From 9d4e0337b78ee0fbaed0e5c5f899085503a3dd77 Mon Sep 17 00:00:00 2001 From: Tony Arcieri Date: Tue, 10 Jan 2023 08:42:18 -0700 Subject: [PATCH 01/14] Add trait impls for `core::cmp::Ordering` This type is `#[repr(i8)]`, making it possible to impl the following traits for it by casting to `i8` (and back, where appropriate): - `ConditionallySelectable` - `ConstantTimeEq` - `ConstantTimeGreater` - `ConstantTimeLess` --- src/lib.rs | 49 +++++++++++++++++++++++++++++++++++++++++++++++++ tests/mod.rs | 37 +++++++++++++++++++++++++++++++++++++ 2 files changed, 86 insertions(+) diff --git a/src/lib.rs b/src/lib.rs index 2e94a06..b677642 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -87,6 +87,7 @@ #[macro_use] extern crate std; +use core::cmp; use core::ops::{BitAnd, BitAndAssign, BitOr, BitOrAssign, BitXor, BitXorAssign, Neg, Not}; use core::option::Option; @@ -371,6 +372,14 @@ generate_integer_equal!(u64, i64, 64); generate_integer_equal!(u128, i128, 128); generate_integer_equal!(usize, isize, ::core::mem::size_of::() * 8); +/// `Ordering` is `#[repr(i8)] making it possible to leverage `i8::ct_eq`. +impl ConstantTimeEq for cmp::Ordering { + #[inline] + fn ct_eq(&self, other: &Self) -> Choice { + (*self as i8).ct_eq(&(*other as i8)) + } +} + /// A type which can be conditionally selected in constant time. /// /// This trait also provides generic implementations of conditional @@ -532,6 +541,26 @@ generate_integer_conditional_select!( u64 i64); #[cfg(feature = "i128")] generate_integer_conditional_select!(u128 i128); +/// `Ordering` is `#[repr(i8)]` where: +/// +/// - `Less` => -1 +/// - `Equal` => 0 +/// - `Greater` => 1 +/// +/// Given this, it's possible to operate on orderings as if they're integers, +/// which allows leveraging conditional masking for predication. +impl ConditionallySelectable for cmp::Ordering { + fn conditional_select(a: &Self, b: &Self, choice: Choice) -> Self { + let a = *a as i8; + let b = *b as i8; + let ret = i8::conditional_select(&a, &b, choice); + + // SAFETY: `Ordering` is `#[repr(i8)]` and `ret` has been assigned to + // a value which was originally a valid `Ordering` then cast to `i8` + unsafe { *((&ret as *const _) as *const cmp::Ordering) } + } +} + impl ConditionallySelectable for Choice { #[inline] fn conditional_select(a: &Self, b: &Self, choice: Choice) -> Self { @@ -847,6 +876,16 @@ generate_unsigned_integer_greater!(u64, 64); #[cfg(feature = "i128")] generate_unsigned_integer_greater!(u128, 128); +impl ConstantTimeGreater for cmp::Ordering { + #[inline] + fn ct_gt(&self, other: &Self) -> Choice { + // No impl of `ConstantTimeGreater` for `i8`, so use `u8` + let a = (*self as i8) + 1; + let b = (*other as i8) + 1; + (a as u8).ct_gt(&(b as u8)) + } +} + /// A type which can be compared in some manner and be determined to be less /// than another of the same type. pub trait ConstantTimeLess: ConstantTimeEq + ConstantTimeGreater { @@ -898,3 +937,13 @@ impl ConstantTimeLess for u32 {} impl ConstantTimeLess for u64 {} #[cfg(feature = "i128")] impl ConstantTimeLess for u128 {} + +impl ConstantTimeLess for cmp::Ordering { + #[inline] + fn ct_lt(&self, other: &Self) -> Choice { + // No impl of `ConstantTimeLess` for `i8`, so use `u8` + let a = (*self as i8) + 1; + let b = (*other as i8) + 1; + (a as u8).ct_lt(&(b as u8)) + } +} diff --git a/tests/mod.rs b/tests/mod.rs index 8cb10b6..8975147 100644 --- a/tests/mod.rs +++ b/tests/mod.rs @@ -1,6 +1,8 @@ extern crate rand; extern crate subtle; +use std::cmp; + use rand::rngs::OsRng; use rand::RngCore; @@ -96,6 +98,19 @@ fn custom_conditional_select_i16() { assert_eq!