From f1da89a66705a34936a6dbfcd617d8adc76fefd0 Mon Sep 17 00:00:00 2001
From: Ed Barnard <eabarnard@gmail.com>
Date: Thu, 11 Apr 2019 13:47:27 +0100
Subject: [PATCH] Add a comment explaining why SecRandomCopyBytes is not used
 on MacOS

---
 src/libstd/sys/unix/rand.rs | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/libstd/sys/unix/rand.rs b/src/libstd/sys/unix/rand.rs
index 122f22b37a26b..77f1439e17b10 100644
--- a/src/libstd/sys/unix/rand.rs
+++ b/src/libstd/sys/unix/rand.rs
@@ -99,6 +99,13 @@ mod imp {
     }
 }
 
+// On iOS and MacOS `SecRandomCopyBytes` calls `CCRandomCopyBytes` with
+// `kCCRandomDefault`. `CCRandomCopyBytes` manages a CSPRNG which is seeded
+// from `/dev/random` and which runs on its own thread accessed via GCD.
+// This seems needlessly heavyweight for the purposes of generating two u64s
+// once per thread in `hashmap_random_keys`. Therefore `SecRandomCopyBytes` is
+// only used on iOS where direct access to `/dev/urandom` is blocked by the
+// sandbox.
 #[cfg(target_os = "ios")]
 mod imp {
     use crate::io;