From 415cb23f039e19e215abac3fa6d717b48b4bb25a Mon Sep 17 00:00:00 2001 From: Amber Sprenkels Date: Thu, 9 Mar 2023 20:39:00 +0800 Subject: [PATCH 1/4] Revert "Change new black_box impl to also be #[inline(never)]." This reverts commit 6410953c200285f704556e3e3748e3e95a363532. --- src/lib.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib.rs b/src/lib.rs index 795eade..ff58b6e 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -243,7 +243,7 @@ fn black_box(input: u8) -> u8 { } #[cfg(feature = "core_hint_black_box")] -#[inline(never)] +#[inline] fn black_box(input: u8) -> u8 { debug_assert!((input == 0u8) | (input == 1u8)); core::hint::black_box(input) From d49e4638d121f165fe83140139adecdc7f0d559d Mon Sep 17 00:00:00 2001 From: Amber Sprenkels Date: Thu, 9 Mar 2023 20:43:23 +0800 Subject: [PATCH 2/4] Revert "Add core_hint_black_box feature that uses core::hint::black_box" This reverts commit 0dfc57262ad545bada6d255faa4a7655b1cb8245. --- .travis.yml | 4 +--- Cargo.toml | 1 + README.md | 12 ++---------- src/lib.rs | 48 +++--------------------------------------------- 4 files changed, 7 insertions(+), 58 deletions(-) diff --git a/.travis.yml b/.travis.yml index ef3b7f8..c5d887c 100644 --- a/.travis.yml +++ b/.travis.yml @@ -26,10 +26,8 @@ script: - cargo test && cargo test --no-default-features && cargo test --no-default-features --features std && cargo test --no-default-features --features "std i128" && - cargo test --no-default-features --features "std core_hint_black_box" && cargo test --no-default-features --features "std const-generics" && - cargo test --no-default-features --features "std i128 core_hint_black_box" && - cargo test --no-default-features --features "std i128 core_hint_black_box const-generics" + cargo test --no-default-features --features "std i128 const-generics" notifications: slack: diff --git a/Cargo.toml b/Cargo.toml index 64532ed..3bbc305 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -30,6 +30,7 @@ rand = { version = "0.8" } [features] const-generics = [] +# DEPRECATED: As of 2.5.1, this feature does nothing. core_hint_black_box = [] default = ["std", "i128"] std = [] diff --git a/README.md b/README.md index de77575..928bcb7 100644 --- a/README.md +++ b/README.md @@ -26,10 +26,6 @@ prevent this refinement, the crate tries to hide the value of a `Choice`'s inner `u8` by passing it through a volatile read. For more information, see the _About_ section below. -Rust versions from 1.66 or higher support a new best-effort optimization -barrier ([`core::hint::black_box`]). To use the new optimization barrier, -enable the `core_hint_black_box` feature. - Rust versions from 1.51 or higher have const generics support. You may enable `const-generics` feautre to have `subtle` traits implemented for arrays `[T; N]`. @@ -47,7 +43,7 @@ Documentation is available [here][docs]. ## Minimum Supported Rust Version -Rust **1.41** or higher. +Rust **1.66** or higher. Minimum supported Rust version can be changed in the future, but it will be done with a minor version bump. @@ -59,11 +55,8 @@ Old versions of the optimization barrier in `impl From for Choice` were based on Tim Maclean's [work on `rust-timing-shield`][rust-timing-shield], which attempts to provide a more comprehensive approach for preventing software side-channels in Rust code. - From version `2.2`, it was based on Diane Hosfelt and Amber Sprenkels' work on -"Secret Types in Rust". Version `2.5` adds the `core_hint_black_box` feature, -which uses the original method through the [`core::hint::black_box`] function -from the Rust standard library. +"Secret Types in Rust". `subtle` is authored by isis agora lovecruft and Henry de Valence. @@ -78,5 +71,4 @@ effort is fundamentally limited. **USE AT YOUR OWN RISK** [docs]: https://docs.rs/subtle -[`core::hint::black_box`]: https://doc.rust-lang.org/core/hint/fn.black_box.html [rust-timing-shield]: https://www.chosenplaintext.ca/open-source/rust-timing-shield/security diff --git a/src/lib.rs b/src/lib.rs index ff58b6e..207fe4e 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -41,10 +41,6 @@ //! inner `u8` by passing it through a volatile read. For more information, see //! the _About_ section below. //! -//! Rust versions from 1.66 or higher support a new best-effort optimization -//! barrier ([`core::hint::black_box`]). To use the new optimization barrier, -//! enable the `core_hint_black_box` feature. -//! //! Rust versions from 1.51 or higher have const generics support. You may enable //! `const-generics` feautre to have `subtle` traits implemented for arrays `[T; N]`. //! @@ -74,11 +70,8 @@ //! based on Tim Maclean's [work on `rust-timing-shield`][rust-timing-shield], //! which attempts to provide a more comprehensive approach for preventing //! software side-channels in Rust code. -//! //! From version `2.2`, it was based on Diane Hosfelt and Amber Sprenkels' work on -//! "Secret Types in Rust". Version `2.5` adds the `core_hint_black_box` feature, -//! which uses the original method through the [`core::hint::black_box`] function -//! from the Rust standard library. +//! "Secret Types in Rust". //! //! `subtle` is authored by isis agora lovecruft and Henry de Valence. //! @@ -93,7 +86,6 @@ //! **USE AT YOUR OWN RISK** //! //! [docs]: https://docs.rs/subtle -//! [`core::hint::black_box`]: https://doc.rust-lang.org/core/hint/fn.black_box.html //! [rust-timing-shield]: https://www.chosenplaintext.ca/open-source/rust-timing-shield/security #[cfg(feature = "std")] @@ -214,47 +206,13 @@ impl Not for Choice { } } -/// This function is a best-effort attempt to prevent the compiler from knowing -/// anything about the value of the returned `u8`, other than its type. -/// -/// Because we want to support stable Rust, we don't have access to inline -/// assembly or test::black_box, so we use the fact that volatile values will -/// never be elided to register values. -/// -/// Note: Rust's notion of "volatile" is subject to change over time. While this -/// code may break in a non-destructive way in the future, “constant-time” code -/// is a continually moving target, and this is better than doing nothing. -#[cfg(not(feature = "core_hint_black_box"))] -#[inline(never)] -fn black_box(input: u8) -> u8 { - debug_assert!((input == 0u8) | (input == 1u8)); - - unsafe { - // Optimization barrier - // - // Unsafe is ok, because: - // - &input is not NULL; - // - size of input is not zero; - // - u8 is neither Sync, nor Send; - // - u8 is Copy, so input is always live; - // - u8 type is always properly aligned. - core::ptr::read_volatile(&input as *const u8) - } -} - -#[cfg(feature = "core_hint_black_box")] -#[inline] -fn black_box(input: u8) -> u8 { - debug_assert!((input == 0u8) | (input == 1u8)); - core::hint::black_box(input) -} - impl From for Choice { #[inline] fn from(input: u8) -> Choice { + debug_assert!((input == 0u8) | (input == 1u8)); // Our goal is to prevent the compiler from inferring that the value held inside the // resulting `Choice` struct is really an `i1` instead of an `i8`. - Choice(black_box(input)) + Choice(core::hint::black_box(input)) } } From c1d3561e943c459ab9d70fda5d2d4527fa0be75c Mon Sep 17 00:00:00 2001 From: Amber Sprenkels Date: Thu, 9 Mar 2023 20:44:05 +0800 Subject: [PATCH 3/4] Revert "Add assertion checking that a u8 bool is valid" This reverts commit df58872775b48bda1d0f4fdb782762cd7c70c557. --- src/lib.rs | 1 - 1 file changed, 1 deletion(-) diff --git a/src/lib.rs b/src/lib.rs index 207fe4e..1aa0acf 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -209,7 +209,6 @@ impl Not for Choice { impl From for Choice { #[inline] fn from(input: u8) -> Choice { - debug_assert!((input == 0u8) | (input == 1u8)); // Our goal is to prevent the compiler from inferring that the value held inside the // resulting `Choice` struct is really an `i1` instead of an `i8`. Choice(core::hint::black_box(input)) From 52549346d2b9132485b6ebe8b0004f0c67683bdc Mon Sep 17 00:00:00 2001 From: Amber Sprenkels Date: Thu, 9 Mar 2023 20:44:13 +0800 Subject: [PATCH 4/4] Revert "Replace black_box with std::hint::black_box" This reverts commit 4978f4235b37cae2eb9f125cc5095772b3adc561. --- README.md | 2 +- src/lib.rs | 29 ++++++++++++++++++++++++++++- 2 files changed, 29 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 928bcb7..0753be3 100644 --- a/README.md +++ b/README.md @@ -43,7 +43,7 @@ Documentation is available [here][docs]. ## Minimum Supported Rust Version -Rust **1.66** or higher. +Rust **1.41** or higher. Minimum supported Rust version can be changed in the future, but it will be done with a minor version bump. diff --git a/src/lib.rs b/src/lib.rs index 1aa0acf..63cf19f 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -206,12 +206,39 @@ impl Not for Choice { } } +/// This function is a best-effort attempt to prevent the compiler from knowing +/// anything about the value of the returned `u8`, other than its type. +/// +/// Because we want to support stable Rust, we don't have access to inline +/// assembly or test::black_box, so we use the fact that volatile values will +/// never be elided to register values. +/// +/// Note: Rust's notion of "volatile" is subject to change over time. While this +/// code may break in a non-destructive way in the future, “constant-time” code +/// is a continually moving target, and this is better than doing nothing. +#[inline(never)] +fn black_box(input: u8) -> u8 { + debug_assert!((input == 0u8) | (input == 1u8)); + + unsafe { + // Optimization barrier + // + // Unsafe is ok, because: + // - &input is not NULL; + // - size of input is not zero; + // - u8 is neither Sync, nor Send; + // - u8 is Copy, so input is always live; + // - u8 type is always properly aligned. + core::ptr::read_volatile(&input as *const u8) + } +} + impl From for Choice { #[inline] fn from(input: u8) -> Choice { // Our goal is to prevent the compiler from inferring that the value held inside the // resulting `Choice` struct is really an `i1` instead of an `i8`. - Choice(core::hint::black_box(input)) + Choice(black_box(input)) } }