Remove af_alg_iv::as_slice (which is unsound) and modify trait implementations that depended on it.

[eduardosm]

Fixes #1501.

This PR is an alternative to #1703. In this case, no trait implementation is removed.

[rust-highfive]

Thanks for the pull request, and welcome! The Rust team is excited to review your changes, and you should hear from @JohnTitor (or someone else) soon.

If any changes to this PR are deemed necessary, please add them as extra commits. This ensures that the reviewer can see what has changed since they last reviewed the code. Due to the way GitHub handles out-of-date commits, this should also make it reasonably obvious what issues have or haven't been addressed. Large or tricky changes may require several passes of review and changes.

Please see the contribution instructions for more information.

[joshtriplett]

I think it would be dangerous to ignore iv for things like equality checking. The rest seems fine, but that seems potentially dangerous to me. Two different structure values shouldn't compare equal if they aren't equal.

[eduardosm]

af_alg_iv is defined as

#[repr(C)]
pub struct af_alg_iv {
    pub ivlen: u32,
    pub iv: [c_uchar; 0],
}

iv has length zero, so it does not contain any data that to compare. The current implementation reads up to ivlen bytes beyond the struct, but that allows to easily do out-of-bounds reads without unsafe. For example:

let a = af_alg_iv {
    ivlen: 100,
    iv: [],
};
let b = af_alg_iv {
    ivlen: 100,
    iv: [],
};

a == b // Undefined behavior without unsafe keyword

[joshtriplett]

I realize that, but given that, I think we shouldn't implement PartialEq for this structure at all.

[eduardosm]

Then its best to close this PR and continue with #1703.

[JohnTitor]

Closing in favor of #1703.