A little function to complement the existing crypto.utils.timingSafeEql
function with a way to compare large numbers serialized as arrays.
This is useful to compare nonces and to check that group elements are
in canonical form.
Absence of side channels remains a best effort, reusing the common
pattern we use elsewhere.
- original PR #7949 (incorrectly) patched a generated-file and changes
have subsequently been lost/overwritten
- fix#7947 in a different way: drop `ppc32` because `ppc` already exists
std/crypto: use finer-grained error sets in function signatures
Returning the `crypto.Error` error set for all crypto operations
was very convenient to ensure that errors were used consistently,
and to avoid having multiple error names for the same thing.
The flipside is that callers were forced to always handle all
possible errors, even those that could never be returned by a
function.
This PR makes all functions return union sets of the actual errors
they can return.
The error sets themselves are all limited to a single error.
Larger sets are useful for platform-specific APIs, but we don't have
any of these in `std/crypto`, and I couldn't find any meaningful way
to build larger sets.
In std.meta.cast when casting to an enum type from an integer type, first
do a C-style cast from the source value to the tag type of the enum.
This ensures that we don't get an error due to the source value not being
representable by the enum.
In transCCast() use std.meta.cast instead of directly emitting the cast
operation since the enum's underlying type may not be known at translation
time due to an MSVC bug, see https://github.com/ziglang/zig/issues/8003Fixes#6011
Happy LLVM 12 Release Day.
Please note that the llvm 12 tag does not include the latest commit in
the release/12.x branch, which is in fact a bug fix for a regression
that is causing a failure in Zig's test suite.
Zig master branch is tracking release/12.x, and will be enabling the
test that is fixed by that commit.
* Add some more tests for the sqrt/sqrtf implementations.
The idea is to cross-check the software impl with the HW one whenever
possible.
* Fix a broken test, oops.
The code initializes twice `t` instead of `t1`, leaving the latter
uninitialized. The problem manifested itself by corrupting the LSBs of
the result in unpredictable ways.
