Skip to content

Commit 377f611

Browse files
briansmithbriansmith
committed
Add |ring::c| to define C types, removing libc crate dependency.
The libc crate is full of badness and we need almost none of it. We don't want to use the C standard library at all from Rust and we definitely don't want to force users of *ring* to have to link to the C standard library. (The C code inherited from BoringSSL depends on the C standard library, but we've removed a lot of those dependencies and we'll continue to do so.) Also the definition of |libc::size_t| as an alias for a type that isn't implicitly convertable to |usize| was forcing us to do a lot of unnecessary casting, which is inherently danger-prone and thus dangerous.
1 parent a4dd459 commit 377f611

File tree

11 files changed

+268
-147
lines changed

11 files changed

+268
-147
lines changed

Cargo.toml

-2
Original file line numberDiff line numberDiff line change
@@ -12,8 +12,6 @@ version = "0.1.0"
1212
name = "ring"
1313

1414
[dependencies]
15-
libc = "0.1"
16-
1715
# TODO: [dev-dependencies]
1816
rustc-serialize = "0.3.15"
1917
time = "0.1.32"

crypto/crypto.c

+25
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,8 @@
1414

1515
#include <openssl/crypto.h>
1616

17+
#include <stdint.h>
18+
1719
#include "internal.h"
1820

1921

@@ -102,3 +104,26 @@ void CRYPTO_library_init(void) {
102104
do_library_init();
103105
#endif
104106
}
107+
108+
/* These functions allow tests in other languages to verify that their
109+
* understanding of the C types matches the C compiler's understanding. */
110+
111+
#define DEFINE_METRICS_FUNCTIONS(ty) \
112+
OPENSSL_EXPORT ty ring_##ty##_align(void) { return alignof(ty); } \
113+
OPENSSL_EXPORT ty ring_##ty##_size(void) { return sizeof(ty); }
114+
115+
DEFINE_METRICS_FUNCTIONS(int8_t)
116+
DEFINE_METRICS_FUNCTIONS(uint8_t)
117+
118+
DEFINE_METRICS_FUNCTIONS(int16_t)
119+
DEFINE_METRICS_FUNCTIONS(uint16_t)
120+
121+
DEFINE_METRICS_FUNCTIONS(int32_t)
122+
DEFINE_METRICS_FUNCTIONS(uint32_t)
123+
124+
DEFINE_METRICS_FUNCTIONS(int64_t)
125+
DEFINE_METRICS_FUNCTIONS(uint64_t)
126+
127+
DEFINE_METRICS_FUNCTIONS(int)
128+
129+
DEFINE_METRICS_FUNCTIONS(size_t)

src/aead.rs

+69-90
Original file line numberDiff line numberDiff line change
@@ -23,9 +23,8 @@
2323
//!
2424
//! Go analog: [`crypto.cipher.AEAD`](https://golang.org/pkg/crypto/cipher/#AEAD)
2525
26-
use libc;
2726
use std;
28-
use super::ffi;
27+
use super::{c, ffi};
2928

3029
/// A key for authenticating and decrypting (&ldquo;opening&rdquo;)
3130
/// AEAD-protected data.
@@ -207,11 +206,10 @@ impl Key {
207206
}
208207

209208
ffi::map_bssl_result(unsafe {
210-
(self.algorithm.init)(self.ctx_buf.as_mut_ptr(),
211-
std::mem::size_of::<[u64; KEY_CTX_BUF_ELEMS]>()
212-
as libc::size_t,
213-
key_bytes.as_ptr(),
214-
key_bytes.len() as libc::size_t)
209+
(self.algorithm.init)(
210+
self.ctx_buf.as_mut_ptr(),
211+
std::mem::size_of::<[u64; KEY_CTX_BUF_ELEMS]>(),
212+
key_bytes.as_ptr(), key_bytes.len())
215213
})
216214
}
217215

@@ -227,12 +225,11 @@ impl Key {
227225
if nonce.len() != (self.algorithm.nonce_len as usize) {
228226
return Err(()) // CIPHER_R_INVALID_NONCE_SIZE
229227
}
230-
let mut out_len: libc::size_t = 0;
228+
let mut out_len: c::size_t = 0;
231229
match (open_or_seal_fn)(self.ctx_buf.as_ptr(), out.as_mut_ptr(),
232-
&mut out_len, out.len() as libc::size_t,
233-
nonce.as_ptr(), in_ptr, in_len as libc::size_t,
234-
ad.as_ptr(), ad.len() as libc::size_t) {
235-
1 => Ok(out_len as usize),
230+
&mut out_len, out.len(), nonce.as_ptr(), in_ptr,
231+
in_len, ad.as_ptr(), ad.len()) {
232+
1 => Ok(out_len),
236233
_ => {
237234
// Follow BoringSSL's lead in zeroizing the output buffer on
238235
// error just in case an application accidentally and wrongly
@@ -258,46 +255,45 @@ pub struct Algorithm {
258255
/// The length of the key.
259256
///
260257
/// C analog: `EVP_AEAD_key_length`
261-
pub key_len: libc::uint8_t,
258+
pub key_len: u8,
262259

