Add "insecure" functions

newpavlov · newpavlov · commit 6438bccd76a0 · 2024-11-27T16:45:22.000+03:00
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -33,7 +33,8 @@ jobs:
       - run: cargo test --no-run --target=aarch64-apple-watchos -Zbuild-std --features=std
       # visionOS requires Xcode 15.2+, GitHub Actions defaults to an older version.
       - run: sudo xcode-select -switch /Applications/Xcode_15.2.app
-      - run: cargo test --no-run --target=aarch64-apple-visionos -Zbuild-std --features=std
+      # std is broken on visionOS right now
+      #- run: cargo test --no-run --target=aarch64-apple-visionos -Zbuild-std --features=std
 
   cross:
     name: Cross
diff --git a/src/backends/apple_other.rs b/src/backends/apple_other.rs
@@ -2,9 +2,9 @@
 use crate::Error;
 use core::{ffi::c_void, mem::MaybeUninit};
 
-pub use crate::util::{inner_u32, inner_u64};
+pub use crate::default_impls::{insecure_fill_uninit, insecure_u32, insecure_u64, u32, u64};
 
-pub fn fill_inner(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
+pub fn fill_uninit(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
     let dst_ptr = dest.as_mut_ptr().cast::<c_void>();
     let ret = unsafe { libc::CCRandomGenerateBytes(dst_ptr, dest.len()) };
     if ret == libc::kCCSuccess {
diff --git a/src/backends/custom.rs b/src/backends/custom.rs
@@ -2,9 +2,9 @@
 use crate::Error;
 use core::mem::MaybeUninit;
 
-pub use crate::util::{inner_u32, inner_u64};
+pub use crate::default_impls::{insecure_fill_uninit, insecure_u32, insecure_u64, u32, u64};
 
-pub fn fill_inner(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
+pub fn fill_uninit(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
     extern "Rust" {
         fn __getrandom_v03_custom(dest: *mut u8, len: usize) -> Result<(), Error>;
     }
diff --git a/src/backends/esp_idf.rs b/src/backends/esp_idf.rs
@@ -1,23 +1,36 @@
-//! Implementation for ESP-IDF
+//! Implementation for ESP-IDF.
+//!
+//! Not that NOT enabling WiFi, BT, or the voltage noise entropy source
+//! (via `bootloader_random_enable`) will cause ESP-IDF to return pseudo-random numbers based on
+//! the voltage noise entropy, after the initial boot process:
+//! https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/random.html
+//!
+//! However tracking if some of these entropy sources is enabled is way too difficult
+//! to implement here.
 use crate::Error;
 use core::{ffi::c_void, mem::MaybeUninit};
 
-pub use crate::util::{inner_u32, inner_u64};
+pub use crate::default_impls::{insecure_fill_uninit, insecure_u32, insecure_u64};
 
 #[cfg(not(target_os = "espidf"))]
 compile_error!("`esp_idf` backend can be enabled only for ESP-IDF targets!");
 
 extern "C" {
-    fn esp_fill_random(buf: *mut c_void, len: usize) -> u32;
+    fn esp_random() -> u32;
+    fn esp_fill_random(buf: *mut c_void, len: usize);
 }
 
-pub fn fill_inner(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
-    // Not that NOT enabling WiFi, BT, or the voltage noise entropy source (via `bootloader_random_enable`)
-    // will cause ESP-IDF to return pseudo-random numbers based on the voltage noise entropy, after the initial boot process:
-    // https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/random.html
-    //
-    // However tracking if some of these entropy sources is enabled is way too difficult to implement here
-    unsafe { esp_fill_random(dest.as_mut_ptr().cast(), dest.len()) };
+pub fn u32() -> Result<u32, Error> {
+    Ok(unsafe { esp_random() })
+}
 
+pub fn u64() -> Result<u64, Error> {
+    let (a, b) = unsafe { (esp_random(), esp_random()) };
+    let res = (u64::from(a) << 32) | u64::from(b);
+    Ok(res)
+}
+
+pub fn fill_uninit(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
+    unsafe { esp_fill_random(dest.as_mut_ptr().cast(), dest.len()) };
     Ok(())
 }
diff --git a/src/backends/fuchsia.rs b/src/backends/fuchsia.rs
@@ -2,14 +2,14 @@
 use crate::Error;
 use core::mem::MaybeUninit;
 
-pub use crate::util::{inner_u32, inner_u64};
+pub use crate::default_impls::{insecure_fill_uninit, insecure_u32, insecure_u64, u32, u64};
 
