The *ring* counterpart to `copy_from_prebuf` is `LIMBS_select_512_32`
which is already written very (too?) conservatively w.r.t. compiler-
introduced side channels. I inspected the generated code before/after
adding additional `value_barrier_w` and it made no difference.
These additions break people's `cargo deny` jobs. The actual license
isn't affected by the change that updated LICENSE; it just added some
of Google's internal tracking numbers. Those numbers are not useful to
us. The next time we update LICENSE for an important reason we should
remove all the tracking numbers.
`winapi` is in maintenance mode and the new blessed way to access Windows APIs are the `windows`
and `windows-sys` crates. I don't think any types of `winapi` were exposed in the public API so
I used `windows-sys` since it has much faster compile times.
The slice indexing was wrong. CI did not catch this because it only
uses the implementations that the feature detection logic chooses,
and in CI it uses the emulator that always chooses the hardware AES
implementation.
The consequence is that on 32-bit ARM targets with NEON but without
hardware AES, the encryption/decryption is done incorrectly.
The change that introduced this problem was
74aa79b650f8a1f751993a56046ca43166ae9934. I checked (and tested) the
latest release (0.16.20) to verify that it is correct. So this only
affects 0.17, which wasn't been released yet.
The fix mirrors what we were doing before in 0.16.20.
BoringSSL split up there bn_tests.txt into multiple files, which we had
done previously. Prepare to merge that BoringSSL change by putting the
test input files in the same places.
This removes one more patch, and adapts import to deal with gmock from chrome
which is now included in boring.
Bug: chromium:1322914
Change-Id: I2a5957f741252941fea76205a21e98fd655f8cae
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/63225
Commit-Queue: Adam Langley <agl@google.com>
Auto-Submit: Bob Beck <bbe@google.com>
Reviewed-by: Adam Langley <agl@google.com>
When the `alloc` feature is disabled, on lesser-used targets we don't
build `bigint` but we still need some of the Montgomery arithmetic.
```
git diff \
HEAD^1:src/arithmetic/bigint/bn_mul_mont_fallback.rs \
src/arithmetic/montgomery.rs
```
```
git diff \
HEAD^1:src/arithmetic/bigint.rs \
src/arithmetic/montgomery.rs
```
