Add the no_heap feature to disable heap-using functionality.

The RSA doctest had to be disabled temporarily until
rust-lang/rust#30372 makes it to the stable
Rust channel (Rust 1.8).

Some of the tests and the test framework in |ring::file_test| are still
using the heap. This will be fixed separately.

Author: briansmith

Cargo.toml

@@ -23,6 +23,10 @@ branch = "optional-rand-rustc_serialize"
 default-features = false
 features = ["bigint"]
 
+[features]
+# These features are documented in the top-level module's documentation.
+no_heap = []
+
 # Fix the `bench`, `release`, and `test` profiles so they all have the
 # same configuration.
 #

src/agreement.rs

@@ -14,21 +14,30 @@
 
 //! Key agreement: ECDH.
 
-use super::{c, digest, ecc, ffi};
-use super::input::Input;
 use std;
+use super::{c, digest, ecc};
+#[cfg(not(feature = "no_heap"))] use super::ffi;
+use super::input::Input;
 
 /// A key agreement algorithm.
 pub struct Algorithm {
+    #[cfg_attr(feature = "no_heap", allow(dead_code))]
     ec_group_fn: unsafe extern fn () -> *const ecc::EC_GROUP,
+
     encoded_public_key_len: usize,
+
+    #[cfg_attr(feature = "no_heap", allow(dead_code))]
     nid: c::int,
+
     generate_key_pair: fn(alg: &'static Algorithm) -> Result<KeyPairImpl, ()>,
+
     fill_with_public_key: fn(algorithm: &Algorithm, key_pair_impl: &KeyPairImpl,
                              out: &mut [u8]) -> Result<(), ()>,
+
     agree: fn(key_pair: &KeyPairImpl, peer_public_key_pair_alg: &Algorithm,
               peer_public_key: &[u8], shared_key: &mut [u8])
               -> Result<usize, ()>,
+
     drop_key_pair: fn(key_pair_impl: &mut KeyPairImpl),
 }
 
@@ -83,6 +92,7 @@ impl Drop for EphemeralKeyPair {
 }
 
 enum KeyPairImpl {
+    #[cfg(not(feature = "no_heap"))]
     NIST {
         key: *mut EC_KEY,
     },
@@ -191,6 +201,7 @@ pub extern fn SHA512_5(out: *mut u8, out_len: c::size_t,
 
 macro_rules! nist_ecdh {
     ( $NAME:ident, $bits:expr, $name_str:expr, $ec_group_fn:expr, $nid:expr ) => {
+        #[cfg(not(feature = "no_heap"))]
         #[doc="ECDH using the NIST"]
         #[doc=$name_str]
         #[doc="curve."]
@@ -212,6 +223,8 @@ macro_rules! nist_ecdh {
         /// reduced modulo *q* are currently reduced mod *q* during
         /// verification. Soon, coordinates larger than *q* - 1 will be
         /// rejected.
+        ///
+        /// Not available in `no_heap` mode.
         pub static $NAME: Algorithm = Algorithm {
             ec_group_fn: $ec_group_fn,
             encoded_public_key_len: 1 + (2 * (($bits + 7) / 8)),
@@ -231,13 +244,15 @@ nist_ecdh!(ECDH_P384, 384, "P-384 (secp256r1)", ecc::EC_GROUP_P384,
 nist_ecdh!(ECDH_P521, 521, "P-521 (secp256r1)", ecc::EC_GROUP_P521,
            716 /*NID_secp521r1*/);
 
+#[cfg(not(feature = "no_heap"))]
 fn nist_ecdh_generate_key_pair(algorithm: &Algorithm) -> Result<KeyPairImpl, ()> {
     let key = try!(ffi::map_bssl_ptr_result(unsafe {
         EC_KEY_generate_key_ex((algorithm.ec_group_fn)())
     }));
     Ok(KeyPairImpl::NIST { key: key })
 }
 
+#[cfg(not(feature = "no_heap"))]
 fn nist_ecdh_fill_with_public_key(algorithm: &Algorithm,
                                   key_pair_impl: &KeyPairImpl, out: &mut [u8])
                                   -> Result<(), ()> {
@@ -253,6 +268,7 @@ fn nist_ecdh_fill_with_public_key(algorithm: &Algorithm,
     }
 }
 
+#[cfg(not(feature = "no_heap"))]
 fn nist_ecdh_agree(key_pair_impl: &KeyPairImpl, peer_public_key_alg: &Algorithm,
                    peer_public_key: &[u8], shared_key: &mut [u8])
                    -> Result<usize, ()> {
@@ -270,6 +286,7 @@ fn nist_ecdh_agree(key_pair_impl: &KeyPairImpl, peer_public_key_alg: &Algorithm,
     }
 }
 
