAFETY: This function shouldn't actually be unsafe
+    match unsafe { secure_rand64() } {
+        Some(v) => Ok(v.to_ne_bytes()),
+        None => Err(Error::HERMIT_HARDWARE_UNAVAILABLE),
+    }
+}
+
+pub fn getrandom_inner(dest: &mut [u8]) -> Result<(), Error> {
+    let mut chunks = dest.chunks_exact_mut(8);
+    for chunk in chunks.by_ref() {
+        chunk.copy_from_slice(&secure_bytes()?);
+    }
+    let rem = chunks.into_remainder();
+    if !rem.is_empty() {
+        rem.copy_from_slice(&secure_bytes()?[..rem.len()]);
+    }
+    Ok(())
+}

src/lib.rs

@@ -196,6 +196,8 @@ cfg_if! {
     } else if #[cfg(target_os = "vxworks")] {
         mod util_libc;
         #[path = "vxworks.rs"] mod imp;
+    } else if #[cfg(target_os = "hermit")] {
+        #[path = "hermit.rs"] mod imp;
     } else if #[cfg(windows)] {
         #[path = "windows.rs"] mod imp;
     } else if #[cfg(all(target_arch = "x86_64", target_env = "sgx"))] {

src/rdrand.rs

@@ -83,15 +83,13 @@ pub fn getrandom_inner(dest: &mut [u8]) -> Result<(), Error> {
 unsafe fn rdrand_exact(dest: &mut [u8]) -> Result<(), Error> {
     // We use chunks_exact_mut instead of chunks_mut as it allows almost all
     // calls to memcpy to be elided by the compiler.
-    let mut chunks = dest.chunks_exact_mut(WORD_SIZE);
+    let mut chunks = dest.chunks_exact_mut(8);
     for chunk in chunks.by_ref() {
         chunk.copy_from_slice(&rdrand()?);
     }
-
-    let tail = chunks.into_remainder();
-    let n = tail.len();
-    if n > 0 {
-        tail.copy_from_slice(&rdrand()?[..n]);
+    let rem = chunks.into_remainder();
+    if !rem.is_empty() {
+        rem.copy_from_slice(&rdrand()?[..rem.len()]);
     }
     Ok(())
 }