rand: Clarify sealing of SecureRandom.

Author: briansmith

src/ec/suite_b/ecdsa/signing.rs

@@ -300,7 +300,7 @@ impl core::fmt::Debug for NonceRandom<'_> {
 }
 
 impl rand::sealed::SecureRandom for NonceRandom<'_> {
-    fn fill_impl(&self, dest: &mut [u8]) -> Result<(), error::Unspecified> {
+    fn fill_impl(&self, dest: &mut [u8], _: crate::sealed::Arg) -> Result<(), error::Unspecified> {
         // Use the same digest algorithm that will be used to digest the
         // message. The digest algorithm's output is exactly the right size;
         // this is checked below.

src/rand.rs

@@ -31,7 +31,7 @@ where
 {
     #[inline(always)]
     fn fill(&self, dest: &mut [u8]) -> Result<(), error::Unspecified> {
-        self.fill_impl(dest)
+        self.fill_impl(dest, crate::sealed::Arg)
     }
 }
 
@@ -64,7 +64,11 @@ pub(crate) mod sealed {
 
     pub trait SecureRandom: core::fmt::Debug {
         /// Fills `dest` with random bytes.
-        fn fill_impl(&self, dest: &mut [u8]) -> Result<(), error::Unspecified>;
+        fn fill_impl(
+            &self,
+            dest: &mut [u8],
+            _: crate::sealed::Arg,
+        ) -> Result<(), error::Unspecified>;
     }
 
     pub trait RandomlyConstructable: Sized {
@@ -159,7 +163,7 @@ impl SystemRandom {
 ))]
 impl sealed::SecureRandom for SystemRandom {
     #[inline(always)]
-    fn fill_impl(&self, dest: &mut [u8]) -> Result<(), error::Unspecified> {
+    fn fill_impl(&self, dest: &mut [u8], _: crate::sealed::Arg) -> Result<(), error::Unspecified> {
         getrandom::getrandom(dest).map_err(|_| error::Unspecified)
     }
 }

src/testutil.rs

@@ -478,7 +478,11 @@ pub mod rand {
     }
 
     impl rand::sealed::SecureRandom for FixedByteRandom {
-        fn fill_impl(&self, dest: &mut [u8]) -> Result<(), error::Unspecified> {
+        fn fill_impl(
+            &self,
+            dest: &mut [u8],
+            _: crate::sealed::Arg,
+        ) -> Result<(), error::Unspecified> {
             dest.fill(self.byte);
             Ok(())
         }
@@ -493,7 +497,11 @@ pub mod rand {
     }
 
     impl rand::sealed::SecureRandom for FixedSliceRandom<'_> {
-        fn fill_impl(&self, dest: &mut [u8]) -> Result<(), error::Unspecified> {
+        fn fill_impl(
+            &self,
+            dest: &mut [u8],
+            _: crate::sealed::Arg,
+        ) -> Result<(), error::Unspecified> {
             dest.copy_from_slice(self.bytes);
             Ok(())
         }
@@ -516,7 +524,11 @@ pub mod rand {
     }
 
     impl rand::sealed::SecureRandom for FixedSliceSequenceRandom<'_> {
-        fn fill_impl(&self, dest: &mut [u8]) -> Result<(), error::Unspecified> {
+        fn fill_impl(
+            &self,
+            dest: &mut [u8],
+            _: crate::sealed::Arg,
+        ) -> Result<(), error::Unspecified> {
             let current = unsafe { *self.current.get() };
             let bytes = self.bytes[current];
             dest.copy_from_slice(bytes);