getrandom/
util.rs

1#![allow(dead_code)]
2use crate::Error;
3use core::{mem::MaybeUninit, ptr, slice};
4
5/// Polyfill for `maybe_uninit_slice` feature's
6/// `MaybeUninit::slice_assume_init_mut`. Every element of `slice` must have
7/// been initialized.
8#[inline(always)]
9pub unsafe fn slice_assume_init_mut<T>(slice: &mut [MaybeUninit<T>]) -> &mut [T] {
10    let ptr = ptr::from_mut(slice) as *mut [T];
11    // SAFETY: `MaybeUninit<T>` is guaranteed to be layout-compatible with `T`.
12    unsafe { &mut *ptr }
13}
14
15#[inline]
16pub fn uninit_slice_fill_zero(slice: &mut [MaybeUninit<u8>]) -> &mut [u8] {
17    unsafe { ptr::write_bytes(slice.as_mut_ptr(), 0, slice.len()) };
18    unsafe { slice_assume_init_mut(slice) }
19}
20
21#[inline(always)]
22pub fn slice_as_uninit<T>(slice: &[T]) -> &[MaybeUninit<T>] {
23    let ptr = ptr::from_ref(slice) as *const [MaybeUninit<T>];
24    // SAFETY: `MaybeUninit<T>` is guaranteed to be layout-compatible with `T`.
25    unsafe { &*ptr }
26}
27
28/// View an mutable initialized array as potentially-uninitialized.
29///
30/// This is unsafe because it allows assigning uninitialized values into
31/// `slice`, which would be undefined behavior.
32#[inline(always)]
33pub unsafe fn slice_as_uninit_mut<T>(slice: &mut [T]) -> &mut [MaybeUninit<T>] {
34    let ptr = ptr::from_mut(slice) as *mut [MaybeUninit<T>];
35    // SAFETY: `MaybeUninit<T>` is guaranteed to be layout-compatible with `T`.
36    unsafe { &mut *ptr }
37}
38
39/// Default implementation of `inner_u32` on top of `fill_uninit`
40#[inline]
41pub fn inner_u32() -> Result<u32, Error> {
42    let mut res = MaybeUninit::<u32>::uninit();
43    // SAFETY: the created slice has the same size as `res`
44    let dst = unsafe {
45        let p: *mut MaybeUninit<u8> = res.as_mut_ptr().cast();
46        slice::from_raw_parts_mut(p, core::mem::size_of::<u32>())
47    };
48    crate::fill_uninit(dst)?;
49    // SAFETY: `dst` has been fully initialized by `imp::fill_inner`
50    // since it returned `Ok`.
51    Ok(unsafe { res.assume_init() })
52}
53
54/// Default implementation of `inner_u64` on top of `fill_uninit`
55#[inline]
56pub fn inner_u64() -> Result<u64, Error> {
57    let mut res = MaybeUninit::<u64>::uninit();
58    // SAFETY: the created slice has the same size as `res`
59    let dst = unsafe {
60        let p: *mut MaybeUninit<u8> = res.as_mut_ptr().cast();
61        slice::from_raw_parts_mut(p, core::mem::size_of::<u64>())
62    };
63    crate::fill_uninit(dst)?;
64    // SAFETY: `dst` has been fully initialized by `imp::fill_inner`
65    // since it returned `Ok`.
66    Ok(unsafe { res.assume_init() })
67}
68
69/// Truncates `u64` and returns the lower 32 bits as `u32`
70pub(crate) fn truncate(val: u64) -> u32 {
71    u32::try_from(val & u64::from(u32::MAX)).expect("The higher 32 bits are masked")
72}
getrandom/util.rs

getrandom/
util.rs
