Make std an optional dependency. Require alloc instead.

BUILDING.md

@@ -67,13 +67,6 @@ e.g. export `CFLAGS=-D__ANDROID_API__=21`.
 
 Additional Features that are Useful for Development
 ---------------------------------------------------
-
-The `use_heap` feature enables functionality that uses the heap. This is on by
-default. Disabling it is useful for code running in kernel space and some
-embedded applications. For now some RSA, ECDH, and ECDSA signing functionality
-still uses the heap. This feature will go away once RSA signing is the only
-feature that uses the heap.
-
 The `internal_benches` feature enable benchmarks of internal functions. These
 benchmarks are only useful for people hacking on the implementation of *ring*.
 (The benchmarks for the *ring* API are in the

Cargo.toml

@@ -325,12 +325,13 @@ cc = { version = "1.0.37", default-features = false }
 
 [features]
 # These features are documented in the top-level module's documentation.
-default = ["use_heap", "dev_urandom_fallback"]
-dev_urandom_fallback = ["use_heap", "lazy_static"]
+default = ["alloc", "dev_urandom_fallback", "std"]
+alloc = []
+dev_urandom_fallback = ["std", "lazy_static"]
 internal_benches = []
 slow_tests = []
-test_logging = []
-use_heap = []
+std = ["alloc"]
+test_logging = ["std"]
 
 # XXX: debug = false because of https://github.com/rust-lang/rust/issues/34122
 

STYLE.md

@@ -88,7 +88,7 @@ The C code generally uses the C `int` type as a return value, where 1 indicates
 success and 0 indicates failure. The module [ring::bssl](src/bssl.rs) contains
 a [transparent] `Result` type which should be used as the return type when
 declaring foreign functions which follow this convention. A
-`ring::bssl::Result` should be converted to a `std::result::Result` using the
+`ring::bssl::Result` should be converted to a `core::result::Result` using the
 pattern in the following example (note the placement of `unsafe`):
 
 [transparent]: https://doc.rust-lang.org/nightly/reference/type-layout.html#the-transparent-representation

src/aead/chacha.rs

@@ -142,8 +142,8 @@ pub const KEY_LEN: usize = KEY_BLOCKS * BLOCK_LEN;
 mod tests {
     use super::*;
     use crate::test;
+    use alloc::vec;
     use core::convert::TryInto;
-    use std::vec;
 
     // This verifies the encryption functionality provided by ChaCha20_ctr32
     // is successful when either computed on disjoint input/output buffers,

src/arithmetic.rs

@@ -14,5 +14,8 @@
 
 #[macro_use]
 pub mod constant;
+
+#[cfg(feature = "alloc")]
 pub mod bigint;
+
 pub mod montgomery;

src/arithmetic/bigint.rs

@@ -36,18 +36,16 @@
 //! [Static checking of units in Servo]:
 //!     https://blog.mozilla.org/research/2014/06/23/static-checking-of-units-in-servo/
 
-#![allow(box_pointers)]
-
 use crate::{
     arithmetic::montgomery::*,
     bits, bssl, c, error,
     limb::{self, Limb, LimbMask, LIMB_BITS, LIMB_BYTES},
 };
+use alloc::{borrow::ToOwned as _, boxed::Box, vec, vec::Vec};
 use core::{
     marker::PhantomData,
     ops::{Deref, DerefMut},
 };
-use std::{borrow::ToOwned as _, boxed::Box, vec, vec::Vec};
 use untrusted;
 
 pub unsafe trait Prime {}
@@ -1292,7 +1290,7 @@ extern "C" {
 mod tests {
     use super::*;
     use crate::test;
-    use std::format;
+    use alloc::format;
     use untrusted;
 
     // Type-level representation of an arbitrary modulus.

src/bits.rs

@@ -31,7 +31,7 @@ impl BitLength {
         Ok(Self::from_usize_bits(bits))
     }
 
-    #[cfg(feature = "use_heap")]
+    #[cfg(feature = "alloc")]
     #[inline]
     pub fn half_rounded_up(&self) -> Self {
         let round_up = self.0 & 1;
@@ -43,7 +43,7 @@ impl BitLength {
         self.0
     }
 