263260
/// The length of the nonces.
264261
///
265262
/// C analog: `EVP_AEAD_nonce_length`
266263
///
267264
/// Go analog: [`crypto.cipher.AEAD.NonceSize`](https://golang.org/pkg/crypto/cipher/#AEAD)
268-
pub nonce_len: libc::uint8_t,
265+
pub nonce_len: u8,
269266

270267
/// The maximum number of bytes that sealing operations may add to plaintexts.
271268
/// See also `MAX_OVERHEAD_LEN`.
272269
///
273270
/// C analog: `EVP_AEAD_max_overhead`
274271
///
275272
/// Go analog: [`crypto.cipher.AEAD.Overhead`](https://golang.org/pkg/crypto/cipher/#AEAD)
276-
pub max_overhead_len: libc::uint8_t,
273+
pub max_overhead_len: u8,
277274

278275
/// The length of the authentication tags or MACs.
279276
///
280277
/// Use `max_overhead_len` or `MAX_OVERHEAD_LEN` when sizing buffers for
281278
/// sealing operations.
282279
///
283280
/// C analog: `EVP_AEAD_tag_len`
284-
pub tag_len: libc::uint8_t,
281+
pub tag_len: u8,
285282

286-
init: unsafe extern fn(ctx_buf: *mut u64, ctx_buf_len: libc::size_t,
287-
key: *const libc::uint8_t, key_len: libc::size_t)
288-
-> libc::c_int,
283+
init: unsafe extern fn(ctx_buf: *mut u64, ctx_buf_len: c::size_t,
284+
key: *const u8, key_len: c::size_t) -> c::int,
289285

290286
seal: OpenOrSealFn,
291287
open: OpenOrSealFn,
292288
}
293289

294-
const AES_128_KEY_LEN: libc::uint8_t = 128 / 8;
295-
const AES_256_KEY_LEN: libc::uint8_t = (256 as usize / 8) as libc::uint8_t;
296-
const AES_GCM_NONCE_LEN: libc::uint8_t = 96 / 8;
297-
const AES_GCM_TAG_LEN: libc::uint8_t = 128 / 8;
290+
const AES_128_KEY_LEN: u8 = 128 / 8;
291+
const AES_256_KEY_LEN: u8 = (256 as usize / 8) as u8;
292+
const AES_GCM_NONCE_LEN: u8 = 96 / 8;
293+
const AES_GCM_TAG_LEN: u8 = 128 / 8;
298294

299-
const CHACHA20_KEY_LEN: libc::uint8_t = (256 as usize / 8) as libc::uint8_t;
300-
const POLY1305_TAG_LEN: libc::uint8_t = 128 / 8;
295+
const CHACHA20_KEY_LEN: u8 = (256 as usize / 8) as u8;
296+
const POLY1305_TAG_LEN: u8 = 128 / 8;
301297
/// The maximum value of `Algorithm.max_overhead_len` for the algorithms in
302298
/// this module.
303299
pub const MAX_OVERHEAD_LEN: usize = AES_GCM_TAG_LEN as usize;
@@ -363,87 +359,70 @@ pub static CHACHA20_POLY1305_DEPRECATED: Algorithm = Algorithm {
363359
};
364360

365361
type OpenOrSealFn =
366-
unsafe extern fn(ctx: *const u64, out: *mut libc::uint8_t,
367-
out_len: &mut libc::size_t, max_out_len: libc::size_t,
368-
nonce: *const libc::uint8_t,
369-
in_: *const libc::uint8_t, in_len: libc::size_t,
370-
ad: *const libc::uint8_t, ad_len: libc::size_t)
371-
-> libc::c_int;
362+
unsafe extern fn(ctx: *const u64, out: *mut u8,
363+
out_len: &mut c::size_t, max_out_len: c::size_t,
364+
nonce: *const u8, in_: *const u8, in_len: c::size_t,
365+
ad: *const u8, ad_len: c::size_t) -> c::int;
372366