 #[link(name = "zircon")]
 extern "C" {
     fn zx_cprng_draw(buffer: *mut u8, length: usize);
 }
 
-pub fn fill_inner(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
+pub fn fill_uninit(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
     unsafe { zx_cprng_draw(dest.as_mut_ptr().cast::<u8>(), dest.len()) }
     Ok(())
 }
diff --git a/src/backends/getentropy.rs b/src/backends/getentropy.rs
@@ -10,12 +10,12 @@
 use crate::Error;
 use core::{ffi::c_void, mem::MaybeUninit};
 
-pub use crate::util::{inner_u32, inner_u64};
+pub use crate::default_impls::{insecure_fill_uninit, insecure_u32, insecure_u64, u32, u64};
 
 #[path = "../util_libc.rs"]
 mod util_libc;
 
-pub fn fill_inner(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
+pub fn fill_uninit(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
     for chunk in dest.chunks_mut(256) {
         let ret = unsafe { libc::getentropy(chunk.as_mut_ptr().cast::<c_void>(), chunk.len()) };
         if ret != 0 {
diff --git a/src/backends/getrandom.rs b/src/backends/getrandom.rs
@@ -18,12 +18,12 @@
 use crate::Error;
 use core::{ffi::c_void, mem::MaybeUninit};
 
-pub use crate::util::{inner_u32, inner_u64};
+pub use crate::default_impls::{insecure_fill_uninit, insecure_u32, insecure_u64, u32, u64};
 
 #[path = "../util_libc.rs"]
 mod util_libc;
 
-pub fn fill_inner(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
+pub fn fill_uninit(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
     util_libc::sys_fill_exact(dest, |buf| unsafe {
         libc::getrandom(buf.as_mut_ptr().cast::<c_void>(), buf.len(), 0)
     })
diff --git a/src/backends/hermit.rs b/src/backends/hermit.rs
@@ -2,6 +2,8 @@
 use crate::Error;
 use core::mem::MaybeUninit;
 
+pub use crate::default_impls::{insecure_fill_uninit, insecure_u32, insecure_u64};
+
 extern "C" {
     fn sys_read_entropy(buffer: *mut u8, length: usize, flags: u32) -> isize;
     // Note that `sys_secure_rand32/64` are implemented using `sys_read_entropy`:
@@ -12,7 +14,7 @@ extern "C" {
     fn sys_secure_rand64(value: *mut u64) -> i32;
 }
 
-pub fn inner_u32() -> Result<u32, Error> {
+pub fn u32() -> Result<u32, Error> {
     let mut res = MaybeUninit::uninit();
     let ret = unsafe { sys_secure_rand32(res.as_mut_ptr()) };
     match ret {
@@ -22,7 +24,7 @@ pub fn inner_u32() -> Result<u32, Error> {
     }
 }
 
-pub fn inner_u64() -> Result<u64, Error> {
+pub fn u64() -> Result<u64, Error> {
     let mut res = MaybeUninit::uninit();
     let ret = unsafe { sys_secure_rand64(res.as_mut_ptr()) };
     match ret {
@@ -32,7 +34,7 @@ pub fn inner_u64() -> Result<u64, Error> {
     }
 }
 
-pub fn fill_inner(mut dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
+pub fn fill_uninit(mut dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
     while !dest.is_empty() {
         let res = unsafe { sys_read_entropy(dest.as_mut_ptr().cast::<u8>(), dest.len(), 0) };
         match res {
diff --git a/src/backends/linux_android.rs b/src/backends/linux_android.rs
@@ -2,15 +2,15 @@
 use crate::Error;
 use core::mem::MaybeUninit;
 
-pub use crate::util::{inner_u32, inner_u64};
+pub use crate::default_impls::{insecure_fill_uninit, insecure_u32, insecure_u64, u32, u64};
 
 #[path = "../util_libc.rs"]
 mod util_libc;
 
 #[cfg(not(any(target_os = "android", target_os = "linux")))]
 compile_error!("`linux_getrandom` backend can be enabled only for Linux/Android targets!");
 
-pub fn fill_inner(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
+pub fn fill_uninit(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
     util_libc::sys_fill_exact(dest, |buf| unsafe {
         libc::getrandom(buf.as_mut_ptr().cast(), buf.len(), 0)
     })
diff --git a/src/backends/linux_android_with_fallback.rs b/src/backends/linux_android_with_fallback.rs
@@ -9,7 +9,7 @@ use core::{
 };
 use use_file::util_libc;
 
