The current macro initializer is not uniform across architectures,
and doesn't work when the number of 64bit limbs is not exactly half
that of 32bit limbs, (i.e. 521 bit).
This change replaces all limbs! initializers with a new const
function with hex string initializers, which is more portable and
more ergonomic.
Enable `ring::agreement` for wasm32 targets using the small
implementation of Curve25519.
Use the small Curve25519 implementation of Curve25519 (and
P-256) for all targets except for Aarch64 and x86-64.
Besides being smaller, the small implementations are likely
more resistant to compiler-introduced side-channels, which
is especially important for the wasm32 virtual machine and
other targets that we don't QA as thoroughly as AAarch64
and x86-64.
Bring in the previously-removed definition of `fe_mul_llt`
from BoringSSL as of commit
8d71d244c0debac4079beeb02b5802fde59b94bd.
Don't warn during `cargo build` or `cargo test`, but deny them
in `mk/clippy.sh` so that they are caught in CI. Limit `cargo build`
warnings to things that matter during the edit/test cycle.
In particular, eliminate the use of `ArrayEncoding::as_byte_array` as
we work towards removing that function because it uses `unsafe`.
Where `Block` is used in parameters to C/assembly code, I verified that
the C/assembly code uses `uint8_t *` as the function type (meaning
`uint8_t[16]`) in the BoringSSL headers. Until recently the stuff in
GCM was using `uint64_t` or a union containing `uint64_t`, which is why
block was previously defined in terms of `BigEndian<u64>`.
This is a step towards eliminating `unsafe` usage in `ring::endian` by
eliminating one use of `ArrayEncoding::as_byte_array`.
Since this is the only usage of `LittleEndian`, it is removed
completely.
This simple `array_flatten` polyfill will be useful for multiple
improvements towards eliminating the unsafe code in `endian`.
*ring* defined a function named `OPENSSL_memcmp` that did what
`CRYPTO_memcmp` does in BoringSSL, and BoringSSL has a different
function called `OPENSSL_memcmp`. *ring* doesn't need
`OPENSSL_memcmp` so sync the `CRYPTO_memcmp` stuff with BoringSSL.
This eliminates unnecessary differences from BoringSSL.
Implement `AsRef<[u8]>` for `signature::UnparsedPublicKey`, making it
possible to access the bytes of the public key. For consistency, I did
the same for `agreement::UnparsedPublicKey`, although it already has a
`bytes` method. `agreement::PublicKey` already uses the `AsRef<[u8]>`
approach.
Also, add missing `Debug` implementation for
`signature::UnparsedPublicKey`.
I agree to license my contributions to each file under the terms given
at the top of each file I changed.
Other architectures may not need to do feature checks, and therefore
Feature::available, Feature::mask, etc are never used/read.
This snippet mirrors the similar bit at the top of cpu/intel.
Signed-off-by: Eric Richter <erichte@linux.ibm.com>
