The newest Rust Nightly is getting stricter about `forbid(warnings)`
which breaks the build.
Use "deny" instead of "forbid". And only deny when running Clippy in
CI/CD, so that when hacking on *ring* we don't have to deal with
warnings right away; we now only have to deal with them when we're ready
to submit a change to be merged.
Avoid requiring a sysroot for *-linux-musl targets when using Clang.
Add one AAarch64 and one 32-bit ARM MUSL target to GitHub Actions.
Use Rust 1.48's `-Clink-self-contained=yes` in CI for musl targets.
Support the non-default variants of the *-musl targets.
Change the static CPU feature detection logic to assume all aarch64-apple-* targets
have the same capabilities as far as the features we use are concerned.
Use the "ios64" PerlAsm flavour for aarch64-apple-darwin, like OpenSSL upstream does.
Add (build-only) cross-compilation jobs to GitHub Actions.
Previously the OpenSSL implementation was being used. Switch to the BoringSSL
version.
Switching to the BoringSSL implementation will make it easier to refactor the CPU feature
detection, which is important for upcoming ports.
This switch will also implicitly add support for BTI and pointer authentication for
Poly1305.
This is based on BoringSSL 63d06626d3a104868eee622e8e56d9f2dd643366.
Run the RSA and signature tests in WebAssembly.
Implement Elem*Elem multiplication for platforms for which we have no assembly
language implementation of it. Refactor the code to accomodate this.
`elem_reduced` was infallible previously as it always ensured the prerequisites
for the reduction were met. Make this clear in the return type, as a side-effect
of the refactoring needed for implementing the multiplication.
This implementation is far from efficient. More work needs to be done to make it
faster.
Replace `GFp_bn_mul_add_word` with a clearer, simpler implementation.
The new `GFp_limbs_mul_add_limb` avoid explicit branches at the C code
level, unlike the code it replaces. (Obviously, even with the new
"branchless" code the compiler might be able to synthesize branches.)
Add the BoringSSL aes_nohw implementation with minimal changes needed to
build. Enable the AES-GCM AEAD tests for wasm32 targets gated on the "wasm_c"
feature.
Use the VPAES implementation from BoringSSL as of commit c556d87ddfe836294c8e04fc59d0c298951a4cc7,
with the 192-bit key handling and decryption removed.
Merge the VPAES and BSAES cases to VPAES_BSAES. Switch between the VPAES and BSAES implementation
on ARMv7 based on the amount of data being encrypted.
Clarify the dispatching logic in `ring::aead::aes`. In particular, avoid using `_` patterns
when matching on the result of `detect_implementation()`. Also rename Fallback to NOHW.
implementation.
*ring* tries to work without type-punning `memcpy`, so the use of that
in `GFp_gcm_ghash_nohw` was replaced by the use of `u64_from_be_bytes`.
This will (I hope) also help with the eventual support for big-endian
targets. Here's the diff from BoringSSL in that function:
```diff
-void gcm_ghash_nohw(uint64_t Xi[2], const u128 Htable[16], const uint8_t *inp,
- size_t len) {
+void GFp_gcm_ghash_nohw(uint64_t Xi[2], const u128 Htable[16], const uint8_t *inp,
+ size_t len) {
uint64_t swapped[2];
swapped[0] = CRYPTO_bswap8(Xi[1]);
swapped[1] = CRYPTO_bswap8(Xi[0]);
while (len >= 16) {
- uint64_t block[2];
- OPENSSL_memcpy(block, inp, 16);
- swapped[0] ^= CRYPTO_bswap8(block[1]);
- swapped[1] ^= CRYPTO_bswap8(block[0]);
+ swapped[0] ^= u64_from_be_bytes(&inp[8]);
+ swapped[1] ^= u64_from_be_bytes(inp);
gcm_polyval_nohw(swapped, &Htable[0]);
inp += 16;
len -= 16;
```
I also had to add a couple of (uint32_t) truncating casts where
BoringSSL expects an implicit truncation to occur, to avoid
`-Werror=conversion`.
During the merge, I found that `GFp_gcm_gmult_clmul` had its
`.cfi_startproc` on the wrong line. I fixed that as part of the merge.
During my review of the BoringSSL changes, I noticed that BoringSSL had
left some of the dead code in ghash-x86_64.pl, which had previously been
removed in *ring*. That removal is being done in BoringSSL in [1].
[1] https://boringssl-review.googlesource.com/c/boringssl/+/41144
Previously, build.rs. would print "cargo:..." to stdout if a variable
`$cargo` was set. This conflicted with Cargo's interpretation of
"cargo:..." to direct it to do things; see [1].
Instead, write to stderr to avoid the conflict. Also change the
formatting of the the environment variable logging so that even if
stderr gets redirected to stdout, such conflicts won't occur.
[1]
https://doc.rust-lang.org/cargo/reference/build-scripts.html#outputs-of-the-build-script
Some of the targets in Rust's `cross` toolchains have old libc headers
that don't have sys/auxv.h, and we want to do this in Rust anyway.
Unfortunately, in the process of doing so, I found out that
`libc::getauxval()` isn't available in enough places either, so we skip
dealing with *that* too.