-    #[cfg(feature = "use_heap")]
+    #[cfg(feature = "alloc")]
     #[inline]
     pub fn as_usize_bytes_rounded_up(&self) -> usize {
         // Equivalent to (self.0 + 7) / 8, except with no potential for
@@ -55,7 +55,7 @@ impl BitLength {
         (self.0 / 8) + round_up
     }
 
-    #[cfg(feature = "use_heap")]
+    #[cfg(feature = "alloc")]
     #[inline]
     pub fn try_sub_1(self) -> Result<BitLength, error::Unspecified> {
         let sum = self.0.checked_sub(1).ok_or(error::Unspecified)?;

src/digest.rs

@@ -182,7 +182,7 @@ impl Context {
 /// # Examples:
 ///
 /// ```
-/// # #[cfg(feature = "use_heap")]
+/// # #[cfg(feature = "alloc")]
 /// # {
 /// use ring::{digest, test};
 /// let expected_hex = "09ca7e4eaa6e8ae9c7d261167129184883644d07dfba7cbfbc4c8a2e08360d5b";
@@ -489,7 +489,7 @@ mod tests {
     mod max_input {
         use super::super::super::digest;
         use crate::polyfill;
-        use std::vec;
+        use alloc::vec;
 
         macro_rules! max_input_tests {
             ( $algorithm_name:ident ) => {

src/ec/suite_b/ecdsa/verification.rs

@@ -289,7 +289,7 @@ pub static ECDSA_P384_SHA384_ASN1: EcdsaVerificationAlgorithm = EcdsaVerificatio
 mod tests {
     use super::*;
     use crate::test;
-    use std::vec::Vec;
+    use alloc::vec::Vec;
 
     #[test]
     fn test_digest_based_test_vectors() {

src/ec/suite_b/ops.rs

@@ -440,7 +440,7 @@ extern "C" {
 mod tests {
     use super::*;
     use crate::test;
-    use std::{format, print, vec, vec::Vec};
+    use alloc::{format, vec, vec::Vec};
     use untrusted;
 
     const ZERO_SCALAR: Scalar = Scalar {
@@ -1115,12 +1115,11 @@ mod tests {
     ) {
         for i in 0..ops.num_limbs {
             if actual[i] != expected[i] {
-                let mut s = std::string::String::new();
+                let mut s = alloc::string::String::new();
                 for j in 0..ops.num_limbs {
                     let formatted = format!("{:016x}", actual[ops.num_limbs - j - 1]);
                     s.push_str(&formatted);
                 }
-                print!("\n");
                 panic!("Actual != Expected,\nActual = {}", s);
             }
         }

src/error.rs

@@ -36,7 +36,7 @@ use untrusted;
 /// enum Error {
 ///     CryptoError,
 ///
-/// #  #[cfg(feature = "use_heap")]
+/// #  #[cfg(feature = "alloc")]
 ///     IOError(std::io::Error),
 ///     // [...]
 /// }
@@ -88,7 +88,7 @@ impl core::fmt::Display for Unspecified {
     }
 }
 
-#[cfg(feature = "use_heap")]
+#[cfg(feature = "std")]
 impl std::error::Error for Unspecified {
     #[inline]
     fn cause(&self) -> Option<&dyn std::error::Error> {
@@ -168,12 +168,12 @@ impl KeyRejected {
         KeyRejected("PublicKeyIsMissing")
     }
 
-    #[cfg(feature = "use_heap")]
+    #[cfg(feature = "alloc")]
     pub(crate) fn too_small() -> Self {
         KeyRejected("TooSmall")
     }
 
-    #[cfg(feature = "use_heap")]
+    #[cfg(feature = "alloc")]
     pub(crate) fn too_large() -> Self {
         KeyRejected("TooLarge")
     }
@@ -186,7 +186,7 @@ impl KeyRejected {
         KeyRejected("WrongAlgorithm")
     }
 
