From a458d7f336d51cef951c51c27a00418bbbab8232 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=90=D1=80=D1=82=D1=91=D0=BC=20=D0=9F=D0=B0=D0=B2=D0=BB?= =?UTF-8?q?=D0=BE=D0=B2=20=5BArtyom=20Pavlov=5D?= Date: Wed, 19 Jun 2024 17:01:01 +0300 Subject: [PATCH 1/3] Fix Nightly warnings --- blobby/src/lib.rs | 4 ++-- inout/src/inout.rs | 18 +++++++++--------- inout/src/inout_buf.rs | 20 ++++++++++---------- inout/src/reserved.rs | 22 +++++++++++----------- wycheproof2blb/src/main.rs | 13 +++++++------ zeroize/src/lib.rs | 16 ++++++++-------- 6 files changed, 47 insertions(+), 46 deletions(-) diff --git a/blobby/src/lib.rs b/blobby/src/lib.rs index 665b8b2d..1157580f 100644 --- a/blobby/src/lib.rs +++ b/blobby/src/lib.rs @@ -151,10 +151,10 @@ fn encode_vlq(mut val: usize, buf: &mut [u8; 4]) -> &[u8] { /// - (J << 1) & 0x01: indicates this blob is index entry J /// - (L << 1) & 0x00: indicates an explicit blob of len L /// - (in the latter case) explicit blob contents (L bytes) -pub fn encode_blobs<'a, I, T: 'a>(blobs: &'a I) -> (Vec, usize) +pub fn encode_blobs<'a, I, T>(blobs: &'a I) -> (Vec, usize) where &'a I: IntoIterator, - T: AsRef<[u8]>, + T: AsRef<[u8]> + 'a, { let mut idx_map = BTreeMap::new(); blobs diff --git a/inout/src/inout.rs b/inout/src/inout.rs index 412d3e70..75ed2381 100644 --- a/inout/src/inout.rs +++ b/inout/src/inout.rs @@ -44,19 +44,19 @@ impl<'inp, 'out, T> InOut<'inp, 'out, T> { /// # Safety /// Behavior is undefined if any of the following conditions are violated: /// - `in_ptr` must point to a properly initialized value of type `T` and - /// must be valid for reads. + /// must be valid for reads. /// - `out_ptr` must point to a properly initialized value of type `T` and - /// must be valid for both reads and writes. + /// must be valid for both reads and writes. /// - `in_ptr` and `out_ptr` must be either equal or non-overlapping. /// - If `in_ptr` and `out_ptr` are equal, then the memory referenced by - /// them must not be accessed through any other pointer (not derived from - /// the return value) for the duration of lifetime 'a. Both read and write - /// accesses are forbidden. + /// them must not be accessed through any other pointer (not derived from + /// the return value) for the duration of lifetime 'a. Both read and write + /// accesses are forbidden. /// - If `in_ptr` and `out_ptr` are not equal, then the memory referenced by - /// `out_ptr` must not be accessed through any other pointer (not derived from - /// the return value) for the duration of lifetime `'a`. Both read and write - /// accesses are forbidden. The memory referenced by `in_ptr` must not be - /// mutated for the duration of lifetime `'a`, except inside an `UnsafeCell`. + /// `out_ptr` must not be accessed through any other pointer (not derived from + /// the return value) for the duration of lifetime `'a`. Both read and write + /// accesses are forbidden. The memory referenced by `in_ptr` must not be + /// mutated for the duration of lifetime `'a`, except inside an `UnsafeCell`. #[inline(always)] pub unsafe fn from_raw(in_ptr: *const T, out_ptr: *mut T) -> InOut<'inp, 'out, T> { Self { diff --git a/inout/src/inout_buf.rs b/inout/src/inout_buf.rs index ec311d7b..7fb83877 100644 --- a/inout/src/inout_buf.rs +++ b/inout/src/inout_buf.rs @@ -149,20 +149,20 @@ impl<'inp, 'out, T> InOutBuf<'inp, 'out, T> { /// # Safety /// Behavior is undefined if any of the following conditions are violated: /// - `in_ptr` must point to a properly initialized value of type `T` and - /// must be valid for reads for `len * mem::size_of::()` many bytes. + /// must be valid for reads for `len * mem::size_of::()` many bytes. /// - `out_ptr` must point to a properly initialized value of type `T` and - /// must be valid for both reads and writes for `len * mem::size_of::()` - /// many bytes. + /// must be valid for both reads and writes for `len * mem::size_of::()` + /// many bytes. /// - `in_ptr` and `out_ptr` must be either equal or non-overlapping. /// - If `in_ptr` and `out_ptr` are equal, then the memory referenced by - /// them must not be accessed through any other pointer (not derived from - /// the return value) for the duration of lifetime 'a. Both read and write - /// accesses are forbidden. + /// them must not be accessed through any other pointer (not derived from + /// the return value) for the duration of lifetime 'a. Both read and write + /// accesses are forbidden. /// - If `in_ptr` and `out_ptr` are not equal, then the memory referenced by - /// `out_ptr` must not be accessed through any other pointer (not derived from - /// the return value) for the duration of lifetime 'a. Both read and write - /// accesses are forbidden. The memory referenced by `in_ptr` must not be - /// mutated for the duration of lifetime `'a`, except inside an `UnsafeCell`. + /// `out_ptr` must not be accessed through any other pointer (not derived from + /// the return value) for the duration of lifetime 'a. Both read and write + /// accesses are forbidden. The memory referenced by `in_ptr` must not be + /// mutated for the duration of lifetime `'a`, except inside an `UnsafeCell`. /// - The total size `len * mem::size_of::()` must be no larger than `isize::MAX`. #[inline(always)] pub unsafe fn from_raw( diff --git a/inout/src/reserved.rs b/inout/src/reserved.rs index 8c8b7a62..821061cf 100644 --- a/inout/src/reserved.rs +++ b/inout/src/reserved.rs @@ -44,22 +44,22 @@ impl<'a, T> InOutBufReserved<'a, 'a, T> { /// # Safety /// Behavior is undefined if any of the following conditions are violated: /// - `in_ptr` must point to a properly initialized value of type `T` and - /// must be valid for reads for `in_len * mem::size_of::()` many bytes. + /// must be valid for reads for `in_len * mem::size_of::()` many bytes. /// - `out_ptr` must point to a properly initialized value of type `T` and - /// must be valid for both reads and writes for `out_len * mem::size_of::()` - /// many bytes. + /// must be valid for both reads and writes for `out_len * mem::size_of::()` + /// many bytes. /// - `in_ptr` and `out_ptr` must be either equal or non-overlapping. /// - If `in_ptr` and `out_ptr` are equal, then the memory referenced by - /// them must not be accessed through any other pointer (not derived from - /// the return value) for the duration of lifetime 'a. Both read and write - /// accesses are forbidden. + /// them must not be accessed through any other pointer (not derived from + /// the return value) for the duration of lifetime 'a. Both read and write + /// accesses are forbidden. /// - If `in_ptr` and `out_ptr` are not equal, then the memory referenced by - /// `out_ptr` must not be accessed through any other pointer (not derived from - /// the return value) for the duration of lifetime 'a. Both read and write - /// accesses are forbidden. The memory referenced by `in_ptr` must not be - /// mutated for the duration of lifetime `'a`, except inside an `UnsafeCell`. + /// `out_ptr` must not be accessed through any other pointer (not derived from + /// the return value) for the duration of lifetime 'a. Both read and write + /// accesses are forbidden. The memory referenced by `in_ptr` must not be + /// mutated for the duration of lifetime `'a`, except inside an `UnsafeCell`. /// - The total size `in_len * mem::size_of::()` and - /// `out_len * mem::size_of::()` must be no larger than `isize::MAX`. + /// `out_len * mem::size_of::()` must be no larger than `isize::MAX`. #[inline(always)] pub unsafe fn from_raw( in_ptr: *const T, diff --git a/wycheproof2blb/src/main.rs b/wycheproof2blb/src/main.rs index 126f63e1..aa562e5d 100644 --- a/wycheproof2blb/src/main.rs +++ b/wycheproof2blb/src/main.rs @@ -5,12 +5,13 @@ )] use std::io::Write; -mod aead; +// We use `pub mod` to silence "field is never read" warnings +pub mod aead; mod aes_siv; mod ecdsa; mod ed25519; mod hkdf; -mod mac; +pub mod mac; mod wycheproof; /// Test information @@ -22,10 +23,10 @@ pub struct TestInfo { } /// Generator function which takes input parameters: -/// - contents of Wycheproof test data file -/// - algorithm name -/// - key size (in bits) to include -/// and returns the raw contents, together with a list of test identifiers (one per entry). +/// - contents of Wycheproof test data file +/// - algorithm name +/// - key size (in bits) to include +/// and returns the raw contents, together with a list of test identifiers (one per entry). type BlbGenerator = fn(&[u8], &str, u32) -> Vec; struct Algorithm { diff --git a/zeroize/src/lib.rs b/zeroize/src/lib.rs index 66f24111..8162f857 100644 --- a/zeroize/src/lib.rs +++ b/zeroize/src/lib.rs @@ -252,7 +252,7 @@ mod x86; use