(i16::conditional_select(&x, &y, 1.into()), 514); } +#[test] +fn ordering_conditional_select() { + assert_eq!( + cmp::Ordering::conditional_select(&cmp::Ordering::Less, &cmp::Ordering::Greater, 0.into()), + cmp::Ordering::Less + ); + + assert_eq!( + cmp::Ordering::conditional_select(&cmp::Ordering::Less, &cmp::Ordering::Greater, 1.into()), + cmp::Ordering::Greater + ); +} + macro_rules! generate_integer_equal_tests { ($($t:ty),*) => ($( let y: $t = 0; // all 0 bits @@ -149,6 +164,16 @@ fn choice_equal() { assert!(Choice::from(1).ct_eq(&Choice::from(1)).unwrap_u8() == 1); } +#[test] +fn ordering_equal() { + let a = cmp::Ordering::Equal; + let b = cmp::Ordering::Greater; + let c = a; + + assert_eq!(a.ct_eq(&b).unwrap_u8(), 0); + assert_eq!(a.ct_eq(&c).unwrap_u8(), 1); +} + #[test] fn test_ctoption() { let a = CtOption::new(10, Choice::from(1)); @@ -334,6 +359,12 @@ fn greater_than_u128() { generate_greater_than_test!(u128); } +#[test] +fn greater_than_ordering() { + assert_eq!(cmp::Ordering::Less.ct_gt(&cmp::Ordering::Greater).unwrap_u8(), 0); + assert_eq!(cmp::Ordering::Greater.ct_gt(&cmp::Ordering::Less).unwrap_u8(), 1); +} + #[test] /// Test that the two's compliment min and max, i.e. 0000...0001 < 1111...1110, /// gives the correct result. (This fails using the bit-twiddling algorithm that @@ -389,3 +420,9 @@ fn less_than_u64() { fn less_than_u128() { generate_less_than_test!(u128); } + +#[test] +fn less_than_ordering() { + assert_eq!(cmp::Ordering::Greater.ct_lt(&cmp::Ordering::Less).unwrap_u8(), 0); + assert_eq!(cmp::Ordering::Less.ct_lt(&cmp::Ordering::Greater).unwrap_u8(), 1); +} From c319c36ba1b856a4f8fdad8c5446fa10f8c18f54 Mon Sep 17 00:00:00 2001 From: Tony Arcieri Date: Tue, 7 Feb 2023 07:59:41 -0700 Subject: [PATCH 02/14] Add missing backtick --- src/lib.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib.rs b/src/lib.rs index b677642..e9116cc 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -372,7 +372,7 @@ generate_integer_equal!(u64, i64, 64); generate_integer_equal!(u128, i128, 128); generate_integer_equal!(usize, isize, ::core::mem::size_of::() * 8); -/// `Ordering` is `#[repr(i8)] making it possible to leverage `i8::ct_eq`. +/// `Ordering` is `#[repr(i8)]` making it possible to leverage `i8::ct_eq`. impl ConstantTimeEq for cmp::Ordering { #[inline] fn ct_eq(&self, other: &Self) -> Choice { From c5070499e439a4c6415aa731ef35d7bc9d7c8e00 Mon Sep 17 00:00:00 2001 From: Denis Varlakov Date: Tue, 28 Sep 2021 13:34:51 +0700 Subject: [PATCH 03/14] Implement ConditionallySelectable trait for arrays --- fuzz/Cargo.toml | 4 ++++ fuzz/fuzzers/conditional_assign_array.rs | 29 ++++++++++++++++++++++++ src/lib.rs | 19 +++++++++++++++- 3 files changed, 51 insertions(+), 1 deletion(-) create mode 100644 fuzz/fuzzers/conditional_assign_array.rs diff --git a/fuzz/Cargo.toml b/fuzz/Cargo.toml index 2b0d77d..978cd0c 100644 --- a/fuzz/Cargo.toml +++ b/fuzz/Cargo.toml @@ -33,3 +33,7 @@ path = "fuzzers/conditional_assign_i8.rs" [[bin]] name = "conditional_assign_i128" path = "fuzzers/conditional_assign_i128.rs" + +[[bin]] +name = "conditional_assign_array" +path = "fuzzers/conditional_assign_array.rs" diff --git a/fuzz/fuzzers/conditional_assign_array.rs b/fuzz/fuzzers/conditional_assign_array.rs new file mode 100644 index 0000000..3cc66fc --- /dev/null +++ b/fuzz/fuzzers/conditional_assign_array.rs @@ -0,0 +1,29 @@ +#![no_main] + +#[macro_use] +extern crate libfuzzer_sys; +extern crate subtle; +extern crate core; + +use core::convert::TryFrom; + +use subtle::ConditionallySelectable; + +fuzz_target!