feat(random): make get-random-bytes fallible

proposals/cli/wit-0.3.0-draft/deps.lock

@@ -5,15 +5,15 @@ sha512 = "f08a2828b88fc6ddea935af584531c484ad4a7a5f30340265e11e91b2bfe0f81e74a66
 
 [filesystem]
 path = "../../filesystem/wit-0.3.0-draft"
-sha256 = "184861e98785957311bfaab242cdf9e66a9ecca11fe2c493b840c461b2361088"
-sha512 = "50fa8801fc0a2c1ecfa3cea52af57836f98a12bb0a264439c13bbdcc0e269b3b37ade38b903d6ce10594d1f585d02ef993f3f769c4cddeebdfc00bf93734ed25"
+sha256 = "8808ea3adfbc1a025d649b82ddf4f38232ca4377100cfe671d80d5ee37fa3147"
+sha512 = "19f4eb8fa62e96ba37b3ea231af6a3bc396c28f82935018a3322441321936b34fb0e44360b378145fcb681d9fea810745969d8baab02ae6017be1784be8abe45"
 
 [random]
 path = "../../random/wit-0.3.0-draft"
-sha256 = "5794796c909d6656fcbae6bed28265210ca57308a624119ac0a472326a75aa8f"
-sha512 = "812ce57aa13ff3128779d41f4dad50714365e4f9cfd2e1b13458a885fa65da05e409f145deefa25c4a82e0e301a41e2e6572705b35752dc33908d565a73a2e9c"
+sha256 = "e51ca727c7bbc0f5b6d7e52bb68d5d838a1c8f3d3ae683cf1c0f247b91b0633f"
+sha512 = "77791400acebdea60c35a3ca455ad73bc64584840a42fb2365bcfee6cff835fb14fb625145cdbde6cb7a153c841b479393dde8aa0f21bc7bab7046aca541aefb"
 
 [sockets]
 path = "../../sockets/wit-0.3.0-draft"
-sha256 = "985821e86f2643d90b7a100420a44a5a60a6838adcf76fdb90a66255e3926dde"
-sha512 = "9ba1e9456c0dc02800ba738acd382a4113103bed72127396546c5f0ad3d38dd5c8e077443bd508b15f86f6095706907e9cb258cccab37c273b4c597a238987e7"
+sha256 = "0be70fab90ec1d62e620f37f8fc55397222ceb68ca8387eb0503df7173782634"
+sha512 = "997e336258dd3d8d1bf1b27463e77d1dc2160eb13fff899c93b446973f5efbc59448a23279b60568679c08e006a20cc88769ec74d6d30baa4e7a17df0bdb2c30"

proposals/http/wit-0.3.0-draft/deps.lock

@@ -10,13 +10,13 @@ sha256 = "888647625fec3eaaf276cb884e426bc32bfa79ced22955f10eb239df74c8550c"
 sha512 = "f08a2828b88fc6ddea935af584531c484ad4a7a5f30340265e11e91b2bfe0f81e74a660a512f72e5197d60278feccc00534833ebd73868e801859dd31a61bdbb"
 
 [filesystem]
-sha256 = "184861e98785957311bfaab242cdf9e66a9ecca11fe2c493b840c461b2361088"
-sha512 = "50fa8801fc0a2c1ecfa3cea52af57836f98a12bb0a264439c13bbdcc0e269b3b37ade38b903d6ce10594d1f585d02ef993f3f769c4cddeebdfc00bf93734ed25"
+sha256 = "8808ea3adfbc1a025d649b82ddf4f38232ca4377100cfe671d80d5ee37fa3147"
+sha512 = "19f4eb8fa62e96ba37b3ea231af6a3bc396c28f82935018a3322441321936b34fb0e44360b378145fcb681d9fea810745969d8baab02ae6017be1784be8abe45"
 
 [random]
-sha256 = "5794796c909d6656fcbae6bed28265210ca57308a624119ac0a472326a75aa8f"
-sha512 = "812ce57aa13ff3128779d41f4dad50714365e4f9cfd2e1b13458a885fa65da05e409f145deefa25c4a82e0e301a41e2e6572705b35752dc33908d565a73a2e9c"
+sha256 = "329785794587f27cc531d19e23fe872237f052d7d839b29ae2288db5ae9f0533"
+sha512 = "691a26b30ce4fdfce070d0a9ccfe8b4f998b8dca6f58a7e22298457a8e0d05eba2f5fd38aa19879cc25bcc5f73a99358b33ae2690dde4e1dfea80fc841b1d69b"
 
 [sockets]
-sha256 = "985821e86f2643d90b7a100420a44a5a60a6838adcf76fdb90a66255e3926dde"
-sha512 = "9ba1e9456c0dc02800ba738acd382a4113103bed72127396546c5f0ad3d38dd5c8e077443bd508b15f86f6095706907e9cb258cccab37c273b4c597a238987e7"
+sha256 = "0be70fab90ec1d62e620f37f8fc55397222ceb68ca8387eb0503df7173782634"
+sha512 = "997e336258dd3d8d1bf1b27463e77d1dc2160eb13fff899c93b446973f5efbc59448a23279b60568679c08e006a20cc88769ec74d6d30baa4e7a17df0bdb2c30"

proposals/random/README.md

@@ -50,9 +50,12 @@ The primary goals of WASI Random are:
 