core::{ marker::{PhantomData, PhantomPinned}, - mem::{self, MaybeUninit}, + mem::{self, size_of, MaybeUninit}, num::{ self, NonZeroI128, NonZeroI16, NonZeroI32, NonZeroI64, NonZeroI8, NonZeroIsize, NonZeroU128, NonZeroU16, NonZeroU32, NonZeroU64, NonZeroU8, NonZeroUsize, @@ -409,10 +409,10 @@ where // // Safety: // - // The memory pointed to by `self` is valid for `mem::size_of::()` bytes. + // The memory pointed to by `self` is valid for `size_of::()` bytes. // It is also properly aligned, because `u8` has an alignment of `1`. unsafe { - volatile_set((self as *mut Self).cast::(), 0, mem::size_of::()); + volatile_set((self as *mut Self).cast::(), 0, size_of::()); } // Ensures self is overwritten with the `None` bit pattern. volatile_write can't be @@ -457,7 +457,7 @@ impl Zeroize for MaybeUninit { impl Zeroize for [MaybeUninit] { fn zeroize(&mut self) { let ptr = self.as_mut_ptr().cast::>(); - let size = self.len().checked_mul(mem::size_of::()).unwrap(); + let size = self.len().checked_mul(size_of::()).unwrap(); assert!(size <= isize::MAX as usize); // Safety: @@ -767,7 +767,7 @@ fn volatile_write(dst: &mut T, src: T) { /// The memory pointed to by `dst` must be a single allocated object that is valid for `count` /// contiguous elements of `T`. /// `count` must not be larger than an `isize`. -/// `dst` being offset by `mem::size_of:: * count` bytes must not wrap around the address space. +/// `dst` being offset by `size_of:: * count` bytes must not wrap around the address space. /// Also `dst` must be properly aligned. #[inline(always)] unsafe fn volatile_set(dst: *mut T, src: T, count: usize) { @@ -783,7 +783,7 @@ unsafe fn volatile_set(dst: *mut T, src: T, count: usize) { // Safety: // // This is safe, because the pointer is valid and because `dst` is well aligned for `T` and - // `ptr` is an offset of `dst` by a multiple of `mem::size_of::()` bytes. + // `ptr` is an offset of `dst` by a multiple of `size_of::()` bytes. ptr::write_volatile(ptr, src); } } @@ -837,10 +837,10 @@ unsafe fn volatile_set(dst: *mut T, src: T, count: usize) { /// ``` #[inline(always)] pub unsafe fn zeroize_flat_type(data: *mut F) { - let size = mem::size_of::(); + let size = size_of::(); // Safety: // - // This is safe because `mem::size_of()` returns the exact size of the object in memory, and + // This is safe because `size_of()` returns the exact size of the object in memory, and // `data_ptr` points directly to the first byte of the data. volatile_set(data as *mut u8, 0, size); atomic_fence() From 65663e38ffdc3a04aef54864a668146ea9c3428a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=90=D1=80=D1=82=D1=91=D0=BC=20=D0=9F=D0=B0=D0=B2=D0=BB?= =?UTF-8?q?=D0=BE=D0=B2=20=5BArtyom=20Pavlov=5D?= Date: Wed, 19 Jun 2024 17:06:27 +0300 Subject: [PATCH 2/3] Fix warning --- zeroize/src/lib.rs | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/zeroize/src/lib.rs b/zeroize/src/lib.rs index 8162f857..9fa575e5 100644 --- a/zeroize/src/lib.rs +++ b/zeroize/src/lib.rs @@ -252,7 +252,7 @@ mod x86; use core::{ marker::{PhantomData, PhantomPinned}, - mem::{self, size_of, MaybeUninit}, + mem::{size_of, MaybeUninit}, num::{ self, NonZeroI128, NonZeroI16, NonZeroI32, NonZeroI64, NonZeroI8, NonZeroIsize, NonZeroU128, NonZeroU16, NonZeroU32, NonZeroU64, NonZeroU8, NonZeroUsize, @@ -595,6 +595,8 @@ impl Zeroize for String { #[cfg(feature = "std")] impl Zeroize for CString { fn zeroize(&mut self) { + use core::mem; + // mem::take uses replace internally to swap the pointer // Unfortunately this results in an allocation for a Box::new(&[0]) as CString must // contain a trailing zero byte From 244b939c3fc45e78c62c29884e2d9ff5b59b80c0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=90=D1=80=D1=82=D1=91=D0=BC=20=D0=9F=D0=B0=D0=B2=D0=BB?= =?UTF-8?q?=D0=BE=D0=B2=20=5BArtyom=20Pavlov=5D?= Date: Wed, 19 Jun 2024 17:10:33 +0300 Subject: [PATCH 3/3] tweak comment --- wycheproof2blb/src/main.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wycheproof2blb/src/main.rs b/wycheproof2blb/src/main.rs index aa562e5d..1e3ccba1 100644 --- a/wycheproof2blb/src/main.rs +++ b/wycheproof2blb/src/main.rs @@ -5,7 +5,7 @@ )] use std::io::Write; -// We use `pub mod` to silence "field is never read" warnings +// `pub mod` is used to silence "field is never read" warnings pub mod aead; mod aes_siv; mod ecdsa;