Leave the minimum amount of stack space required by the ABI (16 * 8
bytes for the window contents plus 6 * 8 bytes for the input arguments)
on the new thread stack.
* Add a yield pattern for PowerPC64
* Fix compile error on pre-v6 ARM targets
* Use isb instead of yield on AArch64 to give the CPU a chance to enter
low-power states.
* Make the hint an inline function, the call overhead can be avoided.
Should be good enough to unblock progress on the stage2 compiler.
Unifying this parser and the regular one (and perhaps rewrite it, #2207)
is left as an exercise for the reader.
* 25519: remove unused const, safeguard against unreduced scalars
No behavior change, but it makes the existing code better match
the forthcoming code for other curves.
Rename nonAdjacentForm() to slide(), remove an unneeded and
confusing constant, and do a reduction in slide() if 257 bits would
be required.
Note that in all the high-level functions, the top bit is always
cleared, so the reduction is never necessary. But since the low-level
functions are public, the check is a safe thing to have.
* 25519: make identityElement public, deprecate neutralElement
Also fix a few comments by the way.
This reverts commit 77cb45f59f7b37c316af1762298d6032e2b130b5.
Zig's error return traces will point to the return token if they
happen to occur, so having multiple return statements makes those
stack traces really helpful. This destroys debuggability.
* #8454 Fix for std.mem.replacementSize adjacent matches bug.
When two 'needle' values are adjacent in the 'input' slice, the size is not
counted correctly. The 2nd 'needle' value is not matched because the index is
incremented by one after changing the index to account for the first value.
The impact is the the size returned is incorrect, and could cause UB when this
amount is used to size of the buffer passed to std.mem.replace.
* Apply changes from PR review:
- Add assert checking that the needle is non-empty and doc for this.
- Add minimal test that an empty input works.
- Use testing.expectEqualStrings.
Flush all the register windows to stack before starting the stack walk,
we may otherwise try to read garbage and crash and burn.
Add a few comptime annotations to debloat some functions.
A little function to complement the existing crypto.utils.timingSafeEql
function with a way to compare large numbers serialized as arrays.
This is useful to compare nonces and to check that group elements are
in canonical form.
Absence of side channels remains a best effort, reusing the common
pattern we use elsewhere.
Kick-start initial work on new cross-platform abstraction for
sockets. Adds a test for read timeouts and a test for creating
a non-blocking socket pair on Linux.
The new Socket abstraction is barebones and is made to support both
blocking and non-blocking abstractions, alongside different socket
protocols and domains.
Support for platform-dependant socket options that handles unsupported
platforms gracefully via. comptime checks is provided for the new Socket
abstraction.
This also marks the first out of many commits for introducing breaking
changes to the standard library in a separate `x` folder, which was
pre-approved by @andrewrk.
The intent for the new `x` package is to introduce new async, event loop,
networking, and operating system abstractions that would require breaking
the standard library significantly. By having the `x` package, code in the
standard library and compiler may then slowly be refactored to use the `x`
package. Once modules in the `x` package are stabilized, they can be moved
out of the `x` package, and a global 'grep' can be done to update import
paths that resolve to the stabilized module in the `x` package.
- original PR #7949 (incorrectly) patched a generated-file and changes
have subsequently been lost/overwritten
- fix#7947 in a different way: drop `ppc32` because `ppc` already exists
std/crypto: use finer-grained error sets in function signatures
Returning the `crypto.Error` error set for all crypto operations
was very convenient to ensure that errors were used consistently,
and to avoid having multiple error names for the same thing.
The flipside is that callers were forced to always handle all
possible errors, even those that could never be returned by a
function.
This PR makes all functions return union sets of the actual errors
they can return.
The error sets themselves are all limited to a single error.
Larger sets are useful for platform-specific APIs, but we don't have
any of these in `std/crypto`, and I couldn't find any meaningful way
to build larger sets.