-pub use crate::util::{inner_u32, inner_u64};
+pub use crate::default_impls::{insecure_fill_uninit, insecure_u32, insecure_u64, u32, u64};
 
 type GetRandomFn = unsafe extern "C" fn(*mut c_void, libc::size_t, libc::c_uint) -> libc::ssize_t;
 
@@ -56,10 +56,10 @@ fn init() -> NonNull<c_void> {
 // prevent inlining of the fallback implementation
 #[inline(never)]
 fn use_file_fallback(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
-    use_file::fill_inner(dest)
+    use_file::fill_uninit(dest)
 }
 
-pub fn fill_inner(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
+pub fn fill_uninit(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
     // Despite being only a single atomic variable, we still cannot always use
     // Ordering::Relaxed, as we need to make sure a successful call to `init`
     // is "ordered before" any data read through the returned pointer (which
diff --git a/src/backends/linux_rustix.rs b/src/backends/linux_rustix.rs
@@ -2,12 +2,12 @@
 use crate::{Error, MaybeUninit};
 use rustix::rand::{getrandom_uninit, GetRandomFlags};
 
-pub use crate::util::{inner_u32, inner_u64};
+pub use crate::default_impls::{insecure_fill_uninit, insecure_u32, insecure_u64, u32, u64};
 
 #[cfg(not(any(target_os = "android", target_os = "linux")))]
 compile_error!("`linux_rustix` backend can be enabled only for Linux/Android targets!");
 
-pub fn fill_inner(mut dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
+pub fn fill_uninit(mut dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
     loop {
         let res = getrandom_uninit(dest, GetRandomFlags::empty()).map(|(res, _)| res.len());
         match res {
diff --git a/src/backends/netbsd.rs b/src/backends/netbsd.rs
@@ -12,7 +12,7 @@ use core::{
     sync::atomic::{AtomicPtr, Ordering},
 };
 
-pub use crate::util::{inner_u32, inner_u64};
+pub use crate::default_impls::{insecure_fill_uninit, insecure_u32, insecure_u64, u32, u64};
 
 #[path = "../util_libc.rs"]
 mod util_libc;
@@ -62,7 +62,7 @@ fn init() -> *mut c_void {
     ptr
 }
 
-pub fn fill_inner(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
+pub fn fill_uninit(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
     // Despite being only a single atomic variable, we still cannot always use
     // Ordering::Relaxed, as we need to make sure a successful call to `init`
     // is "ordered before" any data read through the returned pointer (which
diff --git a/src/backends/rdrand.rs b/src/backends/rdrand.rs
@@ -2,6 +2,8 @@
 use crate::{util::slice_as_uninit, Error};
 use core::mem::{size_of, MaybeUninit};
 
+pub use crate::default_impls::{insecure_fill_uninit, insecure_u32, insecure_u64};
+
 #[path = "../lazy.rs"]
 mod lazy;
 
@@ -147,23 +149,23 @@ unsafe fn rdrand_u64() -> Option<u64> {
     Some((u64::from(a) << 32) || u64::from(b))
 }
 
-pub fn inner_u32() -> Result<u32, Error> {
+pub fn u32() -> Result<u32, Error> {
     if !RDRAND_GOOD.unsync_init(is_rdrand_good) {
         return Err(Error::NO_RDRAND);
     }
     // SAFETY: After this point, we know rdrand is supported.
     unsafe { rdrand_u32() }.ok_or(Error::FAILED_RDRAND)
 }
 
-pub fn inner_u64() -> Result<u64, Error> {
+pub fn u64() -> Result<u64, Error> {
     if !RDRAND_GOOD.unsync_init(is_rdrand_good) {
         return Err(Error::NO_RDRAND);
     }
     // SAFETY: After this point, we know rdrand is supported.
     unsafe { rdrand_u64() }.ok_or(Error::FAILED_RDRAND)
 }
 
-pub fn fill_inner(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
+pub fn fill_uninit(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
     if !RDRAND_GOOD.unsync_init(is_rdrand_good) {
         return Err(Error::NO_RDRAND);
     }
diff --git a/src/backends/rndr.rs b/src/backends/rndr.rs
@@ -9,6 +9,8 @@ use crate::{
 use core::arch::asm;
 use core::mem::{size_of, MaybeUninit};
 
+pub use crate::default_impls::{insecure_fill_uninit, insecure_u32, insecure_u64};
+
 #[cfg(not(target_arch = "aarch64"))]
 compile_error!("the `rndr` backend can be enabled only for AArch64 targets!");
 
