Changes since 1.3.3:
- The C implementation provides a `CMakeLists.txt` for callers who build
with CMake. The CMake build is not yet stable, and callers should
expect breaking changes in patch version updates. The "by hand" build
will always continue to be supported and documented.
- `b3sum` supports the `--seek` flag, to set the starting position in
the output stream.
- `b3sum --check` prints a summary of errors to stderr.
- `Hash::as_bytes` is const.
- `Hash` supports `from_bytes`, which is const.
The ISA names communicated by `CMAKE_SYSTEM_PROCESSOR` aren't as much
standardized as one would wish they were. Factor the different names
into lists allowing for simpler checks and future updates.
Add hidden options for enabling SIMD support in case ISA detection
fails. These should only be used to temporarily workarounds until the
ISA name lists has been updated/fixed.
In order for blake3 to be usable as a shared library on Windows it is
required to annotate public symbols. Use this as an opportunity to prune
the symbol table for other OSes, too.
Aggreggate source files directly in the target instead of a proxy
variable.
Install CMake package config files in order to allow the project to be
found via `find_package()` by dependents.
Replace hard coded SIMD compiler flags with configurable options. Retain
the current GCC/Clang flags as defaults for these compilers. Add default
SIMD compiler flags for MSVC.
Remove hard coded compiler flags (including -fPIC). These are not
portable and should be set by the toolchain file or on the CLI.
- Guard ASM sources with triplet compatibility checks.
- Remove the `BLAKE3_STATIC` option in favor of [`BUILD_SHARED_LIBS`].
[`BUILD_SHARED_LIBS`]: https://cmake.org/cmake/help/v3.9/variable/BUILD_SHARED_LIBS.html
SSSE3 is indicated by bit 9 of ECX, not bit 0, which indicates the
presence of SSE3.
There are very few CPUs in use affected by this bug; SSE3 was part of
the Prescott new instructions, introduced in the later Pentium 4 chips,
whereas SSSE3 was introduced in Intel's Core 2 and AMD's Bulldozer. This
leaves a few Pentium 4 and Athlon 64 models that will potentially run an
illegal pshufb or pblendw.
Changes since 1.3.2:
- Fix incorrect output from AVX-512 intrinsics under GCC 5.4 and 6.1 in
debug mode. This bug was found in unit tests and probably doesn't
affect the public API in practice. See
https://github.com/BLAKE3-team/BLAKE3/issues/271.
Fixes https://github.com/BLAKE3-team/BLAKE3/issues/271.
The `_mm512_cmp_epu32_mask` intrinsic is broken under GCC 5.4 and 6.1.
This led to incorrect output in the AVX-512 implementation when building
with intrinsics instead of assembly. This fix is a simplified version of
Samuel's proposed fix here:
f10816e857 (commitcomment-90742995)
I'm adding the i32::MAX test case here because I personally screwed it
up while I was working on
https://github.com/BLAKE3-team/BLAKE3/issues/271. The correct
implementation of the carry bit is the ANDNOT of old high bit (1) and
the new high bit (0). Using XOR instead of ANDNOT gives the correct
answer in the overflow case, but it also reports an incorrect "extra"
overflow when the high bit goes from 0 to 1.
Changes since 1.3.1:
- Dependency updates only. This includes updating Clap to v4, which
changes the format of the `b3sum --help` output. The new MSRV is
1.59.0 for `blake3` and 1.60.0 for `b3sum`. Note that this project
doesn't have any particular MSRV policy, and we don't consider MSRV
bumps to be breaking changes.
Changes since 1.3.0:
- The unstable `traits-preview` feature now includes an implementation
of `crypto_common::BlockSizeUser`, AKA
`digest::core_api::BlockSizeUser`. This allows `blake3::Hasher` to be
used with `hmac::SimpleHmac`.
Changes since 1.2.0:
- Added blake3_hasher_reset to the C API, for parity with the Rust API.
