From 8351f024a4cf08bd080acfa61b2ee8e4ec0f86b8 Mon Sep 17 00:00:00 2001 From: Isis Lovecruft Date: Tue, 13 Jul 2021 04:31:46 +0000 Subject: [PATCH] Fix builds by removing include_str!(docs). The latest rust nightlies and beta (at stable version 1.55) include a change from #![cfg_attr(feature = "nightly", feature(external_doc))] #![cfg_attr(feature = "nightly", doc(include = "../README.md"))] to removing `feature(external_doc)` and also changing the syntax of the second line to #![cfg_attr(feature = "nightly", doc = include_str!("../README.md"))] However. `include_str!` is stable currently, but the syntax of `doc = ` is expressly disallowed. This gives me four options: 1. Don't build documentation (bad) 2. Copy-pasta README.md into src/lib.rs (also bad) 3. Support only beta/nightly but not stable (completely untennable for a crate with ~14 million downloads) 4. Support only stable but not beta/nightly (also untennable) Further, waiting for this to be "fixed" by its inclusion in stable Rust in about a week means that our MSRV increases from 1.41 to 1.56, with no changes to actual code (other than how to build documentation) at all, which seems quite unfriendly to downstream dependents who are pinning their rust versions for whatever reason. So, sadly, it seems the most friendly fix is to copy-pasta our README.md into the codebase. (cf. https://github.com/rust-lang/rust/issues/44732, https://github.com/rust-lang/rust/pull/82539) --- Cargo.toml | 2 ++ src/lib.rs | 74 +++++++++++++++++++++++++++++++++++++++++++++++++++--- 2 files changed, 72 insertions(+), 4 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 831bd7b..fa57901 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -4,6 +4,7 @@ name = "subtle" # - update CHANGELOG # - update html_root_url # - update README if necessary by semver +# - if any updates were made to the README, also update the module documentation in src/lib.rs version = "2.4.0" authors = ["Isis Lovecruft ", "Henry de Valence "] @@ -30,4 +31,5 @@ rand = { version = "0.7" } default = ["std", "i128"] std = [] i128 = [] +# DEPRECATED: As of 2.4.1, this feature does nothing. nightly = [] diff --git a/src/lib.rs b/src/lib.rs index 1a8369e..ec88cd1 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -9,13 +9,79 @@ // - Henry de Valence #![no_std] -#![cfg_attr(feature = "nightly", doc = include_str!("../README.md"))] -#![cfg_attr(feature = "nightly", deny(missing_docs))] +#![deny(missing_docs)] #![doc(html_logo_url = "https://doc.dalek.rs/assets/dalek-logo-clear.png")] #![doc(html_root_url = "https://docs.rs/subtle/2.4.0")] -//! Note that docs will only build on nightly Rust until -//! [RFC 1990 stabilizes](https://github.com/rust-lang/rust/issues/44732). +//! # subtle [![](https://img.shields.io/crates/v/subtle.svg)](https://crates.io/crates/subtle) [![](https://img.shields.io/badge/dynamic/json.svg?label=docs&uri=https%3A%2F%2Fcrates.io%2Fapi%2Fv1%2Fcrates%2Fsubtle%2Fversions&query=%24.versions%5B0%5D.num&colorB=4F74A6)](https://doc.dalek.rs/subtle) [![](https://travis-ci.org/dalek-cryptography/subtle.svg?branch=master)](https://travis-ci.org/dalek-cryptography/subtle) +//! +//! **Pure-Rust traits and utilities for constant-time cryptographic implementations.** +//! +//! It consists of a `Choice` type, and a collection of traits using `Choice` +//! instead of `bool` which are intended to execute in constant-time. The `Choice` +//! type is a wrapper around a `u8` that holds a `0` or `1`. +//! +//! ```toml +//! subtle = "2.4" +//! ``` +//! +//! This crate represents a “best-effort” attempt, since side-channels +//! are ultimately a property of a deployed cryptographic system +//! including the hardware it runs on, not just of software. +//! +//! The traits are implemented using bitwise operations, and should execute in +//! constant time provided that a) the bitwise operations are constant-time and +//! b) the bitwise operations are not recognized as a conditional assignment and +//! optimized back into a branch. +//! +//! For a compiler to recognize that bitwise operations represent a conditional +//! assignment, it needs to know that the value used to generate the bitmasks is +//! really a boolean `i1` rather than an `i8` byte value. In an attempt to +//! prevent this refinement, the crate tries to hide the value of a `Choice`'s +//! inner `u8` by passing it through a volatile read. For more information, see +//! the _About_ section below. +//! +//! Versions prior to `2.2` recommended use of the `nightly` feature to enable an +//! optimization barrier; this is not required in versions `2.2` and above. +//! +//! Note: the `subtle` crate contains `debug_assert`s to check invariants during +//! debug builds. These invariant checks involve secret-dependent branches, and +//! are not present when compiled in release mode. This crate is intended to be +//! used in release mode. +//! +//! ## Documentation +//! +//! Documentation is available [here][docs]. +//! +//! ## Minimum Supported Rust Version +//! +//! Rust **1.41** or higher. +//! +//! Minimum supported Rust version can be changed in the future, but it will be done with a minor version bump. +//! +//! ## About +//! +//! This library aims to be the Rust equivalent of Go’s `crypto/subtle` module. +//! +//! The optimization barrier in `impl From for Choice` was based on Tim +//! Maclean's [work on `rust-timing-shield`][rust-timing-shield], which attempts to +//! provide a more comprehensive approach for preventing software side-channels in +//! Rust code. +//! +//! `subtle` is authored by isis agora lovecruft and Henry de Valence. +//! +//! ## Warning +//! +//! This code is a low-level library, intended for specific use-cases implementing +//! cryptographic protocols. It represents a best-effort attempt to protect +//! against some software side-channels. Because side-channel resistance is not a +//! property of software alone, but of software together with hardware, any such +//! effort is fundamentally limited. +//! +//! **USE AT YOUR OWN RISK** +//! +//! [docs]: https://docs.rs/subtle +//! [rust-timing-shield]: https://www.chosenplaintext.ca/open-source/rust-timing-shield/security #[cfg(feature = "std")] #[macro_use]