Take some steps toward eliminating the last unsafe in ring::polyfill

src/aead/aes.rs

@@ -22,7 +22,7 @@ use crate::{
     c, cpu,
     endian::BigEndian,
     error,
-    polyfill::{self, ChunksFixed},
+    polyfill::{self, ArraySplitMap},
 };
 use core::ops::RangeFrom;
 
@@ -327,8 +327,8 @@ pub(super) struct Counter([BigEndian<u32>; 4]);
 
 impl Counter {
     pub fn one(nonce: Nonce) -> Self {
-        let nonce = nonce.as_ref().chunks_fixed();
-        Self([nonce[0].into(), nonce[1].into(), nonce[2].into(), 1.into()])
+        let [n0, n1, n2] = nonce.as_ref().array_split_map(BigEndian::<u32>::from);
+        Self([n0, n1, n2, 1.into()])
     }
 
     pub fn increment(&mut self) -> Iv {

src/aead/chacha.rs

@@ -14,7 +14,7 @@
 // CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
 use super::{quic::Sample, Nonce};
-use crate::{cpu, polyfill::ChunksFixed};
+use crate::cpu;
 
 #[cfg(any(
     test,
@@ -27,6 +27,7 @@ use crate::{cpu, polyfill::ChunksFixed};
 ))]
 mod fallback;
 
+use crate::polyfill::ArraySplitMap;
 use core::ops::RangeFrom;
 
 #[derive(Clone)]
@@ -37,9 +38,8 @@ pub struct Key {
 
 impl Key {
     pub(super) fn new(value: [u8; KEY_LEN], cpu_features: cpu::Features) -> Self {
-        let value: &[[u8; 4]; KEY_LEN / 4] = value.chunks_fixed();
         Self {
-            words: value.map(u32::from_le_bytes),
+            words: value.array_split_map(u32::from_le_bytes),
             cpu_features,
         }
     }
@@ -159,13 +159,8 @@ impl Counter {
     }
 
     fn from_nonce_and_ctr(nonce: Nonce, ctr: u32) -> Self {
-        let nonce = nonce.as_ref().chunks_fixed();
-        Self([
-            ctr,
-            u32::from_le_bytes(nonce[0]),
-            u32::from_le_bytes(nonce[1]),
-            u32::from_le_bytes(nonce[2]),
-        ])
+        let [n0, n1, n2] = nonce.as_ref().array_split_map(u32::from_le_bytes);
+        Self([ctr, n0, n1, n2])
     }
 
     pub fn increment(&mut self) -> Iv {
@@ -197,8 +192,7 @@ pub struct Iv([u32; 4]);
 
 impl Iv {
     fn assume_unique_for_key(value: [u8; 16]) -> Self {
-        let value: &[[u8; 4]; 4] = value.chunks_fixed();
-        Self(value.map(u32::from_le_bytes))
+        Self(value.array_split_map(u32::from_le_bytes))
     }
 
     fn into_counter_for_single_block_less_safe(self) -> Counter {

src/aead/gcm.rs

@@ -16,7 +16,7 @@ use super::{
     block::{Block, BLOCK_LEN},
     Aad,
 };
-use crate::{cpu, polyfill::ChunksFixed};
+use crate::{cpu, polyfill::ArraySplitMap};
 use core::ops::BitXorAssign;
 
 #[cfg(not(target_arch = "aarch64"))]
@@ -30,8 +30,7 @@ pub struct Key {
 
 impl Key {
     pub(super) fn new(h_be: Block, cpu_features: cpu::Features) -> Self {
-        let h_be: &[[u8; 8]; 2] = h_be.as_ref().chunks_fixed();
-        let h: [u64; 2] = h_be.map(u64::from_be_bytes);
+        let h: [u64; 2] = h_be.as_ref().array_split_map(u64::from_be_bytes);
 
         let mut key = Self {
             h_table: HTable {

src/aead/gcm/gcm_nohw.rs

@@ -23,7 +23,7 @@
 // Unlike the BearSSL notes, we use u128 in the 64-bit implementation.
 
 use super::{Block, Xi, BLOCK_LEN};
-use crate::polyfill::ChunksFixed;
+use crate::polyfill::ArraySplitMap;
 
 #[cfg(target_pointer_width = "64")]
 fn gcm_mul64_nohw(a: u64, b: u64) -> (u64, u64) {
@@ -224,21 +224,18 @@
 
 pub(super) fn ghash(xi: &mut Xi, h: super::u128, input: &[[u8; BLOCK_LEN]]) {
     with_swapped_xi(xi, |swapped| {
-        input.iter().for_each(|input| {
-            let input: &[[u8; 8]; 2] = input.chunks_fixed();
-            swapped[0] ^= u64::from_be_bytes(input[1]);
-            swapped[1] ^= u64::from_be_bytes(input[0]);
+        input.iter().for_each(|&input| {
+            let input = input.array_split_map(u64::from_be_bytes);
+            swapped[0] ^= input[1];
+            swapped[1] ^= input[0];
             gcm_polyval_nohw(swapped, h);
         });
     });
 }
 
