Merge branch 'release/2.5' into main

dalek-cryptography · Feb 28, 2023 · 6b6a81a · 6b6a81a
2 parents bd282be + 574347d
commit 6b6a81a
Show file tree

Hide file tree

Showing 12 changed files with 206 additions and 55 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -27,7 +27,9 @@ script:
     cargo test --no-default-features --features std &&
     cargo test --no-default-features --features "std i128" &&
     cargo test --no-default-features --features "std core_hint_black_box" &&
-    cargo test --no-default-features --features "std i128 core_hint_black_box"
+    cargo test --no-default-features --features "std const-generics" &&
+    cargo test --no-default-features --features "std i128 core_hint_black_box" &&
+    cargo test --no-default-features --features "std i128 core_hint_black_box const-generics"
 
 notifications:
   slack:

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,21 @@
 
 Entries are listed in reverse chronological order.
 
+## 2.5.0
+
+* Add constant-timedness note to the documentation for `CtOption::unwrap_or_else`.
+* Add `CtOption::expect`.
+* Add `ConstantTimeEq::ct_ne` with default implementation.
+* Add new `core_hint_black_box` feature from Diane Hosfelt and Amber
+  Sprenkels which utilises the original `black_box` functionality from
+  when subtle was first written, which has now found it's way into the
+  Rust standard library.
+* Add new `const-generics` feature from @survived which adds support
+  for subtle traits for generic arrays `[T; N]`.
+* Add new feature for supporting `core::cmp::Ordering` for types which
+  implement subtle traits, patch from @tarcieri.
+* Update `rand` dependency to 0.8.
+
 ## 2.4.1
 
 * Fix a bug in how the README was included in the documentation builds

diff --git a/Cargo.toml b/Cargo.toml
@@ -5,7 +5,8 @@ name = "subtle"
 # - update html_root_url
 # - update README if necessary by semver
 # - if any updates were made to the README, also update the module documentation in src/lib.rs
-version = "2.4.1"
+version = "2.5.0"
+edition = "2018"
 authors = ["Isis Lovecruft <[email protected]>",
            "Henry de Valence <[email protected]>"]
 readme = "README.md"
@@ -25,9 +26,10 @@ exclude = [
 travis-ci = { repository = "dalek-cryptography/subtle", branch = "master"}
 
 [dev-dependencies]
-rand = { version = "0.7" }
+rand = { version = "0.8" }
 
 [features]
+const-generics = []
 core_hint_black_box = []
 default = ["std", "i128"]
 std = []

diff --git a/README.md b/README.md
@@ -7,7 +7,7 @@ instead of `bool` which are intended to execute in constant-time.  The `Choice`
 type is a wrapper around a `u8` that holds a `0` or `1`.
 
 ```toml
-subtle = "2.4"
+subtle = "2.5"
 ```
 
 This crate represents a “best-effort” attempt, since side-channels
@@ -30,6 +30,9 @@ Rust versions from 1.66 or higher support a new best-effort optimization
 barrier ([`core::hint::black_box`]).  To use the new optimization barrier,
 enable the `core_hint_black_box` feature.
 
+Rust versions from 1.51 or higher have const generics support. You may enable
+`const-generics` feautre to have `subtle` traits implemented for arrays `[T; N]`.
+
 Versions prior to `2.2` recommended use of the `nightly` feature to enable an
 optimization barrier; this is not required in versions `2.2` and above.
 
@@ -58,7 +61,7 @@ which attempts to provide a more comprehensive approach for preventing
 software side-channels in Rust code.
 
 From version `2.2`, it was based on Diane Hosfelt and Amber Sprenkels' work on
-"Secret Types in Rust".  Version `2.3` adds the `core_hint_black_box` feature,
+"Secret Types in Rust".  Version `2.5` adds the `core_hint_black_box` feature,
 which uses the original method through the [`core::hint::black_box`] function
 from the Rust standard library.
 

diff --git a/fuzz/Cargo.toml b/fuzz/Cargo.toml
@@ -1,18 +1,19 @@
-
 [package]
 name = "subtle-fuzz"
 version = "0.0.1"
 authors = ["Automatically generated"]
 publish = false
+edition = "2018"
 
 [package.metadata]
 cargo-fuzz = true
 
 [dependencies.subtle]
 path = ".."
-features = ["nightly"]
-[dependencies.libfuzzer-sys]
-git = "https://github.com/rust-fuzz/libfuzzer-sys.git"
+features = ["nightly", "const-generics"]
+
+[dependencies]
+libfuzzer-sys = "0.4"
 
