Add a comment explaining why SecRandomCopyBytes is not used on MacOS

ebarnard · ebarnard · commit f1da89a66705 · 2019-04-16T13:58:44.000+01:00
diff --git a/src/libstd/sys/unix/rand.rs b/src/libstd/sys/unix/rand.rs
@@ -99,6 +99,13 @@ mod imp {
     }
 }
 
+// On iOS and MacOS `SecRandomCopyBytes` calls `CCRandomCopyBytes` with
+// `kCCRandomDefault`. `CCRandomCopyBytes` manages a CSPRNG which is seeded
+// from `/dev/random` and which runs on its own thread accessed via GCD.
+// This seems needlessly heavyweight for the purposes of generating two u64s
+// once per thread in `hashmap_random_keys`. Therefore `SecRandomCopyBytes` is
+// only used on iOS where direct access to `/dev/urandom` is blocked by the
+// sandbox.
 #[cfg(target_os = "ios")]
 mod imp {
     use crate::io;

Original file line number	Diff line number	Diff line change
`@@ -99,6 +99,13 @@ mod imp {`
`99`	`99`	`}`
`100`	`100`	`}`
`101`	`101`
	`102`	+// On iOS and MacOS `SecRandomCopyBytes` calls `CCRandomCopyBytes` with
	`103`	+// `kCCRandomDefault`. `CCRandomCopyBytes` manages a CSPRNG which is seeded
	`104`	+// from `/dev/random` and which runs on its own thread accessed via GCD.
	`105`	`+// This seems needlessly heavyweight for the purposes of generating two u64s`
	`106`	+// once per thread in `hashmap_random_keys`. Therefore `SecRandomCopyBytes` is
	`107`	+// only used on iOS where direct access to `/dev/urandom` is blocked by the
	`108`	`+// sandbox.`
`102`	`109`	`#[cfg(target_os = "ios")]`
`103`	`110`	`mod imp {`
`104`	`111`	`use crate::io;`