Skip to content

replaced timing_safe_cmp implementation with Subtle #2366

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

replaced timing_safe_cmp implementation with Subtle #2366

wants to merge 1 commit into from

Conversation

orf
Copy link
Contributor

@orf orf commented Dec 10, 2020
edited
Loading

This PR runs cargo upgrade on the project and fixes associated errors.

I replaced timing_safe_cmp with Subtle rather than trying to upgrade the code to use the new version of volatile. I think Subtle is a good crate to rely on for this.

I also used the default-members feature of Cargo to remove the need for specific package flags in the CI tests, making getting up and running with RustPython simpler (for me at least!)

@orf orf changed the title Bump RustPython dependencies WIP: Bump RustPython dependencies Dec 10, 2020
@orf orf changed the title WIP: Bump RustPython dependencies Bump RustPython dependencies Dec 10, 2020
@orf orf changed the title Bump RustPython dependencies Upgraded RustPython dependencies and replaced timing_safe_cmp implementation with Subtle Dec 14, 2020
@youknowone
Copy link
Member

If we regard RustPython core modules as a library, caret or tilde notation will give a bit of freedom for users
https://doc.rust-lang.org/cargo/reference/specifying-dependencies.html

coolreader18
coolreader18 reviewed Dec 16, 2020
View reviewed changes
common/src/cmp.rs
}

result == 0
a.ct_eq(b).into()
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think if we're just using subtle, we could just depend on subtle from rustpython-vm and remove the cmp module here.

@coolreader18
Copy link
Member

I think caret is the default:

The string "0.1.12" is a semver version requirement. Since this string does not have any operators in it, it is interpreted the same way as if we had specified "^0.1.12", which is called a caret requirement.

https://doc.rust-lang.org/cargo/reference/specifying-dependencies.html

This is just so that CI and stuff uses updated versions, if I understand correctly.

@coolreader18
Copy link
Member

Also, I'm not sure if default-members is the desirable behavior, cargo build now would build all the libraries rather than just building the binary

@youknowone youknowone changed the title Upgraded RustPython dependencies and replaced timing_safe_cmp implementation with Subtle replaced timing_safe_cmp implementation with Subtle Aug 17, 2021
@youknowone
Copy link
Member

This PR was covering too much things in a single PR. I rebased it without outdated stuff.

@orf orf closed this by deleting the head repository Aug 5, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@coolreader18 coolreader18 coolreader18 left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@orf @youknowone @coolreader18