diff --git a/Cargo.toml b/Cargo.toml index b673067072..7e2fd52cbc 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -114,7 +114,6 @@ include = [ "include/ring-core/asm_base.h", "include/ring-core/base.h", "include/ring-core/check.h", - "include/ring-core/mem.h", "include/ring-core/poly1305.h", "include/ring-core/target.h", "include/ring-core/type_check.h", diff --git a/crypto/curve25519/curve25519.c b/crypto/curve25519/curve25519.c index c60ee58b3d..f68e8d5bb7 100644 --- a/crypto/curve25519/curve25519.c +++ b/crypto/curve25519/curve25519.c @@ -19,8 +19,6 @@ // // The field functions are shared by Ed25519 and X25519 where possible. -#include - #include "internal.h" #include "../internal.h" @@ -397,14 +395,19 @@ static void fe_invert(fe *out, const fe *z) { // return 0 if f == 0 // return 1 if f != 0 -static int fe_isnonzero(const fe_loose *f) { +static int fe_isnonzero_vartime(const fe_loose *f) { fe tight; fe_carry(&tight, f); uint8_t s[32]; fe_tobytes(s, &tight); - static const uint8_t zero[32] = {0}; - return CRYPTO_memcmp(s, zero, sizeof(zero)) != 0; + for (size_t i = 0; i < sizeof(s); i++) { + if (s[i] != 0) { + return 1; + } + } + + return 0; } // return 1 if f is in {1,3,5,...,q-2} @@ -507,9 +510,9 @@ int x25519_ge_frombytes_vartime(ge_p3 *h, const uint8_t s[32]) { fe_sq_tt(&vxx, &h->X); fe_mul_ttl(&vxx, &vxx, &v); fe_sub(&check, &vxx, &u); - if (fe_isnonzero(&check)) { + if (fe_isnonzero_vartime(&check)) { fe_add(&check, &vxx, &u); - if (fe_isnonzero(&check)) { + if (fe_isnonzero_vartime(&check)) { return 0; } fe_mul_ttt(&h->X, &h->X, &sqrtm1); diff --git a/crypto/mem.c b/crypto/mem.c index ab4ee95120..ff2b896539 100644 --- a/crypto/mem.c +++ b/crypto/mem.c @@ -54,7 +54,6 @@ * copied and put under another distribution licence * [including the GNU Public Licence.] */ -#include #include "internal.h" int CRYPTO_memcmp(const void *in_a, const void *in_b, size_t len) { diff --git a/include/ring-core/mem.h b/include/ring-core/mem.h deleted file mode 100644 index 303c447e14..0000000000 --- a/include/ring-core/mem.h +++ /dev/null @@ -1,69 +0,0 @@ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] */ - -#ifndef OPENSSL_HEADER_MEM_H -#define OPENSSL_HEADER_MEM_H - -#include - -// CRYPTO_memcmp returns zero iff the |len| bytes at |a| and |b| are equal. It -// takes an amount of time dependent on |len|, but independent of the contents -// of |a| and |b|. Unlike memcmp, it cannot be used to put elements into a -// defined order as the return value when a != b is undefined, other than to be -// non-zero. -OPENSSL_EXPORT int CRYPTO_memcmp(const void *a, const void *b, size_t len); - -#endif // OPENSSL_HEADER_MEM_H