 ### Non-goals
 
-WASI Random is not aiming to allow programs to handle errors or to query for
+In WASIp2, WASI Random does not allow programs to handle errors or to query for
 availability. It always succeeds (though on platforms where randomness is
-unavailable, programs may fail to be instantiated or may trap).
+unavailable, programs may fail to be instantiated or may trap). In WASIp3,
+`get-random-bytes` and `get-insecure-random-bytes` return `result` types so that
+hosts can reject oversized requests gracefully (see
+[Resource exhaustion](#resource-exhaustion) below).
 
 WASI Random is not aiming to be a full DRBG API. Such an API could be
 considered in WASI, but it should be a separate proposal.
@@ -171,6 +174,27 @@ their bits of security, and it doesn't seem desirable to require wasm engines to
 run their own CSPRNG on a platform which already has one, so for now, the API
 does not specify a specific number.
 
+### Resource exhaustion
+
+In WASIp2, `get-random-bytes` and `get-insecure-random-bytes` accept a `u64`
+length and return `list<u8>` with no way to signal failure. A guest can request
+up to 2^64-1 bytes, forcing hosts to either allocate unbounded memory or
+hard-trap. This was reported as [GHSA-852m-cvvp-9p4w].
+
+WASIp3 addresses this by changing both functions to return
+`result<list<u8>, error>` where `error` is a variant with a `too-many-bytes`
+case and an `other(option<string>)` catch-all. This allows hosts to reject
+oversized requests gracefully instead of trapping. Callers that need more bytes
+than the host supports can simply retry in smaller chunks.
+
+The `error` variant is defined once in the `random` interface and reused by
+`insecure` via `use random.{error}`, keeping the error type consistent.
+
+The `get-random-u64` and `get-insecure-random-u64` functions are unchanged since
+they always return exactly 8 bytes, posing no resource exhaustion risk.
+
+[GHSA-852m-cvvp-9p4w]: https://github.com/WebAssembly/WASI/security/advisories/GHSA-852m-cvvp-9p4w
+
 ### Why is insecure-random a fixed-sized return value?
 
 This limits the amount of data that can be obtained through it. Since it's

proposals/random/wit-0.3.0-draft/insecure.wit

@@ -5,6 +5,9 @@ package wasi:random@0.3.0-rc-2026-02-09;
 /// Windows.
 @since(version = 0.3.0-rc-2026-02-09)
 interface insecure {
+    @since(version = 0.3.0-rc-2026-02-09)
+    use random.{error};
+
     /// Return `len` insecure pseudo-random bytes.
     ///
     /// This function is not cryptographically secure. Do not use it for
@@ -13,8 +16,13 @@ interface insecure {
     /// There are no requirements on the values of the returned bytes, however
     /// implementations are encouraged to return evenly distributed values with
     /// a long period.
+    ///
+    /// # Errors
+    ///
+    /// Returns `error::too-many-bytes` if `len` exceeds the host's supported
+    /// limit.
     @since(version = 0.3.0-rc-2026-02-09)
-    get-insecure-random-bytes: func(len: u64) -> list<u8>;
+    get-insecure-random-bytes: func(len: u64) -> result<list<u8>, error>;
 
     /// Return an insecure pseudo-random `u64` value.
     ///

proposals/random/wit-0.3.0-draft/random.wit

@@ -5,6 +5,20 @@ package wasi:random@0.3.0-rc-2026-02-09;
 /// Windows.
 @since(version = 0.3.0-rc-2026-02-09)
 interface random {
+    /// An error type for random byte generation.
+    @since(version = 0.3.0-rc-2026-02-09)
+    variant error {
+        /// The requested number of bytes exceeds the host's supported limit.
+        too-many-bytes,
+
+        /// A catch-all error for anything that doesn't fit into a more
+        /// specific case. The optional string provides an unstructured
+        /// description of the error. Users should not depend on the string
+        /// for diagnosing errors, as it is not required to be consistent
+        /// between implementations.
+        other(option<string>),
+    }
+
     /// Return `len` cryptographically-secure random or pseudo-random bytes.
     ///
     /// This function must produce data at least as cryptographically secure and
@@ -17,8 +31,13 @@ interface random {
     /// This function must always return fresh data. Deterministic environments
     /// must omit this function, rather than implementing it with deterministic
     /// data.
+    ///
+    /// # Errors
+    ///
+    /// Returns `error::too-many-bytes` if `len` exceeds the host's supported
+    /// limit.
     @since(version = 0.3.0-rc-2026-02-09)
-    get-random-bytes: func(len: u64) -> list<u8>;
+    get-random-bytes: func(len: u64) -> result<list<u8>, error>;
 
     /// Return a cryptographically-secure random or pseudo-random `u64` value.
     ///