Add safety coments to bssl-sys
As with all FFI libraries, the Rust conventions around safety don't
really work well. There's a ton of noise from bindgen needing to
conservatively mark everything unsafe, obscuring true safety sharp edges
like Rust's FFI-incompatible empty slice representation.
Change-Id: I2199e61b4900a01e3610772063765c5bb0cb493c
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/66287
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Bob Beck <bbe@google.com>
diff --git a/rust/bssl-sys/src/lib.rs b/rust/bssl-sys/src/lib.rs
index 9edbd08..fa52ec7 100644
--- a/rust/bssl-sys/src/lib.rs
+++ b/rust/bssl-sys/src/lib.rs
@@ -43,20 +43,24 @@
// TODO(crbug.com/boringssl/596): Remove these wrappers.
#[cfg(unsupported_inline_wrappers)]
pub fn ERR_GET_LIB(packed_error: u32) -> i32 {
+ // Safety: This is safe for all inputs. bindgen conservatively marks everything unsafe.
unsafe { ERR_GET_LIB_RUST(packed_error) }
}
#[cfg(unsupported_inline_wrappers)]
pub fn ERR_GET_REASON(packed_error: u32) -> i32 {
+ // Safety: This is safe for all inputs. bindgen conservatively marks everything unsafe.
unsafe { ERR_GET_REASON_RUST(packed_error) }
}
#[cfg(unsupported_inline_wrappers)]
pub fn ERR_GET_FUNC(packed_error: u32) -> i32 {
+ // Safety: This is safe for all inputs. bindgen conservatively marks everything unsafe.
unsafe { ERR_GET_FUNC_RUST(packed_error) }
}
pub fn init() {
+ // Safety: `CRYPTO_library_init` may be called multiple times and concurrently.
unsafe {
CRYPTO_library_init();
}