@@ -104,7 +106,7 @@ fn is_rndr_available() -> bool {
     }
 }
 
-pub fn inner_u32() -> Result<u32, Error> {
+pub fn u32() -> Result<u32, Error> {
     if is_rndr_available() {
         // SAFETY: after this point, we know the `rand` target feature is enabled
         let res = unsafe { rndr() };
@@ -114,7 +116,7 @@ pub fn inner_u32() -> Result<u32, Error> {
     }
 }
 
-pub fn inner_u64() -> Result<u64, Error> {
+pub fn u64() -> Result<u64, Error> {
     if is_rndr_available() {
         // SAFETY: after this point, we know the `rand` target feature is enabled
         let res = unsafe { rndr() };
@@ -124,7 +126,7 @@ pub fn inner_u64() -> Result<u64, Error> {
     }
 }
 
-pub fn fill_inner(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
+pub fn fill_uninit(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
     if is_rndr_available() {
         // SAFETY: after this point, we know the `rand` target feature is enabled
         unsafe { rndr_fill(dest).ok_or(Error::RNDR_FAILURE) }
diff --git a/src/backends/solaris.rs b/src/backends/solaris.rs
@@ -15,14 +15,14 @@
 use crate::Error;
 use core::{ffi::c_void, mem::MaybeUninit};
 
-pub use crate::util::{inner_u32, inner_u64};
+pub use crate::default_impls::{insecure_fill_uninit, insecure_u32, insecure_u64, u32, u64};
 
 #[path = "../util_libc.rs"]
 mod util_libc;
 
 const MAX_BYTES: usize = 1024;
 
-pub fn fill_inner(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
+pub fn fill_uninit(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
     for chunk in dest.chunks_mut(MAX_BYTES) {
         let ptr = chunk.as_mut_ptr().cast::<c_void>();
         let ret = unsafe { libc::getrandom(ptr, chunk.len(), libc::GRND_RANDOM) };
diff --git a/src/backends/solid.rs b/src/backends/solid.rs
@@ -2,13 +2,13 @@
 use crate::Error;
 use core::mem::MaybeUninit;
 
-pub use crate::util::{inner_u32, inner_u64};
+pub use crate::default_impls::{insecure_fill_uninit, insecure_u32, insecure_u64, u32, u64};
 
 extern "C" {
     pub fn SOLID_RNG_SampleRandomBytes(buffer: *mut u8, length: usize) -> i32;
 }
 
-pub fn fill_inner(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
+pub fn fill_uninit(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
     let ret = unsafe { SOLID_RNG_SampleRandomBytes(dest.as_mut_ptr().cast::<u8>(), dest.len()) };
     if ret >= 0 {
         Ok(())
diff --git a/src/backends/use_file.rs b/src/backends/use_file.rs
@@ -7,7 +7,7 @@ use core::{
 };
 
 #[cfg(not(any(target_os = "android", target_os = "linux")))]
-pub use crate::util::{inner_u32, inner_u64};
+pub use crate::default_impls::{insecure_fill_uninit, insecure_u32, insecure_u64, u32, u64};
 
 #[path = "../util_libc.rs"]
 pub(super) mod util_libc;
@@ -40,7 +40,7 @@ const FD_ONGOING_INIT: libc::c_int = -2;
 // `Ordering::Acquire` to synchronize with it.
 static FD: AtomicI32 = AtomicI32::new(FD_UNINIT);
 
-pub fn fill_inner(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
+pub fn fill_uninit(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
     let mut fd = FD.load(Ordering::Acquire);
     if fd == FD_UNINIT || fd == FD_ONGOING_INIT {
         fd = open_or_wait()?;
diff --git a/src/backends/vxworks.rs b/src/backends/vxworks.rs
@@ -9,9 +9,9 @@ use core::{
 #[path = "../util_libc.rs"]
 mod util_libc;
 
-pub use crate::util::{inner_u32, inner_u64};
+pub use crate::default_impls::{insecure_fill_uninit, insecure_u32, insecure_u64, u32, u64};
 
-pub fn fill_inner(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
+pub fn fill_uninit(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
     static RNG_INIT: AtomicBool = AtomicBool::new(false);
     while !RNG_INIT.load(Relaxed) {
         let ret = unsafe { libc::randSecure() };
diff --git a/src/backends/wasi_p1.rs b/src/backends/wasi_p1.rs
@@ -2,7 +2,7 @@
 use crate::Error;
 use core::mem::MaybeUninit;
 