-    #[cfg(feature = "use_heap")]
+    #[cfg(feature = "alloc")]
     pub(crate) fn private_modulus_len_not_multiple_of_512_bits() -> Self {
         KeyRejected("PrivateModulusLenNotMultipleOf512Bits")
     }
@@ -196,7 +196,7 @@ impl KeyRejected {
     }
 }
 
-#[cfg(feature = "use_heap")]
+#[cfg(feature = "std")]
 impl std::error::Error for KeyRejected {
     fn cause(&self) -> Option<&dyn std::error::Error> {
         None

src/io.rs

@@ -17,10 +17,10 @@
 #[doc(hidden)]
 pub mod der;
 
-#[cfg(feature = "use_heap")]
+#[cfg(feature = "alloc")]
 mod writer;
 
-#[cfg(feature = "use_heap")]
+#[cfg(feature = "alloc")]
 pub(crate) mod der_writer;
 
 pub(crate) mod positive;

src/io/der_writer.rs

@@ -13,7 +13,7 @@
 // CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
 use super::{der::*, writer::*, *};
-use std::boxed::Box;
+use alloc::boxed::Box;
 
 pub(crate) fn write_positive_integer(output: &mut dyn Accumulator, value: &Positive) {
     let first_byte = value.first_byte();

src/io/writer.rs

@@ -12,7 +12,7 @@
 // OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
 // CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
-use std::{boxed::Box, vec::Vec};
+use alloc::{boxed::Box, vec::Vec};
 
 pub trait Accumulator {
     fn write_byte(&mut self, value: u8);

src/lib.rs

@@ -22,6 +22,8 @@
 //! <table>
 //! <tr><th>Feature
 //!     <th>Description
+//! <tr><td><code>alloc (default)</code>
+//!     <td>Enable features that require use of the heap, RSA in particular.
 //! <tr><td><code>dev_urandom_fallback (default)</code>
 //!     <td>This is only applicable to Linux. On Linux, by default,
 //!         <code>ring::rand::SystemRandom</code> will fall back to reading
@@ -30,8 +32,9 @@
 //!         <code>dev_urandom_fallback</code> feature is disabled, such
 //!         fallbacks will not occur. See the documentation for
 //!         <code>rand::SystemRandom</code> for more details.
-//! <tr><td><code>use_heap (default)</code>
-//!     <td>Enable features that require use of the heap, RSA in particular.
+//! <tr><td><code>std (default)</code>
+//!     <td>Enable features that use libstd, in particular `std::error::Error`
+//!         integration.
 //! </table>
 
 #![doc(html_root_url = "https://briansmith.org/rustdoc/")]
@@ -62,13 +65,15 @@
 #![no_std]
 #![cfg_attr(feature = "internal_benches", allow(unstable_features), feature(test))]
 
-#[cfg(any(test, feature = "use_heap"))]
+#[cfg(feature = "alloc")]
+extern crate alloc;
+
+#[cfg(feature = "std")]
 extern crate std;
 
 #[macro_use]
 mod debug;
 
-#[cfg(any(test, feature = "use_heap"))]
 #[macro_use]
 pub mod test;
 
@@ -103,7 +108,7 @@ pub mod pbkdf2;
 pub mod pkcs8;
 pub mod rand;
 
-#[cfg(feature = "use_heap")]
+#[cfg(feature = "alloc")]
 mod rsa;
 
 pub mod signature;

src/limb.rs

@@ -21,10 +21,10 @@
 use crate::{c, error};
 use untrusted;
 
-#[cfg(any(test, feature = "use_heap"))]
+#[cfg(feature = "alloc")]
 use crate::bits;
 
-#[cfg(feature = "use_heap")]
+#[cfg(feature = "alloc")]
 use core::num::Wrapping;
 
 // XXX: Not correct for x32 ABIs.
@@ -77,7 +77,7 @@ pub fn limbs_less_than_limbs_vartime(a: &[Limb], b: &[Limb]) -> bool {
 }
 
