Now "links" in Cargo.toml is the only thing that needs to be manually modified
when the prefix changes.
build.rs enforces that the package name and version are consistent with the
"links" field.
Eliminate the extra Cargo.toml that was used just for this feature. It was
too error-prone to keep it in sync with the real Cargo.toml. Having one
Cargo.toml will allow us to reliably use the `CARGO_MANIFEST_LINKS` value
to keep the symbol prefix in sync with the `links` field in Cargo.toml in
the near future.
Revert the names used in the BoringSSL C/asm code to the names used in
BoringSSL. This substantially reduces the diff between *ring* and
BoringSSL for these files.
Use a variant of BoringSSL's symbol prefixing machinery to semi-
automatically prefix FFI symbols with the `GFp_` prefix. The names aren't
all exactly the same as before, because previously we *replaced* a
symbol's original prefix with the `GFp_` prefix; now we're prepending
`GFp_`. In the future we'll use a different prefix entirely.
This paves the way for using different prefixes for each version so that
multiple versions of *ring* can be linked into an executable at once.
Assume by default that an operating system does not have an ABI compatible
with the PerlAsm sources. Add all the operating systems that we've
explicitly added support for to the allowlist. Avoid trying to build or
use the PerlAsm code for those targets.
On top of this, we can build fallback logic for using Rust (or C)
implementations for those targets that aren't compatible with the
assembly.
Use Fiat Crypto for non-x86_64 platforms, like BoringSSL. Continue
using the nistz256 code on Windows, differently from BoringSSL.
Make *ring* more consistent with BoringSSL.
The newest Rust Nightly is getting stricter about `forbid(warnings)`
which breaks the build.
Use "deny" instead of "forbid". And only deny when running Clippy in
CI/CD, so that when hacking on *ring* we don't have to deal with
warnings right away; we now only have to deal with them when we're ready
to submit a change to be merged.
Avoid requiring a sysroot for *-linux-musl targets when using Clang.
Add one AAarch64 and one 32-bit ARM MUSL target to GitHub Actions.
Use Rust 1.48's `-Clink-self-contained=yes` in CI for musl targets.
Support the non-default variants of the *-musl targets.
Change the static CPU feature detection logic to assume all aarch64-apple-* targets
have the same capabilities as far as the features we use are concerned.
Use the "ios64" PerlAsm flavour for aarch64-apple-darwin, like OpenSSL upstream does.
Add (build-only) cross-compilation jobs to GitHub Actions.
Previously the OpenSSL implementation was being used. Switch to the BoringSSL
version.
Switching to the BoringSSL implementation will make it easier to refactor the CPU feature
detection, which is important for upcoming ports.
This switch will also implicitly add support for BTI and pointer authentication for
Poly1305.
This is based on BoringSSL 63d06626d3a104868eee622e8e56d9f2dd643366.
Run the RSA and signature tests in WebAssembly.
Implement Elem*Elem multiplication for platforms for which we have no assembly
language implementation of it. Refactor the code to accomodate this.
`elem_reduced` was infallible previously as it always ensured the prerequisites
for the reduction were met. Make this clear in the return type, as a side-effect
of the refactoring needed for implementing the multiplication.
This implementation is far from efficient. More work needs to be done to make it
faster.
Replace `GFp_bn_mul_add_word` with a clearer, simpler implementation.
The new `GFp_limbs_mul_add_limb` avoid explicit branches at the C code
level, unlike the code it replaces. (Obviously, even with the new
"branchless" code the compiler might be able to synthesize branches.)
Add the BoringSSL aes_nohw implementation with minimal changes needed to
build. Enable the AES-GCM AEAD tests for wasm32 targets gated on the "wasm_c"
feature.
Use the VPAES implementation from BoringSSL as of commit c556d87ddfe836294c8e04fc59d0c298951a4cc7,
with the 192-bit key handling and decryption removed.
Merge the VPAES and BSAES cases to VPAES_BSAES. Switch between the VPAES and BSAES implementation
on ARMv7 based on the amount of data being encrypted.
Clarify the dispatching logic in `ring::aead::aes`. In particular, avoid using `_` patterns
when matching on the result of `detect_implementation()`. Also rename Fallback to NOHW.
implementation.
*ring* tries to work without type-punning `memcpy`, so the use of that
in `GFp_gcm_ghash_nohw` was replaced by the use of `u64_from_be_bytes`.
This will (I hope) also help with the eventual support for big-endian
targets. Here's the diff from BoringSSL in that function:
```diff
-void gcm_ghash_nohw(uint64_t Xi[2], const u128 Htable[16], const uint8_t *inp,
- size_t len) {
+void GFp_gcm_ghash_nohw(uint64_t Xi[2], const u128 Htable[16], const uint8_t *inp,
+ size_t len) {
uint64_t swapped[2];
swapped[0] = CRYPTO_bswap8(Xi[1]);
swapped[1] = CRYPTO_bswap8(Xi[0]);
while (len >= 16) {
- uint64_t block[2];
- OPENSSL_memcpy(block, inp, 16);
- swapped[0] ^= CRYPTO_bswap8(block[1]);
- swapped[1] ^= CRYPTO_bswap8(block[0]);
+ swapped[0] ^= u64_from_be_bytes(&inp[8]);
+ swapped[1] ^= u64_from_be_bytes(inp);
gcm_polyval_nohw(swapped, &Htable[0]);
inp += 16;
len -= 16;
```
I also had to add a couple of (uint32_t) truncating casts where
BoringSSL expects an implicit truncation to occur, to avoid
`-Werror=conversion`.
During the merge, I found that `GFp_gcm_gmult_clmul` had its
`.cfi_startproc` on the wrong line. I fixed that as part of the merge.
During my review of the BoringSSL changes, I noticed that BoringSSL had
left some of the dead code in ghash-x86_64.pl, which had previously been
removed in *ring*. That removal is being done in BoringSSL in [1].
[1] https://boringssl-review.googlesource.com/c/boringssl/+/41144
Previously, build.rs. would print "cargo:..." to stdout if a variable
`$cargo` was set. This conflicted with Cargo's interpretation of
"cargo:..." to direct it to do things; see [1].
Instead, write to stderr to avoid the conflict. Also change the
formatting of the the environment variable logging so that even if
stderr gets redirected to stdout, such conflicts won't occur.
[1]
https://doc.rust-lang.org/cargo/reference/build-scripts.html#outputs-of-the-build-script
