Merge branch 'main' into fe_isnonzero_vartime

Author: tisonkun

.github/workflows/ci.yml

@@ -151,7 +151,6 @@ jobs:
           - i686-pc-windows-msvc
           - i686-unknown-linux-gnu
           - i686-unknown-linux-musl
-          - powerpc-unknown-linux-gnu
           - riscv64gc-unknown-linux-gnu
           - wasm32-wasi
           - x86_64-pc-windows-gnu
@@ -174,10 +173,10 @@ jobs:
 
         include:
           - target: aarch64-apple-darwin
-            host_os: macos-13-xlarge
+            host_os: macos-14
 
           - target: aarch64-apple-ios
-            host_os: macos-13
+            host_os: macos-14
             # TODO: Run in the emulator.
             cargo_options: --no-run
 
@@ -217,12 +216,44 @@ jobs:
           - target: i686-unknown-linux-musl
             host_os: ubuntu-22.04
 
+          - target: mips-unknown-linux-gnu
+            mode: --release
+            rust_channel: 1.71.0 # No prebuilt toolchain for later versions.
+            host_os: ubuntu-22.04
+
+          - target: mips64el-unknown-linux-gnuabi64
+            mode: --release
+            rust_channel: 1.71.0 # No prebuilt toolchain for later versions.
+            host_os: ubuntu-22.04
+
+          - target: mipsel-unknown-linux-gnu
+            mode: --release
+            rust_channel: 1.71.0 # No prebuilt toolchain for later versions.
+            host_os: ubuntu-22.04
+
           - target: powerpc-unknown-linux-gnu
+            mode: --release
+            rust_channel: stable
+            host_os: ubuntu-22.04
+
+          - target: powerpc64-unknown-linux-gnu
+            mode: --release
+            rust_channel: stable
+            host_os: ubuntu-22.04
+
+          - target: powerpc64le-unknown-linux-gnu
+            mode: --release
+            rust_channel: stable
             host_os: ubuntu-22.04
 
           - target: riscv64gc-unknown-linux-gnu
             host_os: ubuntu-22.04
 
+          - target: s390x-unknown-linux-gnu
+            mode: --release
+            rust_channel: stable
+            host_os: ubuntu-22.04
+
           - target: wasm32-wasi
             host_os: ubuntu-22.04
 
@@ -273,15 +304,14 @@ jobs:
 
       # Check that all the needed symbol renaming was done.
       # TODO: Do this check on Windows too.
-      # TODO: Check iOS too.
-      # TODO: Do this on Apple-hosted release builds too; currently these fail with:
-      #       Unknown attribute kind (528)
-      #       (Producer: 'LLVM12.0.0-rust-1.54.0-nightly'
-      #       Reader: 'LLVM APPLE_1_1200.0.32.29_0')
-      - if: ${{ matrix.target != 'aarch64-apple-ios' &&
-                !contains(matrix.host_os, 'windows') &&
-                (!contains(matrix.host_os, 'macos') || matrix.mode != '--release') }}
-        run: mk/check-symbol-prefixes.sh --target=${{ matrix.target }}
+
+      - if: ${{ (matrix.target != 'aarch64-apple-ios' || matrix.rust_channel != '1.61.0') &&
+                !contains(matrix.host_os, 'windows') }}
+        run: rustup toolchain install --component=llvm-tools-preview ${{ matrix.rust_channel }}
+
+      - if: ${{ (matrix.target != 'aarch64-apple-ios' || matrix.rust_channel != '1.61.0') &&
+                !contains(matrix.host_os, 'windows') }}
+        run: mk/check-symbol-prefixes.sh +${{ matrix.rust_channel }} --target=${{ matrix.target }}
 
   test-bench:
     # Don't run duplicate `push` jobs for the repo owner's PRs.
@@ -402,16 +432,14 @@ jobs:
 
       # Check that all the needed symbol renaming was done.
       # TODO: Do this check on Windows too.
-      # TODO: Check iOS too.
-      # TODO: Do this on Apple-hosted release builds too; currently these fail with:
-      #       Unknown attribute kind (528)
-      #       (Producer: 'LLVM12.0.0-rust-1.54.0-nightly'
-      #       Reader: 'LLVM APPLE_1_1200.0.32.29_0')
-      - if: ${{ matrix.target != 'aarch64-apple-ios' &&
-          !contains(matrix.host_os, 'windows') &&
-          (!contains(matrix.host_os, 'macos') || matrix.mode != '--release') }}
-        run: mk/check-symbol-prefixes.sh --target=${{ matrix.target }}
 
