@@ -10,8 +10,10 @@ use core::{
1010 sync:: atomic:: { AtomicI32 , Ordering } ,
1111} ;
1212use std:: {
13- fs, io,
14- os:: fd:: { IntoRawFd as _, RawFd } ,
13+ fs,
14+ io,
15+ // TODO(MSRV 1.66): use `std::os::fd` instead of `std::unix::io`.
16+ os:: unix:: io:: { AsRawFd as _, BorrowedFd , IntoRawFd as _, RawFd } ,
1517} ;
1618
1719/// For all platforms, we use `/dev/urandom` rather than `/dev/random`.
@@ -28,14 +30,14 @@ const FILE_PATH: &str = "/dev/urandom";
2830pub fn getrandom_inner ( dest : & mut [ MaybeUninit < u8 > ] ) -> Result < ( ) , Error > {
2931 let fd = get_rng_fd ( ) ?;
3032 sys_fill_exact ( dest, |buf| unsafe {
31- libc:: read ( fd, buf. as_mut_ptr ( ) . cast :: < c_void > ( ) , buf. len ( ) )
33+ libc:: read ( fd. as_raw_fd ( ) , buf. as_mut_ptr ( ) . cast :: < c_void > ( ) , buf. len ( ) )
3234 } )
3335}
3436
3537// Returns the file descriptor for the device file used to retrieve random
3638// bytes. The file will be opened exactly once. All subsequent calls will
3739// return the same file descriptor. This file descriptor is never closed.
38- fn get_rng_fd ( ) -> Result < RawFd , Error > {
40+ fn get_rng_fd ( ) -> Result < BorrowedFd < ' static > , Error > {
3941 // std::os::fd::{BorrowedFd, OwnedFd} guarantee that -1 is not a valid file descriptor.
4042 const FD_UNINIT : RawFd = -1 ;
4143
@@ -55,22 +57,19 @@ fn get_rng_fd() -> Result<RawFd, Error> {
5557 // `Ordering::Acquire` to synchronize with it.
5658 static FD : AtomicI32 = AtomicI32 :: new ( FD_UNINIT ) ;
5759
58- fn get_fd ( ) -> Option < RawFd > {
60+ fn get_fd ( ) -> Option < BorrowedFd < ' static > > {
5961 match FD . load ( Ordering :: Acquire ) {
6062 FD_UNINIT => None ,
61- val => Some ( val) ,
63+ val => Some ( unsafe { BorrowedFd :: borrow_raw ( val) } ) ,
6264 }
6365 }
6466
6567 #[ cold]
66- fn get_fd_locked ( ) -> Result < RawFd , Error > {
68+ fn get_fd_locked ( ) -> Result < BorrowedFd < ' static > , Error > {
6769 // This mutex is used to prevent multiple threads from opening file
6870 // descriptors concurrently, which could run into the limit on the
6971 // number of open file descriptors. Our goal is to have no more than one
7072 // file descriptor open, ever.
71- //
72- // SAFETY: We use the mutex only in this method, and we always unlock it
73- // before returning, making sure we don't violate the pthread_mutex_t API.
7473 static MUTEX : Mutex = Mutex :: new ( ) ;
7574 unsafe { MUTEX . lock ( ) } ;
7675 let _guard = DropGuard ( || unsafe { MUTEX . unlock ( ) } ) ;
@@ -89,7 +88,7 @@ fn get_rng_fd() -> Result<RawFd, Error> {
8988 debug_assert ! ( fd != FD_UNINIT ) ;
9089 FD . store ( fd, Ordering :: Release ) ;
9190
92- Ok ( fd )
91+ Ok ( unsafe { BorrowedFd :: borrow_raw ( fd ) } )
9392 }
9493
9594 // Use double-checked locking to avoid acquiring the lock if possible.
@@ -130,8 +129,6 @@ fn get_rng_fd() -> Result<RawFd, Error> {
130129// libsodium uses `libc::poll` similarly to this.
131130#[ cfg( any( target_os = "android" , target_os = "linux" ) ) ]
132131fn wait_until_rng_ready ( ) -> Result < ( ) , Error > {
133- use std:: os:: unix:: io:: AsRawFd as _;
134-
135132 let file = fs:: File :: open ( "/dev/random" ) . map_err ( map_io_error) ?;
136133 let mut pfd = libc:: pollfd {
137134 fd : file. as_raw_fd ( ) ,
0 commit comments