(|data: &[u8]| { + let chunk_size: usize = 16; + + if data.len() % chunk_size != 0 { + return; + } + + for bytes in data.chunks(chunk_size) { + let mut x = [0u8; 16]; + let y = <[u8; 16]>::try_from(bytes).unwrap(); + + x.conditional_assign(&y, 0.into()); + assert_eq!(x, [0u8; 16]); + + x.conditional_assign(&y, 1.into()); + assert_eq!(x, y); + } +}); diff --git a/src/lib.rs b/src/lib.rs index 2e94a06..650debd 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -55,7 +55,7 @@ //! //! ## Minimum Supported Rust Version //! -//! Rust **1.41** or higher. +//! Rust **1.51** or higher. //! //! Minimum supported Rust version can be changed in the future, but it will be done with a minor version bump. //! @@ -539,6 +539,23 @@ impl ConditionallySelectable for Choice { } } +impl ConditionallySelectable for [T; N] +where T: ConditionallySelectable +{ + #[inline] + fn conditional_select(a: &Self, b: &Self, choice: Choice) -> Self { + let mut output = *a; + output.conditional_assign(b, choice); + output + } + + fn conditional_assign(&mut self, other: &Self, choice: Choice) { + for (a_i, b_i) in self.iter_mut().zip(other) { + a_i.conditional_assign(b_i, choice) + } + } +} + /// A type which can be conditionally negated in constant time. /// /// # Note From 1c77bf459879c73aca060595efacbb0d1159af10 Mon Sep 17 00:00:00 2001 From: Denis Varlakov Date: Thu, 9 Feb 2023 13:56:40 +0000 Subject: [PATCH 04/14] Add `const-generics` feature --- Cargo.toml | 1 + fuzz/Cargo.toml | 2 +- src/lib.rs | 4 +++- 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 9546c11..5e1c32a 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -28,6 +28,7 @@ travis-ci = { repository = "dalek-cryptography/subtle", branch = "master"} rand = { version = "0.7" } [features] +const-generics = [] core_hint_black_box = [] default = ["std", "i128"] std = [] diff --git a/fuzz/Cargo.toml b/fuzz/Cargo.toml index 978cd0c..fa93005 100644 --- a/fuzz/Cargo.toml +++ b/fuzz/Cargo.toml @@ -10,7 +10,7 @@ cargo-fuzz = true [dependencies.subtle] path = ".." -features = ["nightly"] +features = ["nightly", "const-generics"] [dependencies.libfuzzer-sys] git = "https://github.com/rust-fuzz/libfuzzer-sys.git" diff --git a/src/lib.rs b/src/lib.rs index 650debd..13323fe 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -539,8 +539,10 @@ impl ConditionallySelectable for Choice { } } +#[cfg(feature = "const-generics")] impl ConditionallySelectable for [T; N] -where T: ConditionallySelectable +where + T: ConditionallySelectable, { #[inline] fn conditional_select(a: &Self, b: &Self, choice: Choice) -> Self { From c8e4f6d3ccd864f83fbec7eff72268d486ab88d0 Mon Sep 17 00:00:00 2001 From: Denis Varlakov Date: Thu, 9 Feb 2023 13:57:51 +0000 Subject: [PATCH 05/14] Update docs --- README.md | 3 +++ src/lib.rs | 25 +++++++++++++++++++------ 2 files changed, 22 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index ce0a321..9b408c4 100644 --- a/README.md +++ b/README.md @@ -30,6 +30,9 @@ Rust versions from 1.66 or higher support a new best-effort optimization barrier ([`core::hint::black_box`]). To