This is a first step toward fully-automated formatting. A custom format
is used, primarily to tell rustfmt to wrap at column 80(-ish) instead of
column 100(-ish), and to use more compact styles.
Many rustfmt suggestions for rewrapping function calls were ignored
because they did not result in the minimum number of lines and/or
because I'm still unsure the best way to format a long chain. Some
suggestions for reformatting macros were ignored because they ruined
the indention. Some other suggestions were ignored because they seemed
like bugs and/or seemed to make things clearly worse.
Further work is planned, in order to make the formatting fully
automatic.
Rust 1.11.0 is required since some tests are using the form of
`assert!` that takes a custom error message, which is new in Rust
1.11.0.
Also fix includes in Cargo.toml. Also remove pregenerated/*, which
don't need to be in version control, but which can't be in .gitignore
(if they are, then `cargo package` and `cargo publish` don't work).
The X25519 code was assuming the ring::agreement code was doing it. The
ring::agreement code assumed the X25519 code was doing it.
Without this, if the peer's public key is too short, there would be an
out-of-bounds read.
It was already only used in tests, so only compile it in tests,
and remove now-unused modes.
I agree to license my contributions to each file under the terms
given at the top of each file I changed.
The random key generation code is adapted from that used for EC,
but temporarily duplicated, with the following changes:
- A Range struct wrapping Limb slices used as ranges
- Instead of converting bytes to limbs, generate random bytes directly
into the Limb slice, temporarily casting it to u8
- Add support for ranges with zero bits in the most significant limb
by masking those bits in the generated random bytes
Also remove the `min_inclusive` parameter from BN_rand_range_ex,
since in practice it is always 1.
I agree to license my contributions to each file under the terms given
at the top of each file I changed.
Since |BN_MONT_CTX_set| is not protected against side channels,
encourage callers to call it explicitly, once, and reuse the
|BN_MONT_CTX|, instead of relying on |BN_mod_exp_mont_consttime|
to recreate it each time. All the existing callers already passed a
non-NULL |BN_MONT_CTX_set|, so this is just deleting dead (test-only)
code.