 # Prevent this from interfering with workspaces
 [workspace]
@@ -21,15 +22,27 @@ members = ["."]
 [[bin]]
 name = "conditional_assign_u8"
 path = "fuzzers/conditional_assign_u8.rs"
+test = false
+doc = false
 
 [[bin]]
 name = "conditional_assign_u16"
 path = "fuzzers/conditional_assign_u16.rs"
+test = false
+doc = false
 
 [[bin]]
 name = "conditional_assign_i8"
 path = "fuzzers/conditional_assign_i8.rs"
+test = false
+doc = false
 
 [[bin]]
 name = "conditional_assign_i128"
 path = "fuzzers/conditional_assign_i128.rs"
+test = false
+doc = false
+
+[[bin]]
+name = "conditional_assign_array"
+path = "fuzzers/conditional_assign_array.rs"
diff --git a/fuzz/fuzzers/conditional_assign_array.rs b/fuzz/fuzzers/conditional_assign_array.rs
@@ -0,0 +1,29 @@
+#![no_main]
+
+#[macro_use]
+extern crate libfuzzer_sys;
+extern crate subtle;
+extern crate core;
+
+use core::convert::TryFrom;
+
+use subtle::ConditionallySelectable;
+
+fuzz_target!(|data: &[u8]| {
+    let chunk_size: usize = 16;
+
+    if data.len() % chunk_size != 0 {
+        return;
+    }
+
+    for bytes in data.chunks(chunk_size) {
+        let mut x = [0u8; 16];
+        let y = <[u8; 16]>::try_from(bytes).unwrap();
+
+        x.conditional_assign(&y, 0.into());
+        assert_eq!(x, [0u8; 16]);
+
+        x.conditional_assign(&y, 1.into());
+        assert_eq!(x, y);
+    }
+});
diff --git a/fuzz/fuzzers/conditional_assign_i128.rs b/fuzz/fuzzers/conditional_assign_i128.rs
@@ -1,12 +1,6 @@
 #![no_main]
-
-#[macro_use]
-extern crate libfuzzer_sys;
-extern crate subtle;
-extern crate core;
-
+use libfuzzer_sys::fuzz_target;
 use core::intrinsics::transmute;
-
 use subtle::ConditionallySelectable;
 
 fuzz_target!(|data: &[u8]| {
@@ -20,10 +14,10 @@ fuzz_target!(|data: &[u8]| {
         unsafe {
             let mut x: i128 = 0;
             let y: i128 = transmute::<[u8; 16], i128>([
-                bytes[0],  bytes[1],  bytes[2],  bytes[3],
-                bytes[4],  bytes[5],  bytes[6],  bytes[7],
-                bytes[8],  bytes[9],  bytes[10], bytes[11],
-                bytes[12], bytes[13], bytes[14], bytes[15]]);
+                bytes[0], bytes[1], bytes[2], bytes[3], bytes[4], bytes[5], bytes[6], bytes[7],
+                bytes[8], bytes[9], bytes[10], bytes[11], bytes[12], bytes[13], bytes[14],
+                bytes[15],
+            ]);
 
             x.conditional_assign(&y, 0.into());
             assert_eq!(x, 0);

diff --git a/fuzz/fuzzers/conditional_assign_i8.rs b/fuzz/fuzzers/conditional_assign_i8.rs
@@ -1,12 +1,6 @@
 #![no_main]
-
-#[macro_use]
-extern crate libfuzzer_sys;
-extern crate subtle;
-extern crate core;
-
+use libfuzzer_sys::fuzz_target;
 use core::intrinsics::transmute;
-
 use subtle::ConditionallySelectable;
 
 fuzz_target!(|data: &[u8]| {

diff --git a/fuzz/fuzzers/conditional_assign_u16.rs b/fuzz/fuzzers/conditional_assign_u16.rs
@@ -1,12 +1,6 @@
 #![no_main]
-
-#[macro_use]
-extern crate libfuzzer_sys;
-extern crate subtle;
-extern crate core;
-
+use libfuzzer_sys::fuzz_target;
 use core::intrinsics::transmute;
-
 use subtle::ConditionallySelectable;
 
 fuzz_target!(|data: &[u8]| {

diff --git a/fuzz/fuzzers/conditional_assign_u8.rs b/fuzz/fuzzers/conditional_assign_u8.rs
@@ -1,10 +1,5 @@
 #![no_main]
-
-#[macro_use]
-extern crate libfuzzer_sys;
-extern crate subtle;
-extern crate core;
-
+use libfuzzer_sys::fuzz_target;
 use subtle::ConditionallySelectable;
 
 fuzz_target!(|data: &[u8]| {