use the new optimization barrier, enable the `core_hint_black_box` feature. +Rust versions from 1.51 or higher have const generics support. You may enable +`const-generics` feautre to have `subtle` traits implemented for arrays `[T; N]`. + Versions prior to `2.2` recommended use of the `nightly` feature to enable an optimization barrier; this is not required in versions `2.2` and above. diff --git a/src/lib.rs b/src/lib.rs index 13323fe..f85ea2b 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -41,6 +41,13 @@ //! inner `u8` by passing it through a volatile read. For more information, see //! the _About_ section below. //! +//! Rust versions from 1.66 or higher support a new best-effort optimization +//! barrier ([`core::hint::black_box`]). To use the new optimization barrier, +//! enable the `core_hint_black_box` feature. +//! +//! Rust versions from 1.51 or higher have const generics support. You may enable +//! `const-generics` feautre to have `subtle` traits implemented for arrays `[T; N]`. +//! //! Versions prior to `2.2` recommended use of the `nightly` feature to enable an //! optimization barrier; this is not required in versions `2.2` and above. //! @@ -55,7 +62,7 @@ //! //! ## Minimum Supported Rust Version //! -//! Rust **1.51** or higher. +//! Rust **1.41** or higher. //! //! Minimum supported Rust version can be changed in the future, but it will be done with a minor version bump. //! @@ -63,10 +70,15 @@ //! //! This library aims to be the Rust equivalent of Go’s `crypto/subtle` module. //! -//! The optimization barrier in `impl From for Choice` was based on Tim -//! Maclean's [work on `rust-timing-shield`][rust-timing-shield], which attempts to -//! provide a more comprehensive approach for preventing software side-channels in -//! Rust code. +//! Old versions of the optimization barrier in `impl From for Choice` were +//! based on Tim Maclean's [work on `rust-timing-shield`][rust-timing-shield], +//! which attempts to provide a more comprehensive approach for preventing +//! software side-channels in Rust code. +//! +//! From version `2.2`, it was based on Diane Hosfelt and Amber Sprenkels' work on +//! "Secret Types in Rust". Version `2.3` adds the `core_hint_black_box` feature, +//! which uses the original method through the [`core::hint::black_box`] function +//! from the Rust standard library. //! //! `subtle` is authored by isis agora lovecruft and Henry de Valence. //! @@ -81,6 +93,7 @@ //! **USE AT YOUR OWN RISK** //! //! [docs]: https://docs.rs/subtle +//! [`core::hint::black_box`]: https://doc.rust-lang.org/core/hint/fn.black_box.html //! [rust-timing-shield]: https://www.chosenplaintext.ca/open-source/rust-timing-shield/security #[cfg(feature = "std")] @@ -856,7 +869,7 @@ macro_rules! generate_unsigned_integer_greater { Choice::from((bit & 1) as u8) } } - } + }; } generate_unsigned_integer_greater!(u8, 8); From 1a2d9e68e62dfb00c05ebf03590f088f9a5a6e9d Mon Sep 17 00:00:00 2001 From: Denis Varlakov Date: Thu, 9 Feb 2023 14:00:53 +0000 Subject: [PATCH 06/14] Update CI to test `const-generics` feature --- .travis.