+#[cfg(not(feature = "no_heap"))]
 fn nist_ecdh_drop_key_pair(key_pair_impl: &mut KeyPairImpl) {
     match key_pair_impl {
         &mut KeyPairImpl::NIST { key } => {
@@ -280,15 +297,22 @@ fn nist_ecdh_drop_key_pair(key_pair_impl: &mut KeyPairImpl) {
     }
 }
 
+#[cfg(not(feature = "no_heap"))]
 #[allow(non_camel_case_types)]
 enum EC_KEY { }
 
 extern {
+    #[cfg(not(feature = "no_heap"))]
     fn EC_KEY_generate_key_ex(group: *const ecc::EC_GROUP) -> *mut EC_KEY;
+
+    #[cfg(not(feature = "no_heap"))]
     fn EC_KEY_public_key_to_oct(key: *const EC_KEY, out: *mut u8,
                                 out_len: c::size_t) -> c::size_t;
+
+    #[cfg(not(feature = "no_heap"))]
     fn EC_KEY_free(key: *mut EC_KEY);
 
+    #[cfg(not(feature = "no_heap"))]
     fn ECDH_compute_key_ex(out: *mut u8, out_len: *mut c::size_t,
                            max_out_len: c::size_t, my_key_pair: *const EC_KEY,
                            peer_curve_nid: c::int,

src/ecc.rs

@@ -15,6 +15,7 @@
 #[allow(non_camel_case_types)]
 pub enum EC_GROUP { }
 
+#[cfg(not(feature = "no_heap"))]
 extern {
     pub fn EC_GROUP_P256() -> *const EC_GROUP;
     pub fn EC_GROUP_P384() -> *const EC_GROUP;

src/exe_tests.rs

@@ -35,12 +35,27 @@ macro_rules! exe_test {
 }
 
 exe_test!(aes_test, "crypto/aes/aes_test", []);
+
+#[cfg(not(feature = "no_heap"))]
 exe_test!(bn_test, "crypto/bn/bn_test", []);
+
+#[cfg(not(feature = "no_heap"))]
 exe_test!(bytestring_test, "crypto/bytestring/bytestring_test", []);
+
 exe_test!(constant_time_test, "crypto/constant_time_test", []);
+
+#[cfg(not(feature = "no_heap"))]
 exe_test!(ecdsa_test, "crypto/ecdsa/ecdsa_test", []);
+
 exe_test!(gcm_test, "crypto/modes/gcm_test", []);
-exe_test!(poly1305_test, "crypto/poly1305/poly1305_test", ["crypto/poly1305/poly1305_test.txt"]);
+
+#[cfg(not(feature = "no_heap"))] // XXX: Rewrite to avoid OPENSSL_malloc
+exe_test!(poly1305_test, "crypto/poly1305/poly1305_test",
+          ["crypto/poly1305/poly1305_test.txt"]);
+
 exe_test!(refcount_test, "crypto/refcount_test", []);
+
+#[cfg(not(feature = "no_heap"))]
 exe_test!(rsa_test, "crypto/rsa/rsa_test", []);
+
 exe_test!(thread_test, "crypto/thread_test", []);

src/ffi.rs

@@ -21,6 +21,7 @@ pub fn map_bssl_result(bssl_result: c::int) -> Result<(), ()> {
     }
 }
 
+#[cfg(not(feature = "no_heap"))]
 pub fn map_bssl_ptr_result<T>(bssl_result: *mut T) -> Result<*mut T, ()> {
     if bssl_result.is_null() {
         return Err(());

src/lib.rs

@@ -12,6 +12,22 @@
 // ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 // OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
+//! Safe, fast, small crypto using Rust with BoringSSL's cryptography primitives.
+//!
+//! # Feature Flags
+//!
+//! <table>
+//! <tr><th>Feature
+//!     <th>Description
+//! <tr><td><code>no_heap</code>
+//!     <td>Disable all functionality that uses the heap. This is useful for
+//!         code running in kernel space and some embedded applications. The
+//!         goal is to enable as much functionality as is practical in
+//!         <code>no_heap</code> mode, but for now some RSA, ECDH, and ECDSA
+//!         functionality still uses the heap.
+//! </table>
+
+
 #[cfg(test)]
 extern crate rustc_serialize;
 

src/signature.rs

@@ -36,7 +36,8 @@
 //! larger messages will be added later. Similarly, the signing interface is
 //! not available yet.
 
