See changes in 8b7bb0cf6b649870bdf3150a3122e6ebe2962d24 for more info.
I agree to license my contributions to each file under the terms given
at the top of each file I changed.
Rust 1.11.0 is required since some tests are using the form of
`assert!` that takes a custom error message, which is new in Rust
1.11.0.
Also fix includes in Cargo.toml. Also remove pregenerated/*, which
don't need to be in version control, but which can't be in .gitignore
(if they are, then `cargo package` and `cargo publish` don't work).
Cargo/rustc wasn't resolving "pregenerated" to an absolute path, so
while the previous scheme for finding the pregenerated libraries worked
for "sh mk/package.sh", it didn't work when building other libraries,
when the current working directory isn't the *ring* source directory.
Make the fallback to dev/urandom a default feature, renaming it to have
the right sense. Make the dependency on lazy_static a Unix-only
dependency in Cargo.toml.
Now we don't have to trust that `num` is doing the math correctly. The
code generator is going away anyway. It's a good idea in theory but in
practice it wasn't worth its complexity.
Cargo features are additive - Cargo presumes that it is safe to
enable a feature if _any_ dependent requires it, and that doing
so will not break crates that do not require it. As a result,
features that reduce the API surface - as no_heap did - violate
Cargo's invariants and can cause spooky failures at a distance.
Converting to a use_heap feature that enables APIs that may
allocate, and enabling it by default, preserves the current
behavior for users who simply depend on *ring* while better
fitting in to the Cargo ecosystem.
I agree to license my contributions to each file under the terms given
at the top of each file I changed.
`cargo test -p ring` will build and run the tests, but apparently without
installing *ring*'s dev-dependencies. Thus, we need to eliminate the
dev-dependencies to make that work.
Because `SecureRandom::fill` took `&mut self`, it wasn't possible to
have multiple *usable* references to a `SecureRandom`. Change it so
that `fill` takes non-mutable `&self` so that multi-thread sharing
works.
The test library, by default, buffers all the output until the test
completes. This can use up a lot of memory--too much memory for some
embedded targets--so make it an opt-in thing.
The RSA doctest had to be disabled temporarily until
https://github.com/rust-lang/rust/pull/30372 makes it to the stable
Rust channel (Rust 1.8).
Some of the tests and the test framework in |ring::file_test| are still
using the heap. This will be fixed separately.
This dependency was through `num`, and it is only a dev-dependency, but
it looks scary, it makes the build slower, and it makes *ring* more
prone to breakage.
This dependency was added in 2e887d11 when examples/fastpkbdf2_bench
was added. However, the benchmarking stuff was moved to
https://github.com/briansmith/crypto-bench a long time ago.
Avoid the overhead of constructing |EC_GROUP| instances at runtime,
including in particular the |BN_MONT_CTX| and Montgomery-encoded
parts. This allows us to identify curves with |EC_GROUP*| again
instead of identifying them by pointers to functions that allocate
an |EC_GROUP|.
The libc crate is full of badness and we need almost none of it. We
don't want to use the C standard library at all from Rust and we
definitely don't want to force users of *ring* to have to link to the
C standard library. (The C code inherited from BoringSSL depends on the
C standard library, but we've removed a lot of those dependencies and
we'll continue to do so.)
Also the definition of |libc::size_t| as an alias for a type that isn't
implicitly convertable to |usize| was forcing us to do a lot of
unnecessary casting, which is inherently danger-prone and thus
dangerous.
This allows for performance comparisons between *ring* and other
implementations. I think the benchmark is too noisy. Unfortunately,
|cargo bench| doesn't work well for measuring this because
|cargo bench| insists on doing a huge number of iterations, which means
that each run takes too long in a edit-compile-measure cycle.