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 8f574ad..ef3b7f8 100644 --- a/.travis.yml +++ b/.travis.yml @@ -27,7 +27,9 @@ script: cargo test --no-default-features --features std && cargo test --no-default-features --features "std i128" && cargo test --no-default-features --features "std core_hint_black_box" && - cargo test --no-default-features --features "std i128 core_hint_black_box" + cargo test --no-default-features --features "std const-generics" && + cargo test --no-default-features --features "std i128 core_hint_black_box" && + cargo test --no-default-features --features "std i128 core_hint_black_box const-generics" notifications: slack: From b24e7eae87512050e6246889b84cfcfb126e4c20 Mon Sep 17 00:00:00 2001 From: Isis Lovecruft Date: Mon, 27 Feb 2023 21:12:29 +0000 Subject: [PATCH 07/14] Add CHANGELOG entry for 2.5.0. --- CHANGELOG.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 152e7bc..b2037e2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,16 @@ Entries are listed in reverse chronological order. +## 2.5.0 + +* Add constant-timedness note to the documentation for `CtOption::unwrap_or_else`. +* Add `CtOption::expect`. +* Add `ConstantTimeEq::ct_ne` with default implementation. +* Add new `core_hint_black_box` feature from Diane Hosfelt and Amber + Sprenkels which utilises the original `black_box` functionality from + when subtle was first written, which has now found it's way into the + Rust standard library. + ## 2.4.1 * Fix a bug in how the README was included in the documentation builds From 0744686def9c80af45a39a4fe32f880f2b3a4262 Mon Sep 17 00:00:00 2001 From: Isis Lovecruft Date: Mon, 27 Feb 2023 21:13:03 +0000 Subject: [PATCH 08/14] Update in-library docs with README changes. --- src/lib.rs | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/src/lib.rs b/src/lib.rs index 2e94a06..6c47046 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -41,6 +41,10 @@ //! inner `u8` by passing it through a volatile read. For more information, see //! the _About_ section below. //! +//! Rust versions from 1.66 or higher support a new best-effort optimization +//! barrier ([`core::hint::black_box`]). To use the new optimization barrier, +//! enable the `core_hint_black_box` feature. +//! //! Versions prior to `2.2` recommended use of the `nightly` feature to enable an //! optimization barrier; this is not required in versions `2.2` and above. //! @@ -63,10 +67,15 @@ //! //! This library aims to be the Rust equivalent of Go’s `crypto/subtle` module. //! -//! The optimization barrier in `impl From for Choice` was based on Tim -//! Maclean's [work on `rust-timing-shield`][rust-timing-shield], which attempts to -//! provide a more comprehensive approach for preventing software side-channels in -//! Rust code. +//! Old versions of the optimization barrier in `impl From for Choice` were +//! based on Tim Maclean's [work on `rust-timing-shield`][rust-timing-shield], +//! which attempts to provide a more comprehensive approach for preventing +//! software side-channels in Rust code. +//! +//! From version `2.2`, it was based on Diane Hosfelt and Amber Sprenkels' work on +//! "Secret Types in Rust". Version `2.5` adds the `core_hint_black_box` feature, +//! which uses the original method through the [`core::hint::black_box`] function +//! from the Rust standard library. //! //! `subtle` is authored by isis agora lovecruft and Henry de Valence. //! @@ -81,6 +90,7 @@ //! **USE AT YOUR OWN RISK** //! //! [docs]: https://docs.rs/subtle +//! [`core::hint::black_box`]: https://doc.rust-lang.org/core/hint/fn.black_box.html //! [rust-timing-shield]: https://www.chosenplaintext.ca/open-source/rust-timing-shield/security #[cfg(feature = "std")] From 