+      - if: ${{ (matrix.target != 'aarch64-apple-ios' || matrix.rust_channel != '1.61.0') &&
+          !contains(matrix.host_os, 'windows') }}
+        run: rustup toolchain install --component=llvm-tools-preview ${{ matrix.rust_channel }}
+
+      - if: ${{ (matrix.target != 'aarch64-apple-ios' || matrix.rust_channel != '1.61.0') &&
+          !contains(matrix.host_os, 'windows') }}
+        run: mk/check-symbol-prefixes.sh +${{ matrix.rust_channel }} --target=${{ matrix.target }}
 
   # The wasm32-unknown-unknown targets have a different set of feature sets and
   # an additional `webdriver` dimension.
@@ -465,7 +493,8 @@ jobs:
 
       # Check that all the needed symbol renaming was done.
       # TODO: Do this check on Windows too.
-      - run: mk/check-symbol-prefixes.sh --target=${{ matrix.target }}
+      - run: rustup toolchain install --component=llvm-tools-preview ${{ matrix.rust_channel }}
+      - run: mk/check-symbol-prefixes.sh +${{ matrix.rust_channel }} --target=${{ matrix.target }}
 
   coverage:
     # Don't run duplicate `push` jobs for the repo owner's PRs.

Cargo.toml

@@ -14,7 +14,7 @@ repository = "https://github.com/briansmith/ring"
 rust-version = "1.61.0"
 
 # Keep in sync with `links` below.
-version = "0.17.7"
+version = "0.17.8"
 
 # Keep in sync with `version` above.
 #
@@ -23,7 +23,7 @@ version = "0.17.7"
 # build.rs uses this to derive the prefix for FFI symbols and the file names
 # of the FFI libraries, so it must be a valid identifier prefix and a valid
 # filename prefix.
-links = "ring_core_0_17_7"
+links = "ring_core_0_17_8"
 
 include = [
     "LICENSE",
@@ -86,6 +86,7 @@ include = [
     "crypto/fipsmodule/modes/asm/ghash-x86.pl",
     "crypto/fipsmodule/modes/asm/ghash-x86_64.pl",
     "crypto/fipsmodule/modes/asm/ghashv8-armx.pl",
+    "crypto/fipsmodule/modes/asm/aesv8-gcm-armv8.pl",
     "crypto/fipsmodule/sha/asm/sha256-armv4.pl",
     "crypto/fipsmodule/sha/asm/sha512-armv4.pl",
     "crypto/fipsmodule/sha/asm/sha512-armv8.pl",
@@ -181,7 +182,7 @@ spin = { version = "0.9.8", default-features = false, features = ["once"] }
 libc = { version = "0.2.148", default-features = false }
 
 [target.'cfg(all(target_arch = "aarch64", target_os = "windows"))'.dependencies]
-windows-sys = { version = "0.48", features = ["Win32_Foundation", "Win32_System_Threading"] }
+windows-sys = { version = "0.52", features = ["Win32_Foundation", "Win32_System_Threading"] }
 
 [target.'cfg(all(target_arch = "wasm32", target_os = "unknown"))'.dev-dependencies]
 wasm-bindgen-test = { version = "0.3.37", default-features = false }

README.md

@@ -43,7 +43,7 @@ need to be installed.
 Benchmarks
 ----------
 
-*ring*'s benchmarks are located in the `benches` folder of this repository. Because
+*ring*'s benchmarks are located in the `bench` folder of this repository. Because
 there is lots of platform-specific code in *ring*, and because *ring* chooses
 dynamically at runtime which optimized implementation of each crypto primitive
 to use, it is very difficult to publish a useful single set of benchmarks;

bench/aead.rs

@@ -70,11 +70,14 @@ impl aead::NonceSequence for NonceSequence {
 }
 
 fn seal_in_place_separate_tag(c: &mut Criterion) {
+    let mut group = c.benchmark_group("aead");
+
     let rng = SystemRandom::new();
 
     for &(alg_name, algorithm) in ALGORITHMS {
         for record_len in RECORD_LENGTHS {
-            c.bench_with_input(
+            group.throughput(criterion::Throughput::BytesDecimal(*record_len as _));
+            group.bench_with_input(
                 bench_id("seal_in_place_separate_tag", alg_name, *record_len),
                 record_len,
                 |b, record_len| {
@@ -97,11 +100,14 @@ fn seal_in_place_separate_tag(c: &mut Criterion) {
 }
 
