In particular, eliminate the use of `ArrayEncoding::as_byte_array` as
we work towards removing that function because it uses `unsafe`.
Where `Block` is used in parameters to C/assembly code, I verified that
the C/assembly code uses `uint8_t *` as the function type (meaning
`uint8_t[16]`) in the BoringSSL headers. Until recently the stuff in
GCM was using `uint64_t` or a union containing `uint64_t`, which is why
block was previously defined in terms of `BigEndian<u64>`.
This is a step towards eliminating `unsafe` usage in `ring::endian` by
eliminating one use of `ArrayEncoding::as_byte_array`.
Since this is the only usage of `LittleEndian`, it is removed
completely.
This simple `array_flatten` polyfill will be useful for multiple
improvements towards eliminating the unsafe code in `endian`.
*ring* defined a function named `OPENSSL_memcmp` that did what
`CRYPTO_memcmp` does in BoringSSL, and BoringSSL has a different
function called `OPENSSL_memcmp`. *ring* doesn't need
`OPENSSL_memcmp` so sync the `CRYPTO_memcmp` stuff with BoringSSL.
This eliminates unnecessary differences from BoringSSL.
Our policy is to set warnings-as-errors only when buildingt from Git,
not when building from a packaged release. This flag is another aspect
of warnings-as-errors.
`dev_urandom_fallback` presently does nothing, so don't bother adding
it as a matrix dimension.
Because `dev_urandom_fallback` does nothing,
`--no-default-features --features=alloc` is effectively the same as the
default feature set, so don't add it as a matrix dimension.
`--all-features` is no longer appropriate after the ARM hardware feature
disabling features were added, so replace it with what we really want,
`--features=std,slow_tests`.
In the coverage section, `--features=alloc,dev_urandom_fallback,std` is
the same as `--features=std` since `alloc and `urandom_fallback` are
default features.
Move the Criterion.rs dependency out of *ring* into a new `ring-benches`
crate. This speeds up many build scenerios by eliminating a bunch of
dependencies from *ring*'s dependency tree for `cargo test`.
Implement `AsRef<[u8]>` for `signature::UnparsedPublicKey`, making it
possible to access the bytes of the public key. For consistency, I did
the same for `agreement::UnparsedPublicKey`, although it already has a
`bytes` method. `agreement::PublicKey` already uses the `AsRef<[u8]>`
approach.
Also, add missing `Debug` implementation for
`signature::UnparsedPublicKey`.
I agree to license my contributions to each file under the terms given
at the top of each file I changed.
Frequently lately one coverage job has been failing per job. Instead of
re-running the whole matrix again, make it so we just need to run the
(usually) one job that failed.
So far .S files are only used on non-x86, non-x86_64 targets. That
will change soon, so prepare for that by filtering them out so that
we don't feed them to MSVC.
The intended effect was to redirect people reading about *ring* on
crates.io to the GitHub-hosted README.md. However, the unintended effect
was that docs.rs is broken for the 0.17.0 release.
First, we were passing `-Wl,--gc-sections` to the compiler regardless
of whether it is MSVC, which didn't make any sense on its own.
But, even more generally, it doesn't make sense for us to try to tell
the linker what to do when we aren't actually linking. (We're building
static libraries of the C and assembly code.)
Clarify which parts of the build script modify the compiler
configuration (`configure_cc`) and which don't (`cc`). Ensure that the
configuration is only done once per library, instead of once per source
file, as each `cc` invocation can reuse the configuration work done by
a single `configure_cc` call.
Apparently it is OK to set `-std=c1x` even when compiling assembly
code, so just set it no matter what we're compiling. This simplifies
the code and allows future simplification.
It's not clear why certain warnings were separated from the others.
Combine them too, for the same reasons.