 #[inline]
-#[cfg(feature = "use_heap")]
+#[cfg(feature = "alloc")]
 pub fn limbs_less_than_limb_constant_time(a: &[Limb], b: Limb) -> LimbMask {
     unsafe { LIMBS_less_than_limb(a.as_ptr(), b, a.len()) }
 }
@@ -87,13 +87,13 @@ pub fn limbs_are_zero_constant_time(limbs: &[Limb]) -> LimbMask {
     unsafe { LIMBS_are_zero(limbs.as_ptr(), limbs.len()) }
 }
 
-#[cfg(any(test, feature = "use_heap"))]
+#[cfg(feature = "alloc")]
 #[inline]
 pub fn limbs_are_even_constant_time(limbs: &[Limb]) -> LimbMask {
     unsafe { LIMBS_are_even(limbs.as_ptr(), limbs.len()) }
 }
 
-#[cfg(any(test, feature = "use_heap"))]
+#[cfg(feature = "alloc")]
 #[inline]
 pub fn limbs_equal_limb_constant_time(a: &[Limb], b: Limb) -> LimbMask {
     unsafe { LIMBS_equal_limb(a.as_ptr(), b, a.len()) }
@@ -106,7 +106,7 @@ pub fn limbs_equal_limb_constant_time(a: &[Limb], b: Limb) -> LimbMask {
 // with respect to `a.len()` or the value of the result or the value of the
 // most significant bit (It's 1, unless the input is zero, in which case it's
 // zero.)
-#[cfg(any(test, feature = "use_heap"))]
+#[cfg(feature = "alloc")]
 pub fn limbs_minimal_bits(a: &[Limb]) -> bits::BitLength {
     for num_limbs in (1..=a.len()).rev() {
         let high_limb = a[num_limbs - 1];
@@ -252,7 +252,7 @@ pub fn big_endian_from_limbs(limbs: &[Limb], out: &mut [u8]) {
     }
 }
 
-#[cfg(feature = "use_heap")]
+#[cfg(feature = "alloc")]
 pub type Window = Limb;
 
 /// Processes `limbs` as a sequence of 5-bit windows, folding the windows from
@@ -267,7 +267,7 @@ pub type Window = Limb;
 /// channels as long as `init` and `fold` are side-channel free.
 ///
 /// Panics if `limbs` is empty.
-#[cfg(feature = "use_heap")]
+#[cfg(feature = "alloc")]
 pub fn fold_5_bit_windows<R, I: FnOnce(Window) -> R, F: Fn(R, Window) -> R>(
     limbs: &[Limb],
     init: I,
@@ -333,16 +333,16 @@ pub fn fold_5_bit_windows<R, I: FnOnce(Window) -> R, F: Fn(R, Window) -> R>(
 }
 
 extern "C" {
-    #[cfg(any(test, feature = "use_heap"))]
+    #[cfg(feature = "alloc")]
     fn LIMB_shr(a: Limb, shift: c::size_t) -> Limb;
 
-    #[cfg(any(test, feature = "use_heap"))]
+    #[cfg(feature = "alloc")]
     fn LIMBS_are_even(a: *const Limb, num_limbs: c::size_t) -> LimbMask;
     fn LIMBS_are_zero(a: *const Limb, num_limbs: c::size_t) -> LimbMask;
-    #[cfg(any(test, feature = "use_heap"))]
+    #[cfg(feature = "alloc")]
     fn LIMBS_equal_limb(a: *const Limb, b: Limb, num_limbs: c::size_t) -> LimbMask;
     fn LIMBS_less_than(a: *const Limb, b: *const Limb, num_limbs: c::size_t) -> LimbMask;
-    #[cfg(feature = "use_heap")]
+    #[cfg(feature = "alloc")]
     fn LIMBS_less_than_limb(a: *const Limb, b: Limb, num_limbs: c::size_t) -> LimbMask;
     fn LIMBS_reduce_once(r: *mut Limb, m: *const Limb, num_limbs: c::size_t);
 }
@@ -453,7 +453,7 @@ mod tests {
     }
 
     #[test]
-    #[cfg(feature = "use_heap")]
+    #[cfg(feature = "alloc")]
     fn test_limbs_less_than_limb_constant_time() {
         static LESSER: &[(&[Limb], Limb)] = &[
             (&[0], 1),