5676ecf53392839c3f877c931bfeb338619796ff Mon Sep 17 00:00:00 2001 From: Isis Lovecruft Date: Mon, 27 Feb 2023 21:14:02 +0000 Subject: [PATCH 09/14] Bump version to 2.5. --- Cargo.toml | 2 +- README.md | 4 ++-- src/lib.rs | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 9546c11..813a837 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -5,7 +5,7 @@ name = "subtle" # - update html_root_url # - update README if necessary by semver # - if any updates were made to the README, also update the module documentation in src/lib.rs -version = "2.4.1" +version = "2.5.0" authors = ["Isis Lovecruft ", "Henry de Valence "] readme = "README.md" diff --git a/README.md b/README.md index ce0a321..dea7a28 100644 --- a/README.md +++ b/README.md @@ -7,7 +7,7 @@ instead of `bool` which are intended to execute in constant-time. The `Choice` type is a wrapper around a `u8` that holds a `0` or `1`. ```toml -subtle = "2.4" +subtle = "2.5" ``` This crate represents a “best-effort” attempt, since side-channels @@ -58,7 +58,7 @@ which attempts to provide a more comprehensive approach for preventing software side-channels in Rust code. From version `2.2`, it was based on Diane Hosfelt and Amber Sprenkels' work on -"Secret Types in Rust". Version `2.3` adds the `core_hint_black_box` feature, +"Secret Types in Rust". Version `2.5` adds the `core_hint_black_box` feature, which uses the original method through the [`core::hint::black_box`] function from the Rust standard library. diff --git a/src/lib.rs b/src/lib.rs index 6c47046..15073fb 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -11,7 +11,7 @@ #![no_std] #![deny(missing_docs)] #![doc(html_logo_url = "https://doc.dalek.rs/assets/dalek-logo-clear.png")] -#![doc(html_root_url = "https://docs.rs/subtle/2.4.1")] +#![doc(html_root_url = "https://docs.rs/subtle/2.5.0")] //! # subtle [![](https://img.shields.io/crates/v/subtle.svg)](https://crates.io/crates/subtle) [![](https://img.shields.io/badge/dynamic/json.svg?label=docs&uri=https%3A%2F%2Fcrates.io%2Fapi%2Fv1%2Fcrates%2Fsubtle%2Fversions&query=%24.versions%5B0%5D.num&colorB=4F74A6)](https://doc.dalek.rs/subtle) [![](https://travis-ci.org/dalek-cryptography/subtle.svg?branch=master)](https://travis-ci.org/dalek-cryptography/subtle) //! @@ -22,7 +22,7 @@ //! type is a wrapper around a `u8` that holds a `0` or `1`. //! //! ```toml -//! subtle = "2.4" +//! subtle = "2.5" //! ``` //! //! This crate represents a “best-effort” attempt, since side-channels From 458a95597dce2277f51296890532f30dc6f9beb3 Mon Sep 17 00:00:00 2001 From: Leonardo Razovic Date: Mon, 23 Aug 2021 07:48:32 +0200 Subject: [PATCH 10/14] Upgrade `rand` from 0.7 to 0.8 --- Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Cargo.toml b/Cargo.toml index 9546c11..3835fae 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -25,7 +25,7 @@ exclude = [ travis-ci = { repository = "dalek-cryptography/subtle", branch = "master"} [dev-dependencies] -rand = { version = "0.7" } +rand = { version = "0.8" } [features] core_hint_black_box = [] From 59746646a2d9cefd637f72c9881fc5a5aedb008a Mon Sep 17 00:00:00 2001 From: Leonardo Razovic Date: Mon, 23 Aug 2021 08:41:03 +0200 Subject: [PATCH 11/14] Use Rust 2018 syntax --- Cargo.toml | 1 + src/lib.rs | 5 ----- tests/mod.rs | 3 --- 3 files changed, 1 insertion(+), 8 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 3835fae..9567c96 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -6,6 +6,7 @@ name = "subtle" # - update README if necessary by semver # - if any updates were made to the README, also update the module documentation in src/lib.rs version = "2.4.1" +edition = "2018" authors = ["Isis Lovecruft ", "Henry de Valence "] readme = "README.md" diff --git a/src/lib.rs b/src/lib.rs index 2e94a06..8f075e0 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -388,7 +388,6 @@ pub trait ConditionallySelectable: Copy { /// # Example /// /// ``` - /// # extern crate subtle; /// use subtle::ConditionallySelectable; /// # /// # fn main() { @@ -411,7 +410,6 @@ pub trait ConditionallySelectable: Copy { /// # Example /// /// ``` - /// # extern crate subtle; /// use subtle::ConditionallySelectable; /// # /// # fn main() { @@ -437,7 +435,6 @@ pub trait ConditionallySelectable: Copy { /// # Example /// /// ``` - /// # extern crate subtle; /// use subtle::ConditionallySelectable; /// # /// # fn main() { @@ -784,7 +781,6 @@ pub trait ConstantTimeGreater { /// # Example /// /// ``` - /// # extern crate subtle; /// use subtle::ConstantTimeGreater; /// /// let x: u8 = 13; @@ -868,7 +864,6 @@ pub trait ConstantTimeLess: ConstantTimeEq + ConstantTimeGreater { /// # Example /// /// ``` - /// # extern crate subtle; /// use subtle::ConstantTimeLess; /// /// let x: u8 = 13; diff --git a/tests/mod.rs b/tests/mod.rs index 8cb10b6..eaaf136 100644 --- a/tests/mod.rs +++ b/tests/mod.rs @@ -1,6 +1,3 @@ -extern crate rand; -extern crate subtle; - use rand::rngs::OsRng; use rand::RngCore; From 01f8d483b5f732a60a031aa36125094304113394 Mon Sep 17 00:00:00 2001 From: Leonardo Razovic Date: Mon, 23 Aug 2021 08:41:33 +0200 Subject: [PATCH 12/14] Update fuzzer --- fuzz/Cargo.toml | 15 ++++++++++++--- fuzz/fuzzers/conditional_assign_i128.rs | 16 +++++----------- fuzz/fuzzers/conditional_assign_i8.rs | 8 +------- fuzz/fuzzers/conditional_assign_u16.rs | 8 +------- fuzz/fuzzers/conditional_assign_u8.rs | 7 +------ 5 files changed, 20 insertions(+), 34 deletions(-) diff --git a/fuzz/Cargo.toml b/fuzz/Cargo.toml index 2b0d77d..78b532a 100644 --- a/fuzz/Cargo.toml +++ b/fuzz/Cargo.toml @@ -1,9 +1,9 @@ - [package] name = "subtle-fuzz" version = "0.0.1" authors = ["Automatically generated"] publish = false +edition = "2018" [package.metadata] cargo-fuzz = true @@ -11,8 +11,9 @@ cargo-fuzz = true [dependencies.subtle] path = ".." features = ["nightly"] -[dependencies.libfuzzer-sys] -git = "https://github.com/rust-fuzz/libfuzzer-sys.git" + +[dependencies] +libfuzzer-sys = "0.4" # Prevent this from interfering with workspaces [workspace] @@ -21,15 +22,23 @@ members = ["."] [[bin]] name = "conditional_assign_u8" path = "fuzzers/conditional_assign_u8.rs" +test = false +doc = false [[bin]] name = "conditional_assign_u16" path = "fuzzers/conditional_assign_u16.rs" +test = false +doc = false [[bin]] name = "conditional_assign_i8" path = "fuzzers/conditional_assign_i8.rs" +test = false +doc = false [[bin]] name = "conditional_assign_i128" path = "fuzzers/conditional_assign_i128.rs" +test = false +doc = false diff --git a/fuzz/fuzzers/conditional_assign_i128.rs b/fuzz/fuzzers/conditional_assign_i128.rs index e09898c..08d9162 100644 --- a/fuzz/fuzzers/conditional_assign_i128.rs +++ b/fuzz/fuzzers/conditional_assign_i128.rs @@ -1,12 +1,6 @@ #![no_main] - -#[macro_use] -extern crate libfuzzer_sys; -extern crate subtle; -extern crate core; - +use libfuzzer_sys::fuzz_target; use core::intrinsics::transmute; - use subtle::ConditionallySelectable; fuzz_target!