As far as I know, `libc` is available for every target now. Especially
since the introduction of `bssl::Result` we hardly reference these
types, other than `size_t`. This will help get rid of crypto/crypto.c.
Embed test data files into test executables so that file I/O isn't
necessary during tests. This allows the tests to run on platforms that
don't have file I/O. It also makes it easier to run the tests on a
separate (virtual) machine from the build machine since the test
automation no longer needs to keep track of the test files.
This commit introduces a `#[repr(transparent)]` newtype to represent
the return type of foreign functions which return 1 on success and 0 on
failure. This type is `#[must_use]`, so these return codes must be
checked by the caller.
It also adds `#[must_use]` to foreign functions which use a different
convention to return an error.
I agree to license my contributions to each file under the terms given
at the top of each file I changed.
The duplicate was accidentally added in
commit 8b026c93f2c3174ce43d0ef7bd6f618e4f772920.
This was causing an "unused_macro" warning which was causing
beta and nightly builds to fail.
This is a first step toward fully-automated formatting. A custom format
is used, primarily to tell rustfmt to wrap at column 80(-ish) instead of
column 100(-ish), and to use more compact styles.
Many rustfmt suggestions for rewrapping function calls were ignored
because they did not result in the minimum number of lines and/or
because I'm still unsure the best way to format a long chain. Some
suggestions for reformatting macros were ignored because they ruined
the indention. Some other suggestions were ignored because they seemed
like bugs and/or seemed to make things clearly worse.
Further work is planned, in order to make the formatting fully
automatic.
Instead of having `ring::agreement::EphemeralKeyPair`, we now have
`ring::agreement::EphemeralPrivateKey`, which doesn't store the public
key. This is slightly more memory-efficient because in real-world
protocols we don't need to do anything with the public key except send
it to the peer.
The interface between the Rust and C code was changed with an eye
towards making it easy to add X25519 support. New, simpler, C code
implementing ECDH (for NIST curves) replaces the old code in
crypto/ecdh. In particular, now `EC_KEY` isn't used at all for ECDH.
Finally, add the test vectors for ECDH P-256 and P-384 from the NIST
website. These test vectors don't test the most interesting cases,
however.
Because `SecureRandom::fill` took `&mut self`, it wasn't possible to
have multiple *usable* references to a `SecureRandom`. Change it so
that `fill` takes non-mutable `&self` so that multi-thread sharing
works.
Avoid all the messiness involved with static initializers by doing it
the dumb way. Static initializers are commonly banned from applications
because they add latency to application startup.
This implementation needs to be fine-tuned to account for cases where
we don't need CPUID info (e.g. hard-coded ARM target profiles, NO_ASM
builds, platforms where we have no ASM code).
Also, it is worth investigating whether the Rust implementation of
`call_once` has optimal performance, but for now we punt on that issue.
Stop using `CRYPTO_once`. Instead, require that the CSPRNG is
explicitly threaded through every function that requires a CSPRNG. The
constructor of `SystemRandom` will then initialize the file handle for
/dev/urandom as necessary.
Instead of building the test suites inherited from BoringSSL as
seperate executables, link them all together into one executable,
giving all their `main` functions unique names.
This allows all the tests to be run, even on platforms that don't have
traditional process spawning, and avoids the need to keep track of
directory names even on platforms that do support process spawning.
This also makes it easier to integrate new BoringSSL test suites on
Windows, because we don't need to create a new `vcxproj` file for each
one.
Having one test executable may also make code coverage easier.
Also remove the now-redundant `bssl_` part of the names of the things
inside the module.
This should help avoid confusion in the event we create a ring-ffi
crate.