 fn open_in_place(c: &mut Criterion) {
+    let mut group = c.benchmark_group("aead");
+
     let rng = SystemRandom::new();
 
     for &(alg_name, algorithm) in ALGORITHMS {
         for record_len in RECORD_LENGTHS {
-            c.bench_with_input(
+            group.throughput(criterion::Throughput::BytesDecimal(*record_len as _));
+            group.bench_with_input(
                 bench_id("open_in_place", alg_name, *record_len),
                 record_len,
                 |b, _record_len| {
@@ -140,7 +146,7 @@ fn open_in_place(c: &mut Criterion) {
 }
 
 fn bench_id(func_name: &str, alg_name: &str, record_len: usize) -> BenchmarkId {
-    BenchmarkId::new(format!("aead::{}::{}", alg_name, func_name), record_len)
+    BenchmarkId::new(format!("{}::{}", alg_name, func_name), record_len)
 }
 
 criterion_group!(aead, seal_in_place_separate_tag, open_in_place);

build.rs

@@ -31,6 +31,7 @@ const X86: &str = "x86";
 const X86_64: &str = "x86_64";
 const AARCH64: &str = "aarch64";
 const ARM: &str = "arm";
+const WASM32: &str = "wasm32";
 
 #[rustfmt::skip]
 const RING_SRCS: &[(&[&str], &str)] = &[
@@ -93,6 +94,7 @@ const RING_SRCS: &[(&[&str], &str)] = &[
     (&[AARCH64], "crypto/fipsmodule/bn/asm/armv8-mont.pl"),
     (&[AARCH64], "crypto/fipsmodule/ec/asm/p256-armv8-asm.pl"),
     (&[AARCH64], "crypto/fipsmodule/modes/asm/ghash-neon-armv8.pl"),
+    (&[AARCH64], "crypto/fipsmodule/modes/asm/aesv8-gcm-armv8.pl"),
     (&[AARCH64], SHA512_ARMV8),
 ];
 
@@ -111,18 +113,11 @@ fn cpp_flags(compiler: &cc::Tool) -> &'static [&'static str] {
         static NON_MSVC_FLAGS: &[&str] = &[
             "-fvisibility=hidden",
             "-std=c1x", // GCC 4.6 requires "c1x" instead of "c11"
-            "-pedantic",
             "-Wall",
-            "-Wextra",
             "-Wbad-function-cast",
             "-Wcast-align",
             "-Wcast-qual",
             "-Wconversion",
-            "-Wenum-compare",
-            "-Wfloat-equal",
-            "-Wformat=2",
-            "-Winline",
-            "-Winvalid-pch",
             "-Wmissing-field-initializers",
             "-Wmissing-include-dirs",
             "-Wnested-externs",
@@ -133,7 +128,6 @@ fn cpp_flags(compiler: &cc::Tool) -> &'static [&'static str] {
             "-Wstrict-prototypes",
             "-Wundef",
             "-Wuninitialized",
-            "-Wwrite-strings",
         ];
         NON_MSVC_FLAGS
     } else {
@@ -162,63 +156,63 @@ fn cpp_flags(compiler: &cc::Tool) -> &'static [&'static str] {
 const ASM_TARGETS: &[AsmTarget] = &[
     AsmTarget {
         oss: LINUX_ABI,
-        arch: "aarch64",
+        arch: AARCH64,
         perlasm_format: "linux64",
         asm_extension: "S",
         preassemble: false,
     },
     AsmTarget {
         oss: LINUX_ABI,
-        arch: "arm",
+        arch: ARM,
         perlasm_format: "linux32",
         asm_extension: "S",
         preassemble: false,
     },
     AsmTarget {
         oss: LINUX_ABI,
-        arch: "x86",
+        arch: X86,
         perlasm_format: "elf",
         asm_extension: "S",
         preassemble: false,
     },
     AsmTarget {
         oss: LINUX_ABI,
-        arch: "x86_64",
+        arch: X86_64,
         perlasm_format: "elf",
         asm_extension: "S",
         preassemble: false,
     },
     AsmTarget {
         oss: MACOS_ABI,
-        arch: "aarch64",
+        arch: AARCH64,
         perlasm_format: "ios64",
         asm_extension: "S",
         preassemble: false,
     },
     AsmTarget {
         oss: MACOS_ABI,
-        arch: "x86_64",
+        arch: X86_64,
         perlasm_format: "macosx",
         asm_extension: "S",
         preassemble: false,
     },
     AsmTarget {
         oss: &[WINDOWS],
-        arch: "x86",
+        arch: X86,
         perlasm_format: "win32n",
         asm_extension: "asm",
         preassemble: true,
     },
     AsmTarget {
         oss: &[WINDOWS],
-        arch: "x86_64",
+        arch: X86_64,
         perlasm_format: "nasm",
         asm_extension: "asm",
         preassemble: true,
     },
     AsmTarget {
         oss: &[WINDOWS],
-        arch: "aarch64",
+        arch: AARCH64,
         perlasm_format: "win64",
         asm_extension: "S",
         preassemble: false,
@@ -264,8 +258,9 @@ const LINUX_ABI: &[&str] = &[
 
