Changes since 1.3.0:
- The unstable `traits-preview` feature now includes an implementation
of `crypto_common::BlockSizeUser`, AKA
`digest::core_api::BlockSizeUser`. This allows `blake3::Hasher` to be
used with `hmac::SimpleHmac`.
Changes since 1.2.0:
- Added blake3_hasher_reset to the C API, for parity with the Rust API.
- Updated digest to v0.10. This version merged the crypto-mac crate with
digest, so the dependency on crypto-mac has been removed. These trait
implementations are still gated behind the "traits-preview" feature.
- Updated clap to v3.
Changes since 1.1.0:
- SECURITY FIX: Fixed an instance of undefined behavior in the Windows
SSE2 assembly implementations, which affected both the Rust and C
libraries in their default build configurations. See
https://github.com/BLAKE3-team/BLAKE3/issues/206. The cause was a
vector register that wasn't properly saved and restored. This bug has
been present since SSE2 support was initially added in v0.3.7. The
effects of this bug depend on surrounding code and compiler
optimizations; see test_issue_206_windows_sse2 for an example of this
bug causing incorrect hash output. Note that even when surrounding
code is arranged to trigger this bug, the SSE2 implementation is
normally only invoked on CPUs where SSE4.1 (introduced in 2007) isn't
supported. One notable exception, however, is if the Rust library is
built in `no_std` mode, with `default_features = false` or similar. In
that case, runtime CPU feature detection is disabled, and since LLVM
assumes that all x86-64 targets support SSE2, the SSE2 implementation
will be invoked. For that reason, Rust callers who build `blake3` in
`no_std` mode for x86-64 Windows targets are the most likely to
trigger this bug. We found this bug in internal testing, and we aren't
aware of any callers encountering it in practice.
- Added the Hasher::count() method.
The SSE2 patch introduced xmm10 as a temporary register for one of the
rotations, but xmm6-xmm15 are callee-save registers on Windows, and
SSE4.1 was only saving the registers it used. The minimal fix is to use
one of the saved registers instead of xmm10.
See https://github.com/BLAKE3-team/BLAKE3/issues/206.
Changes since 1.0.0:
- The NEON implementation is now enabled by default on AArch64 targets.
Previously it was disabled without the "neon" Cargo feature in Rust or
the "BLAKE3_USE_NEON=1" preprocessor flag in C. This is still the case
on ARM targets other than AArch64, because of the lack of dynamic CPU
feature detection on ARM. Contributed by @rsdy.
- The previous change leads to some build incompatibilities,
particularly in C. If you build the C implementation for AArch64
targets, you now need to include blake3_neon.c, or else you'll get a
linker error like "undefined reference to `blake3_hash_many_neon'". If
you don't want the NEON implementation, you need to explicitly set
"BLAKE3_USE_NEON=0". On the Rust side, AArch64 targets now require the
C toolchain by default. build.rs includes workarounds for missing or
very old C compilers for x86, but it doesn't currently include such
workarounds for AArch64. If we hear about build breaks related to
this, we can add more workarounds as appropriate.
- C-specific Git tags ("c-0.3.7" etc.) have been removed, and all the
projects in this repo (Rust "blake3", Rust "b3sum", and the C
implementation) will continue to be versioned in lockstep for the
foreseeable future.
Changes since 0.3.8:
- Add Hash::from_hex() and implement FromStr for Hash.
- Implement Display for Hash, equivalent to Hash::to_hex().
- Implement PartialEq<[u8]> for Hash, using constant_time_eq.
- Change derive_key() to return a 32-byte array. As with hash() and
keyed_hash(), callers who want a non-default output length can use
Hasher::finalize_xof().
- Replace Hasher::update_with_join() with Hasher::update_rayon(). The
former was excessively generic, and the Join trait leaked
implementation details. As part of this change, the Join trait is no
longer public.
- Upgraded arrayvec to 0.7.0, which uses const generics. This bumps the
minimum supported Rust compiler version to 1.51.
- Gate the digest and crypto-mac trait implementations behind an
unstable feature, "traits-preview". As part of this change upgrade
crypto-mac to 0.11.0.
- Visual Studio <= 2015 does not support AVX-512 either way;
- Visual Studio 2017 does not tolerate vmovd with 64-bit operands;
- Visual Studio 2019 does not care.
This will let us add big endian testing to CI for our C code. (We were
already doing it for our Rust code.)
This is adapted from test_vectors/cross_test.sh. It works around the
limitation that the `cross` tool can't reach parent directories. It's an
unfortunate hack, but at least it's only for testing. It might've been
less hacky to use symlinks for this somehow, but I worry that would
break things on Windows, and I don't want to have to add workarounds for
my workarounds.
Use statically calculated ~mask. This reduces the number of moves and registers necessary at the expense of an extra memory load. This is probably a good trade-off since we are not bound by memory uops in this loop.
Jack O'Connor
Samuel Neves
rsdy
David Burkett
Jack O'Connor
Samuel Neves
Hans Henrik Bergan
Renzo Carbonara
Matthew Krupcale