373367
// XXX: As of Rust 1.4, the compiler will no longer warn about the use of
374368
// `usize` and `isize` in FFI declarations. Remove the `allow(improper_ctypes)`
375369
// when Rust 1.4 is released.
376370
#[allow(improper_ctypes)]
377371
extern {
378-
fn evp_aead_aes_gcm_init(ctx_buf: *mut u64, ctx_buf_len: libc::size_t,
379-
key: *const libc::uint8_t, key_len: libc::size_t)
380-
-> libc::c_int;
381-
382-
fn evp_aead_aes_gcm_seal(ctx_buf: *const u64, out: *mut libc::uint8_t,
383-
out_len: &mut libc::size_t,
384-
max_out_len: libc::size_t,
385-
nonce: *const libc::uint8_t,
386-
in_: *const libc::uint8_t, in_len: libc::size_t,
387-
ad: *const libc::uint8_t, ad_len: libc::size_t)
388-
-> libc::c_int;
389-
390-
fn evp_aead_aes_gcm_open(ctx_buf: *const u64, out: *mut libc::uint8_t,
391-
out_len: &mut libc::size_t,
392-
max_out_len: libc::size_t,
393-
nonce: *const libc::uint8_t,
394-
in_: *const libc::uint8_t, in_len: libc::size_t,
395-
ad: *const libc::uint8_t, ad_len: libc::size_t)
396-
-> libc::c_int;
372+
fn evp_aead_aes_gcm_init(ctx_buf: *mut u64, ctx_buf_len: c::size_t,
373+
key: *const u8, key_len: c::size_t) -> c::int;
374+
375+
fn evp_aead_aes_gcm_seal(ctx_buf: *const u64, out: *mut u8,
376+
out_len: &mut c::size_t, max_out_len: c::size_t,
377+
nonce: *const u8, in_: *const u8,
378+
in_len: c::size_t, ad: *const u8,
379+
ad_len: c::size_t) -> c::int;
380+
381+
fn evp_aead_aes_gcm_open(ctx_buf: *const u64, out: *mut u8,
382+
out_len: &mut c::size_t, max_out_len: c::size_t,
383+
nonce: *const u8, in_: *const u8,
384+
in_len: c::size_t, ad: *const u8,
385+
ad_len: c::size_t) -> c::int;
397386

398387
fn evp_aead_chacha20_poly1305_init(ctx_buf: *mut u64,
399-
ctx_buf_len: libc::size_t,
400-
key: *const libc::uint8_t,
401-
key_len: libc::size_t)
402-
-> libc::c_int;
388+
ctx_buf_len: c::size_t, key: *const u8,
389+
key_len: c::size_t) -> c::int;
403390

404391
fn evp_aead_chacha20_poly1305_rfc7539_seal(ctx_buf: *const u64,
405-
out: *mut libc::uint8_t,
406-
out_len: &mut libc::size_t,
407-
max_out_len: libc::size_t,
408-
nonce: *const libc::uint8_t,
409-
in_: *const libc::uint8_t,
410-
in_len: libc::size_t,
411-
ad: *const libc::uint8_t,
412-
ad_len: libc::size_t)
413-
-> libc::c_int;
392+
out: *mut u8,
393+
out_len: &mut c::size_t,
394+
max_out_len: c::size_t,
395+
nonce: *const u8, in_: *const u8,
396+
in_len: c::size_t, ad: *const u8,
397+
ad_len: c::size_t) -> c::int;
414398

415399
fn evp_aead_chacha20_poly1305_rfc7539_open(ctx_buf: *const u64,
416-
out: *mut libc::uint8_t,
417-
out_len: &mut libc::size_t,
418-
max_out_len: libc::size_t,
419-
nonce: *const libc::uint8_t,
420-
in_: *const libc::uint8_t,
421-
in_len: libc::size_t,
422-
ad: *const libc::uint8_t,
423-
ad_len: libc::size_t)
424-
-> libc::c_int;
400+
out: *mut u8,
401+
out_len: &mut c::size_t,
402+
max_out_len: c::size_t,
403+
nonce: *const u8, in_: *const u8,
404+
in_len: c::size_t, ad: *const u8,
405+
ad_len: c::size_t) -> c::int;
425406

426407
fn evp_aead_chacha20_poly1305_deprecated_seal(ctx_buf: *const u64,
427-
out: *mut libc::uint8_t,
428-
out_len: &mut libc::size_t,
429-
max_out_len: libc::size_t,
430-
nonce: *const libc::uint8_t,
431-
in_: *const libc::uint8_t,
432-
in_len: libc::size_t,
433-
ad: *const libc::uint8_t,
434-
ad_len: libc::size_t)
435-
-> libc::c_int;
408+
out: *mut u8,
409+
out_len: &mut c::size_t,
410+
max_out_len: c::size_t,
411+
nonce: *const u8,
412+
in_: *const u8,
413+
in_len: c::size_t,
414+
ad: *const u8,
415+
ad_len: c::size_t) -> c::int;
436416

437417
fn evp_aead_chacha20_poly1305_deprecated_open(ctx_buf: *const u64,
438-
out: *mut libc::uint8_t,
439-
out_len: &mut libc::size_t,
440-
max_out_len: libc::size_t,
441-
nonce: *const libc::uint8_t,
442-
in_: *const libc::uint8_t,
443-
in_len: libc::size_t,
444-
ad: *const libc::uint8_t,
445-
ad_len: libc::size_t)
446-
-> libc::c_int;
418+
out: *mut u8,
419+
out_len: &mut c::size_t,
420+
max_out_len: c::size_t,
421+
nonce: *const u8,
422+
in_: *const u8,
423+
in_len: c::size_t,
424+
ad: *const u8,
425+
ad_len: c::size_t) -> c::int;
447426
}
448427

449428
#[cfg(test)]

0 commit comments

Comments
 (0)