- Updated digest to v0.10. This version merged the crypto-mac crate with
digest, so the dependency on crypto-mac has been removed. These trait
implementations are still gated behind the "traits-preview" feature.
- Updated clap to v3.
Changes since 1.1.0:
- SECURITY FIX: Fixed an instance of undefined behavior in the Windows
SSE2 assembly implementations, which affected both the Rust and C
libraries in their default build configurations. See
https://github.com/BLAKE3-team/BLAKE3/issues/206. The cause was a
vector register that wasn't properly saved and restored. This bug has
been present since SSE2 support was initially added in v0.3.7. The
effects of this bug depend on surrounding code and compiler
optimizations; see test_issue_206_windows_sse2 for an example of this
bug causing incorrect hash output. Note that even when surrounding
code is arranged to trigger this bug, the SSE2 implementation is
normally only invoked on CPUs where SSE4.1 (introduced in 2007) isn't
supported. One notable exception, however, is if the Rust library is
built in `no_std` mode, with `default_features = false` or similar. In
that case, runtime CPU feature detection is disabled, and since LLVM
assumes that all x86-64 targets support SSE2, the SSE2 implementation
will be invoked. For that reason, Rust callers who build `blake3` in
`no_std` mode for x86-64 Windows targets are the most likely to
trigger this bug. We found this bug in internal testing, and we aren't
aware of any callers encountering it in practice.
- Added the Hasher::count() method.
The SSE2 patch introduced xmm10 as a temporary register for one of the
rotations, but xmm6-xmm15 are callee-save registers on Windows, and
SSE4.1 was only saving the registers it used. The minimal fix is to use
one of the saved registers instead of xmm10.
See https://github.com/BLAKE3-team/BLAKE3/issues/206.
Changes since 1.0.0:
- The NEON implementation is now enabled by default on AArch64 targets.
Previously it was disabled without the "neon" Cargo feature in Rust or
the "BLAKE3_USE_NEON=1" preprocessor flag in C. This is still the case
on ARM targets other than AArch64, because of the lack of dynamic CPU
feature detection on ARM. Contributed by @rsdy.
- The previous change leads to some build incompatibilities,
particularly in C. If you build the C implementation for AArch64
targets, you now need to include blake3_neon.c, or else you'll get a
linker error like "undefined reference to `blake3_hash_many_neon'". If
you don't want the NEON implementation, you need to explicitly set
"BLAKE3_USE_NEON=0". On the Rust side, AArch64 targets now require the
C toolchain by default. build.rs includes workarounds for missing or
very old C compilers for x86, but it doesn't currently include such
workarounds for AArch64. If we hear about build breaks related to
this, we can add more workarounds as appropriate.
- C-specific Git tags ("c-0.3.7" etc.) have been removed, and all the
projects in this repo (Rust "blake3", Rust "b3sum", and the C
implementation) will continue to be versioned in lockstep for the
foreseeable future.
Changes since 0.3.8:
- Add Hash::from_hex() and implement FromStr for Hash.
- Implement Display for Hash, equivalent to Hash::to_hex().
- Implement PartialEq<[u8]> for Hash, using constant_time_eq.
- Change derive_key() to return a 32-byte array. As with hash() and
keyed_hash(), callers who want a non-default output length can use
Hasher::finalize_xof().
- Replace Hasher::update_with_join() with Hasher::update_rayon(). The
former was excessively generic, and the Join trait leaked
implementation details. As part of this change, the Join trait is no
longer public.
- Upgraded arrayvec to 0.7.0, which uses const generics. This bumps the
minimum supported Rust compiler version to 1.51.
- Gate the digest and crypto-mac trait implementations behind an
unstable feature, "traits-preview". As part of this change upgrade
crypto-mac to 0.11.0.
Jack O'Connor
Henrik S. Gaßmann
Joel Rosdahl
SteveGremory
Samuel Neves
namazso
Alberto González Palomo
wargio
Fangrui Song
rsdy
David Burkett