arm: Switch from denylisting Apple targets to allowlisting Android/Li…

…nux. The allowlist approach is safer.
briansmith · Jun 22, 2024 · 3e9e2eb · 3e9e2eb
1 parent 9593d9b
commit 3e9e2eb
Show file tree

Hide file tree

Showing 6 changed files with 6 additions and 37 deletions.
diff --git a/Cargo.toml b/Cargo.toml
@@ -99,7 +99,6 @@ include = [
     "crypto/perlasm/x86gas.pl",
     "crypto/perlasm/x86nasm.pl",
     "crypto/perlasm/x86_64-xlate.pl",
-    "crypto/poly1305/internal.h",
     "crypto/poly1305/poly1305.c",
     "crypto/poly1305/poly1305_arm.c",
     "crypto/poly1305/poly1305_arm_asm.S",

diff --git a/crypto/poly1305/internal.h b/crypto/poly1305/internal.h
diff --git a/crypto/poly1305/poly1305.c b/crypto/poly1305/poly1305.c
@@ -18,7 +18,6 @@
 
 #include <ring-core/poly1305.h>
 
-#include "internal.h"
 #include "../internal.h"
 
 

diff --git a/crypto/poly1305/poly1305_arm.c b/crypto/poly1305/poly1305_arm.c
@@ -17,12 +17,9 @@
 
 #include <ring-core/poly1305.h>
 
-#include "internal.h"
 #include "../internal.h"
 
 
-#if defined(OPENSSL_POLY1305_NEON)
-
 #pragma GCC diagnostic ignored "-Wsign-conversion"
 #pragma GCC diagnostic ignored "-Wcast-align"
 
@@ -304,5 +301,3 @@ void CRYPTO_poly1305_finish_neon(poly1305_state *state, uint8_t mac[16]) {
   h->v[8] += c->v[8];
   fe1305x2_tobytearray(mac, h);
 }
-
-#endif  // OPENSSL_POLY1305_NEON
diff --git a/src/aead/poly1305.rs b/src/aead/poly1305.rs
@@ -55,8 +55,8 @@ macro_rules! dispatch {
       ( $( $p:ident : $t:ty ),+ )
       ( $( $a:expr ),+ ) ) => {
         match () {
-            // Apple's 32-bit ARM ABI is incompatible with the assembly code.
-            #[cfg(all(target_arch = "arm", not(target_vendor = "apple")))]
+            // BoringSSL uses `!defined(OPENSSL_APPLE)`.
+            #[cfg(all(target_arch = "arm", any(target_os = "android", target_os = "linux")))]
             () if cpu::arm::NEON.available($features) => {
                 prefixed_extern! {
                     fn $neon_f( $( $p : $t ),+ );

diff --git a/src/ec/curve25519/x25519.rs b/src/ec/curve25519/x25519.rs
@@ -62,7 +62,7 @@ fn x25519_public_from_private(
     let private_key: &[u8; SCALAR_LEN] = private_key.bytes_less_safe().try_into()?;
     let private_key = ops::MaskedScalar::from_bytes_masked(*private_key);
 
-    #[cfg(all(not(target_vendor = "apple"), target_arch = "arm"))]
+    #[cfg(all(target_arch = "arm", any(target_os = "android", target_os = "linux")))]
     {
         if cpu::arm::NEON.available(cpu_features) {
             static MONTGOMERY_BASE_POINT: [u8; 32] = [
@@ -108,7 +108,7 @@ fn x25519_ecdh(
         point: &ops::EncodedPoint,
         #[allow(unused_variables)] cpu_features: cpu::Features,
     ) {
-        #[cfg(all(not(target_vendor = "apple"), target_arch = "arm"))]
+        #[cfg(all(target_arch = "arm", any(target_os = "android", target_os = "linux")))]
         {
             if cpu::arm::NEON.available(cpu_features) {
                 return x25519_neon(out, scalar, point);
@@ -157,7 +157,8 @@ fn x25519_ecdh(
     Ok(())
 }
 
-#[cfg(all(not(target_vendor = "apple"), target_arch = "arm"))]
+// BoringSSL uses `!defined(OPENSSL_APPLE)`.
+#[cfg(all(target_arch = "arm", any(target_os = "android", target_os = "linux")))]
 fn x25519_neon(out: &mut ops::EncodedPoint, scalar: &ops::MaskedScalar, point: &ops::EncodedPoint) {
     prefixed_extern! {
         fn x25519_NEON(