New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
macos: Cleanup SecRandom type #28
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I wasn't aware of this. I found the section on Handling Zero-Sized Types in the nomicon, but it only talks about issues with allocation and iterators — we don't appear to do either here.
What our version of OpaquePointer
is missing is alignment info, though given that we only ever construct the address 0
it shouldn't matter.
Also, I guess usize
is always the same as libc::size_t
but can we actually rely on that?
IIUC this is one of the use-cases for extern types (currently unstable) and uninhabited types is a common workaround, which I've seen in several places. I am not sure if this PR is correct, citing the
|
Right now `SecRandom` is an uninhabited type. However, opaque pointers are not supposed to be pointers to uninhabited types or ZSTs. This issue was solved in `core` by introducing `core::ffi:c_void` that just does all the right things. This PR: - Changes `SecRandom` to be a `transparent` wrapper around `c_void`. - Links `kSecRandomDefault` instead of defining it ourself. - Should not change any behavior on macos.
src/macos.rs
Outdated
@@ -11,29 +11,23 @@ extern crate std; | |||
|
|||
use crate::Error; | |||
use std::io; | |||
use core::ffi::c_void; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You don't need this import anymore.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed
Whoops, missed that. Fixed to do what the nomicon says (use a private ZST field) and link to the Github issue on
So this assumption is built deep into how Rust interfaces with C libraries. If a platform is supportted by |
Right now
SecRandom
is an uninhabited type. However, opaque pointersare not supposed to be pointers to uninhabited types or ZSTs. This
issue was solved in
core
by introducingcore::ffi:c_void
that justdoes all the right things.
This PR:
SecRandom
to be atransparent
wrapper aroundc_void
.kSecRandomDefault
instead of defining it ourself.