Brian Smith

'rsa::keypair::tests::test_rsakeypair_private_exponentiate' panicked at 'attempt to subtract with overflow', aarch64-pc-windows-msvc

10

commit 934ee03e67fb74322af9a805c2dd19893e461d4a, CI job "[test (aarch64-pc-windows-msvc, --release, 1.66.0)](https://github.com/briansmith/ring/issues#logs)" failed on the main branch. ``` failures: ---- rsa::keypair::tests::test_rsakeypair_private_exponentiate stdout ---- thread 'rsa::keypair::tests::test_rsakeypair_private_exponentiate' panicked at 'attempt to subtract with overflow', src\arithmetic\bigint\modulus.rs:155:38 failures:...

Work around incompatibility of aes-gcm-avx512 with ancient GNU as (GNU binutils)

18

This is just like issue #2463, except for AVX-512 version of the code in PR #2444, instead of the AVX2 version that already landed. There are two pending changes from...

arithmetic: Rewrite `limbs_reduce_once`.

1

Move the function to `arithmetic` from `limb`. This is step towards moving all arithmetic out of `limb`. Change the signature so that the reduction is done separately instead of in-place....

In this code in the non-x86_64 `elem_exp_consttime_inner`: ``` for i in 2..TABLE_ENTRIES { let (src1, src2) = if i % 2 == 0 { (i / 2, i / 2)...

Support mitigations that are normally done automatically by compilers in assembly

1

Rust is adding a `-Zharden-sls` mitigation for straight-line speculation; see https://github.com/rust-lang/rust/pull/136597. This raises the question of what to about our external assembly code. Should we expect the assembler to inject...

Simplify implementation of vectorized reads to avoid transmutes.

2

This removies two more transmute-based conversions.

Avoid [u64; 4] -> [u128; 2] conversion.

1

Avoid the need to implement this conversion by just hard-coding the constant twice.