-pub use crate::util::{inner_u32, inner_u64};
+pub use crate::default_impls::{insecure_fill_uninit, insecure_u32, insecure_u64, u32, u64};
 
 // This linking is vendored from the wasi crate:
 // https://docs.rs/wasi/0.11.0+wasi-snapshot-preview1/src/wasi/lib_generated.rs.html#2344-2350
@@ -11,7 +11,7 @@ extern "C" {
     fn random_get(arg0: i32, arg1: i32) -> i32;
 }
 
-pub fn fill_inner(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
+pub fn fill_uninit(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
     // Based on the wasi code:
     // https://docs.rs/wasi/0.11.0+wasi-snapshot-preview1/src/wasi/lib_generated.rs.html#2046-2062
     // Note that size of an allocated object can not be bigger than isize::MAX bytes.
diff --git a/src/backends/wasi_p2.rs b/src/backends/wasi_p2.rs
diff --git a/src/backends/wasm_js.rs b/src/backends/wasm_js.rs
diff --git a/src/backends/windows.rs b/src/backends/windows.rs
diff --git a/src/backends/windows7.rs b/src/backends/windows7.rs
diff --git a/src/default_impls.rs b/src/default_impls.rs
diff --git a/src/lib.rs b/src/lib.rs
diff --git a/src/util.rs b/src/util.rs

