From cd3c94ca3e7eaffc651a6542f5a2fa39134ddb3e Mon Sep 17 00:00:00 2001 From: Alessandro Ghedini Date: Tue, 14 Jan 2025 15:24:18 +0000 Subject: [PATCH] crypto: replace ring constant-time comparison API Both BoringCrypto and OpenSSL provide `CRYPTO_memcmp()` for constant-time comparisons, so there's no point in pulling a whole dependency just for that. --- quiche/src/crypto/mod.rs | 18 ++++++++++++++++++ quiche/src/packet.rs | 5 +---- 2 files changed, 19 insertions(+), 4 deletions(-) diff --git a/quiche/src/crypto/mod.rs b/quiche/src/crypto/mod.rs index fa3b7076c7..8d33358983 100644 --- a/quiche/src/crypto/mod.rs +++ b/quiche/src/crypto/mod.rs @@ -26,6 +26,7 @@ use ring::aead; +use libc::c_int; use libc::c_void; use crate::Error; @@ -481,10 +482,27 @@ fn make_nonce(iv: &[u8], counter: u64) -> [u8; aead::NONCE_LEN] { nonce } +pub fn verify_slices_are_equal(a: &[u8], b: &[u8]) -> Result<()> { + if a.len() != b.len() { + return Err(Error::CryptoFail); + } + + let rc = unsafe { CRYPTO_memcmp(a.as_ptr(), b.as_ptr(), a.len()) }; + + if rc == 0 { + return Ok(()); + } + + return Err(Error::CryptoFail); +} + extern { fn EVP_sha256() -> *const EVP_MD; fn EVP_sha384() -> *const EVP_MD; + + // CRYPTO + fn CRYPTO_memcmp(a: *const u8, b: *const u8, len: usize) -> c_int; } #[cfg(test)] diff --git a/quiche/src/packet.rs b/quiche/src/packet.rs index 4f4b3ddddd..d9bf8b2190 100644 --- a/quiche/src/packet.rs +++ b/quiche/src/packet.rs @@ -778,13 +778,10 @@ pub fn verify_retry_integrity( ) -> Result<()> { let tag = compute_retry_integrity_tag(b, odcid, version)?; - ring::constant_time::verify_slices_are_equal( + crypto::verify_slices_are_equal( &b.as_ref()[..aead::AES_128_GCM.tag_len()], tag.as_ref(), ) - .map_err(|_| Error::CryptoFail)?; - - Ok(()) } fn compute_retry_integrity_tag(