Add #![no_std] (fixes #16) #17
Conversation
| arrayref = "0.3.2" | ||
|
|
||
| # Support for #![no_std] is only on master right now | ||
| arrayref = { git = "https://github.com/droundy/arrayref.git" } |
There was a problem hiding this comment.
Might want to wait for another release of arrayref before merging this /cc @droundy
|
@tarcieri I was vaguely considering using https://github.com/stouset/secrets, which wouldn't be compatible. I'm not sure whether to prioritise protecting/guarding memory allocated to hold secrets or to prioritise platform independence. It seems like the optimal solution would be for higher-level crypto protocols like https://github.com/isislovecruft/ed25519-dalek to use https://github.com/stouset/secrets and for curve25519-dalek to prioritise usability anywhere. (Thoughts, @hdevalence?) |
|
@isislovecruft you can gate features that use Re: memory protection, you might find this thread informative: rust-lang/rfcs#766 (comment) |
|
It might suffice to avoid returning secret data by value, which allow LLVM to move it around the stack willy nilly. In fact, I was just about to raise an issue mentioning that four There are actually tricks where by a return by value avoids the stack, at least in release builds, like say immediately calling I suspect any stack buffers allocated internally by your own code should be less risky, but one can imagine many games to address that too. |
|
Also we should expect changes in the secure memory crate space as allocators slowly stabilize. |
|
It appears |
|
Ok, I've updated my PR to add an I have confirmed my So long as any additional std-dependent crates you may use are gated on |
| version = "0.3" | ||
|
|
||
| [dependencies.arrayref] | ||
| version = "0.3.2" |
There was a problem hiding this comment.
I went ahead and put this back for now, however the released crate still depends on std. I can build my project by pulling in arrayref via git, but FYI it'd be nice to bump this whenever there's another release.
|
I think this is ready to merge |
|
Ok, I spoke too soon: this needs the new arrayref crate to be released before it can be merged |
|
I've just published arrayref 0.3.3, which should enable you to move forward. |
|
@droundy awesome thanks! I think @isislovecruft was noting a 5% performance reduction from this PR... any idea if |
Use ::core in lieu of ::std, allowing this crate to be usable in #![no_std] environments. Gates features that presently depend on ::std (presently just rand) behind a "std" cargo feature, which is enabled by default.
|
I think this is actually ready to merge now |
|
I would be surprised if arrayref could be responsible. Did you change the
code to use arrayref, or change the arrayref version? I could imagine that
using arrayref could impact placement of arrays on the stack maybe?
David
…On Wed, Jan 18, 2017 at 5:12 PM Tony Arcieri ***@***.***> wrote:
I think this is *actually* ready to merge now
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<https://github.com/isislovecruft/curve25519-dalek/pull/17#issuecomment-273652894>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAIZKQcVukUA5f4WIlV7WZxDm-geEQveks5rTrhogaJpZM4Lje57>
.
|
|
@droundy Thanks for the new arrayref release! We've been using 0.3.2 this whole time. |
|
@tarcieri I've merged and released curve25519-dalek-0.3.0. Thanks for all your help! Let me know if there's anything else we can do to make this usable for your projects. |
This crate does not depend on std. I would like to use it in a #![no_std] Rust program, but to do that this library can't link against std.