Original file line number	Diff line number	Diff line change
`@@ -2,14 +2,14 @@`
`2`	`2`	`use crate::Error;`
`3`	`3`	`use core::mem::MaybeUninit;`
`4`	`4`
`5`		`-pub use crate::util::{inner_u32, inner_u64};`
	`5`	`+pub use crate::default_impls::{insecure_fill_uninit, insecure_u32, insecure_u64, u32, u64};`
`6`	`6`
`7`	`7`	`#[link(name = "zircon")]`
`8`	`8`	`extern "C" {`
`9`	`9`	`fn zx_cprng_draw(buffer: *mut u8, length: usize);`
`10`	`10`	`}`
`11`	`11`
`12`		`-pub fn fill_inner(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {`
	`12`	`+pub fn fill_uninit(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {`
`13`	`13`	`unsafe { zx_cprng_draw(dest.as_mut_ptr().cast::<u8>(), dest.len()) }`
`14`	`14`	`Ok(())`
`15`	`15`	`}`
Original file line number	Diff line number	Diff line change
`@@ -2,6 +2,8 @@`
`2`	`2`	`use crate::Error;`
`3`	`3`	`use core::mem::MaybeUninit;`
`4`	`4`
	`5`	`+pub use crate::default_impls::{insecure_fill_uninit, insecure_u32, insecure_u64};`
	`6`	`+`
`5`	`7`	`extern "C" {`
`6`	`8`	`fn sys_read_entropy(buffer: *mut u8, length: usize, flags: u32) -> isize;`
`7`	`9`	// Note that `sys_secure_rand32/64` are implemented using `sys_read_entropy`:
`@@ -12,7 +14,7 @@ extern "C" {`
`12`	`14`	`fn sys_secure_rand64(value: *mut u64) -> i32;`
`13`	`15`	`}`
`14`	`16`
`15`		`-pub fn inner_u32() -> Result<u32, Error> {`
	`17`	`+pub fn u32() -> Result<u32, Error> {`
`16`	`18`	`let mut res = MaybeUninit::uninit();`
`17`	`19`	`let ret = unsafe { sys_secure_rand32(res.as_mut_ptr()) };`
`18`	`20`	`match ret {`
`@@ -22,7 +24,7 @@ pub fn inner_u32() -> Result<u32, Error> {`
`22`	`24`	`}`
`23`	`25`	`}`
`24`	`26`
`25`		`-pub fn inner_u64() -> Result<u64, Error> {`
	`27`	`+pub fn u64() -> Result<u64, Error> {`
`26`	`28`	`let mut res = MaybeUninit::uninit();`
`27`	`29`	`let ret = unsafe { sys_secure_rand64(res.as_mut_ptr()) };`
`28`	`30`	`match ret {`
`@@ -32,7 +34,7 @@ pub fn inner_u64() -> Result<u64, Error> {`
`32`	`34`	`}`
`33`	`35`	`}`
`34`	`36`
`35`		`-pub fn fill_inner(mut dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {`
	`37`	`+pub fn fill_uninit(mut dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {`
`36`	`38`	`while !dest.is_empty() {`
`37`	`39`	`let res = unsafe { sys_read_entropy(dest.as_mut_ptr().cast::<u8>(), dest.len(), 0) };`
`38`	`40`	`match res {`
Original file line number	Diff line number	Diff line change
`@@ -2,6 +2,8 @@`
`2`	`2`	`use crate::{util::slice_as_uninit, Error};`
`3`	`3`	`use core::mem::{size_of, MaybeUninit};`
`4`	`4`
	`5`	`+pub use crate::default_impls::{insecure_fill_uninit, insecure_u32, insecure_u64};`
	`6`	`+`
`5`	`7`	`#[path = "../lazy.rs"]`
`6`	`8`	`mod lazy;`
`7`	`9`
`@@ -147,23 +149,23 @@ unsafe fn rdrand_u64() -> Option<u64> {`
`147`	`149`	`Some((u64::from(a) << 32) \|\| u64::from(b))`
`148`	`150`	`}`
`149`	`151`
`150`		`-pub fn inner_u32() -> Result<u32, Error> {`
	`152`	`+pub fn u32() -> Result<u32, Error> {`
`151`	`153`	`if !RDRAND_GOOD.unsync_init(is_rdrand_good) {`
`152`	`154`	`return Err(Error::NO_RDRAND);`
`153`	`155`	`}`
`154`	`156`	`// SAFETY: After this point, we know rdrand is supported.`
`155`	`157`	`unsafe { rdrand_u32() }.ok_or(Error::FAILED_RDRAND)`
`156`	`158`	`}`
`157`	`159`
`158`		`-pub fn inner_u64() -> Result<u64, Error> {`
	`160`	`+pub fn u64() -> Result<u64, Error> {`
`159`	`161`	`if !RDRAND_GOOD.unsync_init(is_rdrand_good) {`
`160`	`162`	`return Err(Error::NO_RDRAND);`
`161`	`163`	`}`
`162`	`164`	`// SAFETY: After this point, we know rdrand is supported.`
`163`	`165`	`unsafe { rdrand_u64() }.ok_or(Error::FAILED_RDRAND)`
`164`	`166`	`}`
`165`	`167`
`166`		`-pub fn fill_inner(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {`
	`168`	`+pub fn fill_uninit(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {`
`167`	`169`	`if !RDRAND_GOOD.unsync_init(is_rdrand_good) {`
`168`	`170`	`return Err(Error::NO_RDRAND);`
`169`	`171`	`}`
Original file line number	Diff line number	Diff line change
`@@ -9,6 +9,8 @@ use crate::{`
`9`	`9`	`use core::arch::asm;`
`10`	`10`	`use core::mem::{size_of, MaybeUninit};`
`11`	`11`
	`12`	`+pub use crate::default_impls::{insecure_fill_uninit, insecure_u32, insecure_u64};`
	`13`	`+`
`12`	`14`	`#[cfg(not(target_arch = "aarch64"))]`
`13`	`15`	compile_error!("the `rndr` backend can be enabled only for AArch64 targets!");
`14`	`16`
`@@ -104,7 +106,7 @@ fn is_rndr_available() -> bool {`
`104`	`106`	`}`
`105`	`107`	`}`
`106`	`108`
`107`		`-pub fn inner_u32() -> Result<u32, Error> {`
	`109`	`+pub fn u32() -> Result<u32, Error> {`
`108`	`110`	`if is_rndr_available() {`
`109`	`111`	// SAFETY: after this point, we know the `rand` target feature is enabled
`110`	`112`	`let res = unsafe { rndr() };`
`@@ -114,7 +116,7 @@ pub fn inner_u32() -> Result<u32, Error> {`
`114`	`116`	`}`
`115`	`117`	`}`
`116`	`118`
`117`		`-pub fn inner_u64() -> Result<u64, Error> {`
	`119`	`+pub fn u64() -> Result<u64, Error> {`
`118`	`120`	`if is_rndr_available() {`
`119`	`121`	// SAFETY: after this point, we know the `rand` target feature is enabled
`120`	`122`	`let res = unsafe { rndr() };`
`@@ -124,7 +126,7 @@ pub fn inner_u64() -> Result<u64, Error> {`
`124`	`126`	`}`
`125`	`127`	`}`
`126`	`128`
`127`		`-pub fn fill_inner(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {`
	`129`	`+pub fn fill_uninit(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {`
`128`	`130`	`if is_rndr_available() {`
`129`	`131`	// SAFETY: after this point, we know the `rand` target feature is enabled
`130`	`132`	`unsafe { rndr_fill(dest).ok_or(Error::RNDR_FAILURE) }`