wasi-runtime/runtime.js

@@ -210,6 +210,8 @@ class Wasi {
             // clock_res_get + clock_time_get touch this.instance.exports
             // .memory; the old stubs were no-ops and didn't need binding.
             "clock_res_get", "clock_time_get",
+            // random_get now writes into this.instance.exports.memory too.
+            "random_get",
         ];
         for (const name of m) this[name] = this[name].bind(this);
     }
@@ -756,7 +758,25 @@ class Wasi {
     path_filestat_set_times() { return 0; }
     poll_oneoff() { return 0; }
     sched_yield() { return 0; }
-    random_get() { return 0; }
+    // WASI random_get(buf, buf_len): fill buf_len bytes at *buf with
+    // high-quality randomness. The old stub returned success without
+    // writing anything, so the destination kept its prior contents (zero
+    // in practice) — every std::random_device user got all-zero
+    // "randomness". That collided WebRTC peer ids across tabs in 3DForts
+    // (Catcrafts/3DForts#50). Back it with crypto.getRandomValues, which
+    // is a CSPRNG. crypto.getRandomValues rejects views longer than 65536
+    // bytes, so chunk for buffers above that bound.
+    random_get(ptr, len) {
+        const MAX = 65536; // QuotaExceededError above this per the WebCrypto spec
+        for (let off = 0; off < len; off += MAX) {
+            const chunk = Math.min(MAX, len - off);
+            // Re-view per chunk: the buffer can detach/grow between calls,
+            // and a fresh view also keeps each slice within the 65536 cap.
+            const view = new Uint8Array(this.instance.exports.memory.buffer, ptr + off, chunk);
+            crypto.getRandomValues(view);
+        }
+        return 0;
+    }
     sock_accept() { return 0; }
     sock_recv() { return 0; }
     sock_send() { return 0; }