 #[inline]
 fn with_swapped_xi(Xi(xi): &mut Xi, f: impl FnOnce(&mut [u64; 2])) {
-    let unswapped: [u64; 2] = {
-        let xi: &[[u8; 8]; 2] = xi.as_ref().chunks_fixed();
-        xi.map(u64::from_be_bytes)
-    };
+    let unswapped: [u64; 2] = xi.as_ref().array_split_map(u64::from_be_bytes);
     let mut swapped: [u64; 2] = [unswapped[1], unswapped[0]];
     f(&mut swapped);
     let reswapped = [swapped[1], swapped[0]];

src/polyfill.rs

@@ -29,6 +29,7 @@ mod chunks_fixed;
 
 mod array_flat_map;
 mod array_flatten;
+mod array_split_map;
 
 #[cfg(feature = "alloc")]
 mod leading_zeros_skipped;
@@ -39,8 +40,8 @@ mod test;
 mod unwrap_const;
 
 pub use self::{
-    array_flat_map::ArrayFlatMap, array_flatten::ArrayFlatten, chunks_fixed::*,
-    unwrap_const::unwrap_const,
+    array_flat_map::ArrayFlatMap, array_flatten::ArrayFlatten, array_split_map::ArraySplitMap,
+    chunks_fixed::*, unwrap_const::unwrap_const,
 };
 
 #[cfg(feature = "alloc")]

src/polyfill/array_split_map.rs

@@ -0,0 +1,71 @@
+// Copyright 2023 Brian Smith.
+//
+// Permission to use, copy, modify, and/or distribute this software for any
+// purpose with or without fee is hereby granted, provided that the above
+// copyright notice and this permission notice appear in all copies.
+//
+// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES
+// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
+// SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+// OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+// CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+pub trait ArraySplitMap<I, O, const CN: usize, const ON: usize> {
+    fn array_split_map(self, f: impl Fn([I; CN]) -> O) -> [O; ON];
+}
+
+impl<I, O> ArraySplitMap<I, O, 4, 3> for [I; 12] {
+    #[inline]
+    fn array_split_map(self, f: impl Fn([I; 4]) -> O) -> [O; 3] {
+        let [a0, a1, a2, a3, b0, b1, b2, b3, c0, c1, c2, c3] = self;
+        [
+            f([a0, a1, a2, a3]),
+            f([b0, b1, b2, b3]),
+            f([c0, c1, c2, c3]),
+        ]
+    }
+}
+
+impl<I, O> ArraySplitMap<I, O, 4, 4> for [I; 16] {
+    #[inline]
+    fn array_split_map(self, f: impl Fn([I; 4]) -> O) -> [O; 4] {
+        let [a0, a1, a2, a3, b0, b1, b2, b3, c0, c1, c2, c3, d0, d1, d2, d3] = self;
+        [
+            f([a0, a1, a2, a3]),
+            f([b0, b1, b2, b3]),
+            f([c0, c1, c2, c3]),
+            f([d0, d1, d2, d3]),
+        ]
+    }
+}
+
+impl<I, O> ArraySplitMap<I, O, 4, 8> for [I; 32] {
+    #[inline]
+    fn array_split_map(self, f: impl Fn([I; 4]) -> O) -> [O; 8] {
+        let [a0, a1, a2, a3, b0, b1, b2, b3, c0, c1, c2, c3, d0, d1, d2, d3, e0, e1, e2, e3, f0, f1, f2, f3, g0, g1, g2, g3, h0, h1, h2, h3] =
+            self;
+        [
+            f([a0, a1, a2, a3]),
+            f([b0, b1, b2, b3]),
+            f([c0, c1, c2, c3]),
+            f([d0, d1, d2, d3]),
+            f([e0, e1, e2, e3]),
+            f([f0, f1, f2, f3]),
+            f([g0, g1, g2, g3]),
+            f([h0, h1, h2, h3]),
+        ]
+    }
+}
+
+impl<I, O> ArraySplitMap<I, O, 8, 2> for [I; 16] {
+    #[inline]
+    fn array_split_map(self, f: impl Fn([I; 8]) -> O) -> [O; 2] {
+        let [a0, a1, a2, a3, a4, a5, a6, a7, b0, b1, b2, b3, b4, b5, b6, b7] = self;
+        [
+            f([a0, a1, a2, a3, a4, a5, a6, a7]),
+            f([b0, b1, b2, b3, b4, b5, b6, b7]),
+        ]
+    }
+}

src/polyfill/chunks_fixed.rs

@@ -27,9 +27,5 @@ macro_rules! define_chunks_fixed {
 }
 
 // Sorted by the first value, then the second value.
-define_chunks_fixed!(12, 4);
-define_chunks_fixed!(16, 4);
-define_chunks_fixed!(16, 8);
-define_chunks_fixed!(32, 4);
 define_chunks_fixed!(64, 32);
 define_chunks_fixed!(80, 20);