diff options
| author | Cory Fields <cory-nospam-@coryfields.com> | 2024-04-04 19:56:21 +0000 |
|---|---|---|
| committer | Cory Fields <cory-nospam-@coryfields.com> | 2024-04-05 15:44:21 +0000 |
| commit | 2d1819455cb4c516f6cdf81c11e869a23dee3e6b (patch) | |
| tree | 271378393fc130df4b22f933b9bb7cc92a14820b | |
| parent | 23ba39470c3d155a65f0616f8848ada730658301 (diff) | |
| download | bitcoin-2d1819455cb4c516f6cdf81c11e869a23dee3e6b.tar.xz | |
crypto: chacha20: always use our fallback timingsafe_bcmp rather than libc's
Looking at apple/freebsd/openbsd sources, their implementations match our naive
fallback. It's not worth the hassle of using a platform-specific function for
no gain.
| -rw-r--r-- | configure.ac | 2 | ||||
| -rw-r--r-- | src/crypto/chacha20poly1305.cpp | 13 |
2 files changed, 2 insertions, 13 deletions
diff --git a/configure.ac b/configure.ac index 964b7d0942..19a60dfbcb 100644 --- a/configure.ac +++ b/configure.ac @@ -968,8 +968,6 @@ AC_CHECK_DECLS([setsid]) AC_CHECK_DECLS([pipe2]) -AC_CHECK_FUNCS([timingsafe_bcmp]) - AC_MSG_CHECKING([for __builtin_clzl]) AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ ]], [[ (void) __builtin_clzl(0); diff --git a/src/crypto/chacha20poly1305.cpp b/src/crypto/chacha20poly1305.cpp index 3e8051c2dc..b969bb1a29 100644 --- a/src/crypto/chacha20poly1305.cpp +++ b/src/crypto/chacha20poly1305.cpp @@ -2,10 +2,6 @@ // Distributed under the MIT software license, see the accompanying // file COPYING or http://www.opensource.org/licenses/mit-license.php. -#if defined(HAVE_CONFIG_H) -#include <config/bitcoin-config.h> -#endif - #include <crypto/chacha20poly1305.h> #include <crypto/common.h> @@ -30,10 +26,7 @@ void AEADChaCha20Poly1305::SetKey(Span<const std::byte> key) noexcept namespace { -#ifndef HAVE_TIMINGSAFE_BCMP -#define HAVE_TIMINGSAFE_BCMP - -int timingsafe_bcmp(const unsigned char* b1, const unsigned char* b2, size_t n) noexcept +int timingsafe_bcmp_internal(const unsigned char* b1, const unsigned char* b2, size_t n) noexcept { const unsigned char *p1 = b1, *p2 = b2; int ret = 0; @@ -42,8 +35,6 @@ int timingsafe_bcmp(const unsigned char* b1, const unsigned char* b2, size_t n) return (ret != 0); } -#endif - /** Compute poly1305 tag. chacha20 must be set to the right nonce, block 0. Will be at block 1 after. */ void ComputeTag(ChaCha20& chacha20, Span<const std::byte> aad, Span<const std::byte> cipher, Span<std::byte> tag) noexcept { @@ -97,7 +88,7 @@ bool AEADChaCha20Poly1305::Decrypt(Span<const std::byte> cipher, Span<const std: m_chacha20.Seek(nonce, 0); std::byte expected_tag[EXPANSION]; ComputeTag(m_chacha20, aad, cipher.first(cipher.size() - EXPANSION), expected_tag); - if (timingsafe_bcmp(UCharCast(expected_tag), UCharCast(cipher.last(EXPANSION).data()), EXPANSION)) return false; + if (timingsafe_bcmp_internal(UCharCast(expected_tag), UCharCast(cipher.last(EXPANSION).data()), EXPANSION)) return false; // Decrypt (starting at block 1). m_chacha20.Crypt(cipher.first(plain1.size()), plain1); |