-use super::{c, digest, ecc, ffi};
+use super::{c, ffi};
+#[cfg(not(feature = "no_heap"))] use super::{digest, ecc};
 use super::input::Input;
 
 /// A signature verification algorithm.
@@ -70,13 +71,17 @@ trait VerificationAlgorithmImpl {
 ///
 /// ## Verify a RSA PKCS#1 signature that uses the SHA-256 digest
 ///
-/// ```
+/// ```ignore
+/// # // XXX: Re-enable when https://github.com/rust-lang/rust/pull/30372
+/// # // reaches stable.
+/// #
 /// use ring::input::Input;
 /// use ring::signature;
 ///
 /// // Ideally this function should take its inputs as `Input`s instead of
 /// // slices. It takes its input as slices to illustrate how to convert slices
 /// // to `Input`s.
+/// # #[cfg(not(feature = "no_heap"))]
 /// fn verify_rsa_pkcs1_sha256(public_key: &[u8], msg: &[u8], sig: &[u8])
 ///                            -> Result<(), ()> {
 ///    let public_key = try!(Input::new(public_key));
@@ -105,11 +110,13 @@ pub fn verify(alg: &VerificationAlgorithm, public_key: Input, msg: Input,
 
 
 /// ECDSA Signatures.
+#[cfg(not(feature = "no_heap"))]
 struct ECDSA {
     digest_alg: &'static digest::Algorithm,
     ec_group_fn: unsafe extern fn() -> *const ecc::EC_GROUP,
 }
 
+#[cfg(not(feature = "no_heap"))]
 impl VerificationAlgorithmImpl for ECDSA {
     fn verify(&self, public_key: Input, msg: Input, signature: Input)
               -> Result<(), ()> {
@@ -130,6 +137,7 @@ impl VerificationAlgorithmImpl for ECDSA {
 macro_rules! ecdsa {
     ( $VERIFY_ALGORITHM:ident, $curve_name:expr, $ec_group_fn:expr,
       $digest_alg_name:expr, $digest_alg:expr ) => {
+        #[cfg(not(feature = "no_heap"))]
         #[doc="ECDSA signatures using the "]
         #[doc=$curve_name]
         #[doc=" curve and the "]
@@ -158,6 +166,8 @@ macro_rules! ecdsa {
         /// described in [RFC 3279 Section
         /// 2.2.3](https://tools.ietf.org/html/rfc3279#section-2.2.3). Both *r*
         /// and *s* are verified to be in the range [1, *n* - 1].
+        ///
+        /// Not available in `no_heap` mode.
         pub static $VERIFY_ALGORITHM: VerificationAlgorithm =
                 VerificationAlgorithm {
             implementation: &ECDSA {
@@ -241,11 +251,13 @@ impl VerificationAlgorithmImpl for EdDSA {
 
 /// RSA PKCS#1 1.5 signatures.
 #[allow(non_camel_case_types)]
+#[cfg(not(feature = "no_heap"))]
 struct RSA_PKCS1 {
     digest_alg: &'static digest::Algorithm,
     min_bits: usize,
 }
 
+#[cfg(not(feature = "no_heap"))]
 impl VerificationAlgorithmImpl for RSA_PKCS1 {
     fn verify(&self, public_key: Input, msg: Input, signature: Input)
               -> Result<(), ()> {
@@ -266,12 +278,15 @@ impl VerificationAlgorithmImpl for RSA_PKCS1 {
 macro_rules! rsa_pkcs1 {
     ( $VERIFY_ALGORITHM:ident, $min_bits:expr, $min_bits_str:expr,
       $digest_alg_name:expr, $digest_alg:expr ) => {
+        #[cfg(not(feature = "no_heap"))]
         #[doc="RSA PKCS#1 1.5 signatures of "]
         #[doc=$min_bits_str]
         #[doc="-8192 bits "]
         #[doc="using the "]
         #[doc=$digest_alg_name]
         #[doc=" digest algorithm."]
+        ///
+        /// Not available in `no_heap` mode.
         pub static $VERIFY_ALGORITHM: VerificationAlgorithm =
                 VerificationAlgorithm {
             implementation: &RSA_PKCS1 {
@@ -291,6 +306,7 @@ rsa_pkcs1!(RSA_PKCS1_3072_8192_SHA384, 3072, "3072", "SHA-384", &digest::SHA384)
 
 
 extern {
+    #[cfg(not(feature = "no_heap"))]
     fn ECDSA_verify_signed_digest(group: *const ecc::EC_GROUP, hash_nid: c::int,
                                   digest: *const u8, digest_len: c::size_t,
                                   sig_der: *const u8, sig_der_len: c::size_t,
@@ -306,6 +322,7 @@ extern {
                       signature: *const u8/*[64]*/,
                       public_key: *const u8/*[32]*/) -> c::int;
 
+    #[cfg(not(feature = "no_heap"))]
     fn RSA_verify_pkcs1_signed_digest(min_bits: usize, max_bits: usize,
                                       digest_nid: c::int, digest: *const u8,
                                       digest_len: c::size_t, sig: *const u8,