(|data: &[u8]| { @@ -20,10 +14,10 @@ fuzz_target!(|data: &[u8]| { unsafe { let mut x: i128 = 0; let y: i128 = transmute::<[u8; 16], i128>([ - bytes[0], bytes[1], bytes[2], bytes[3], - bytes[4], bytes[5], bytes[6], bytes[7], - bytes[8], bytes[9], bytes[10], bytes[11], - bytes[12], bytes[13], bytes[14], bytes[15]]); + bytes[0], bytes[1], bytes[2], bytes[3], bytes[4], bytes[5], bytes[6], bytes[7], + bytes[8], bytes[9], bytes[10], bytes[11], bytes[12], bytes[13], bytes[14], + bytes[15], + ]); x.conditional_assign(&y, 0.into()); assert_eq!(x, 0); diff --git a/fuzz/fuzzers/conditional_assign_i8.rs b/fuzz/fuzzers/conditional_assign_i8.rs index 3da7389..3705cd9 100644 --- a/fuzz/fuzzers/conditional_assign_i8.rs +++ b/fuzz/fuzzers/conditional_assign_i8.rs @@ -1,12 +1,6 @@ #![no_main] - -#[macro_use] -extern crate libfuzzer_sys; -extern crate subtle; -extern crate core; - +use libfuzzer_sys::fuzz_target; use core::intrinsics::transmute; - use subtle::ConditionallySelectable; fuzz_target!(|data: &[u8]| { diff --git a/fuzz/fuzzers/conditional_assign_u16.rs b/fuzz/fuzzers/conditional_assign_u16.rs index 104ada2..9f05863 100644 --- a/fuzz/fuzzers/conditional_assign_u16.rs +++ b/fuzz/fuzzers/conditional_assign_u16.rs @@ -1,12 +1,6 @@ #![no_main] - -#[macro_use] -extern crate libfuzzer_sys; -extern crate subtle; -extern crate core; - +use libfuzzer_sys::fuzz_target; use core::intrinsics::transmute; - use subtle::ConditionallySelectable; fuzz_target!(|data: &[u8]| { diff --git a/fuzz/fuzzers/conditional_assign_u8.rs b/fuzz/fuzzers/conditional_assign_u8.rs index 4b6fdf2..bbe5b1e 100644 --- a/fuzz/fuzzers/conditional_assign_u8.rs +++ b/fuzz/fuzzers/conditional_assign_u8.rs @@ -1,10 +1,5 @@ #![no_main] - -#[macro_use] -extern crate libfuzzer_sys; -extern crate subtle; -extern crate core; - +use libfuzzer_sys::fuzz_target; use subtle::ConditionallySelectable; fuzz_target!(|data: &[u8]| { From 6410953c200285f704556e3e3748e3e95a363532 Mon Sep 17 00:00:00 2001 From: Isis Lovecruft Date: Mon, 27 Feb 2023 23:27:03 +0000 Subject: [PATCH 13/14] Change new black_box impl to also be #[inline(never)]. --- src/lib.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib.rs b/src/lib.rs index d38fbcc..e7bd9b6 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -230,7 +230,7 @@ fn black_box(input: u8) -> u8 { } #[cfg(feature = "core_hint_black_box")] -#[inline] +#[inline(never)] fn black_box(input: u8) -> u8 { debug_assert!((input == 0u8) | (input == 1u8)); core::hint::black_box(input) From 574347d53cd2b354733cea0830dded0113286baf Mon Sep 17 00:00:00 2001 From: Isis Lovecruft Date: Tue, 28 Feb 2023 00:51:22 +0000 Subject: [PATCH 14/14] Update CHANGELOG with additional 2.5.0 updates. --- CHANGELOG.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index b2037e2..e6a3863 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,6 +11,11 @@ Entries are listed in reverse chronological order. Sprenkels which utilises the original `black_box` functionality from when subtle was first written, which has now found it's way into the Rust standard library. +* Add new `const-generics` feature from @survived which adds support + for subtle traits for generic arrays `[T; N]`. +* Add new feature for supporting `core::cmp::Ordering` for types which + implement subtle traits, patch from @tarcieri. +* Update `rand` dependency to 0.8. ## 2.4.1