//! Solaris implementation using getrandom(2).
//!
//! While getrandom(2) has been available since Solaris 11.3, it has a few
//! quirks not present on other OSes. First, on Solaris 11.3, calls will always
//! fail if bufsz > 1024. Second, it will always either fail or completely fill
//! the buffer (returning bufsz). Third, error is indicated by returning 0,
//! rather than by returning -1. Finally, "if GRND_RANDOM is not specified
//! then getrandom(2) is always a non blocking call". This _might_ imply that
//! in early-boot scenarios with low entropy, getrandom(2) will not properly
//! block. To be safe, we set GRND_RANDOM, mirroring the man page examples.
//!
//! For more information, see the man page linked in lib.rs and this blog post:
//! https://blogs.oracle.com/solaris/post/solaris-new-system-calls-getentropy2-and-getrandom2
//! which also explains why this crate should not use getentropy(2).
use crate::Error;
use core::{ffi::c_void, mem::MaybeUninit};

pub use crate::util::{inner_u32, inner_u64};

#[path = "../util_libc.rs"]
mod util_libc;

const MAX_BYTES: usize = 1024;

#[inline]
pub fn fill_inner(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
    for chunk in dest.chunks_mut(MAX_BYTES) {
        let ptr = chunk.as_mut_ptr().cast::<c_void>();
        let ret = unsafe { libc::getrandom(ptr, chunk.len(), libc::GRND_RANDOM) };
        // In case the man page has a typo, we also check for negative ret.
        // If getrandom(2) succeeds, it should have completely filled chunk.
        match usize::try_from(ret) {
            // Good. Keep going.
            Ok(ret) if ret == chunk.len() => {}
            // The syscall failed.
            Ok(0) => return Err(util_libc::last_os_error()),
            // All other cases should be impossible.
            _ => return Err(Error::UNEXPECTED),
        }
    }
    Ok(())
}