 /// Operating systems that have the same ABI as macOS on every architecture
 /// mentioned in `ASM_TARGETS`.
-const MACOS_ABI: &[&str] = &["ios", "macos", "tvos"];
+const MACOS_ABI: &[&str] = &["ios", MACOS, "tvos"];
 
+const MACOS: &str = "macos";
 const WINDOWS: &str = "windows";
 
 /// Read an environment variable and tell Cargo that we depend on it.
@@ -588,7 +583,7 @@ fn configure_cc(c: &mut cc::Build, target: &Target, include_dir: &Path) {
         let _ = c.flag(f);
     }
 
-    if target.os.as_str() == "macos" {
+    if target.os.as_str() == MACOS {
         // ``-gfull`` is required for Darwin's |-dead_strip|.
         let _ = c.flag("-gfull");
     } else if !compiler.is_like_msvc() {
@@ -602,8 +597,7 @@ fn configure_cc(c: &mut cc::Build, target: &Target, include_dir: &Path) {
     // Allow cross-compiling without a target sysroot for these targets.
     //
     // poly1305_vec.c requires <emmintrin.h> which requires <stdlib.h>.
-    if (target.arch == "wasm32")
-        || (target.os == "linux" && target.is_musl && target.arch != "x86_64")
+    if (target.arch == WASM32) || (target.os == "linux" && target.is_musl && target.arch != X86_64)
     {
         if let Ok(compiler) = c.try_get_compiler() {
             // TODO: Expand this to non-clang compilers in 0.17.0 if practical.
@@ -634,8 +628,8 @@ fn cc_asm(b: &cc::Build, file: &Path, out_file: &Path) -> Command {
 
 fn nasm(file: &Path, arch: &str, include_dir: &Path, out_file: &Path) -> Command {
     let oformat = match arch {
-        "x86_64" => "win64",
-        "x86" => "win32",
+        x if x == X86_64 => "win64",
+        x if x == X86 => "win32",
         _ => panic!("unsupported arch: {}", arch),
     };
 
@@ -742,7 +736,7 @@ fn perlasm(src_dst: &[(PathBuf, PathBuf)], asm_target: &AsmTarget) {
             src.to_string_lossy().into_owned(),
             asm_target.perlasm_format.to_owned(),
         ];
-        if asm_target.arch == "x86" {
+        if asm_target.arch == X86 {
             args.push("-fPIC".into());
             args.push("-DOPENSSL_IA32_SSE2".into());
         }
@@ -943,6 +937,8 @@ fn prefix_all_symbols(pp: char, prefix_prefix: &str, prefix: &str) -> String {
         "gcm_init_avx",
         "gcm_init_clmul",
         "gcm_init_neon",
+        "aes_gcm_enc_kernel",
+        "aes_gcm_dec_kernel",
         "k25519Precomp",
         "limbs_mul_add_limb",
         "little_endian_bytes_from_scalar",

crypto/internal.h

@@ -132,6 +132,14 @@
 #include <stdalign.h>
 #endif
 
+#if defined(__clang__) || defined(__GNUC__)
+#define RING_NOINLINE __attribute__((noinline))
+#elif defined(_MSC_VER)
+#define RING_NOINLINE __declspec(noinline)
+#else
+#define RING_NOINLINE
+#endif
+
 // Some C compilers require a useless cast when dealing with arrays for the
 // reason explained in
 // https://gustedt.wordpress.com/2011/02/12/const-and-arrays/