-
Notifications
You must be signed in to change notification settings - Fork 707
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Move constant time comparison to a module outside of |ring::ffi|.
Having the constant-time utilities in |ring::ffi| is misleading as |use ring::ffi| gives the impression that a module was using the FFI when really it is FFI-free. |ring::hmac| and |ring::pbkdf2| are examples of that. At some point, |ring::constant_time| may be added to the public API, but for now it is private.
- Loading branch information
1 parent
377f611
commit 5cb9831
Showing
5 changed files
with
47 additions
and
29 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
// Copyright 2015 Brian Smith. | ||
// | ||
// Permission to use, copy, modify, and/or distribute this software for any | ||
// purpose with or without fee is hereby granted, provided that the above | ||
// copyright notice and this permission notice appear in all copies. | ||
// | ||
// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES | ||
// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | ||
// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR | ||
// ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES | ||
// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN | ||
// ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF | ||
// OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | ||
|
||
//! Constant-time operations. | ||
|
||
use super::c; | ||
|
||
/// Returns `Ok(())` of `a == b` and `Err(())` otherwise. The comparison of | ||
/// `a` and `b` is done in constant time with respect to the contents of each, | ||
/// but NOT in constant time with respect to the lengths of `a` and `b`. | ||
pub fn verify_slices_are_equal(a: &[u8], b: &[u8]) -> Result<(), ()> { | ||
if a.len() != b.len() { | ||
return Err(()); | ||
} | ||
let result = unsafe { | ||
CRYPTO_memcmp(a.as_ptr(), b.as_ptr(), a.len()) | ||
}; | ||
match result { | ||
0 => Ok(()), | ||
_ => Err(()) | ||
} | ||
} | ||
|
||
// XXX: As of Rust 1.4, the compiler will no longer warn about the use of | ||
// `usize` and `isize` in FFI declarations. Remove the `allow(improper_ctypes)` | ||
// when Rust 1.4 is released. | ||
#[allow(improper_ctypes)] | ||
extern { | ||
fn CRYPTO_memcmp(a: *const u8, b: *const u8, len: c::size_t) -> c::int; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters