Skip to content

Commit 2d18194

Browse files
committed
crypto: chacha20: always use our fallback timingsafe_bcmp rather than libc's
Looking at apple/freebsd/openbsd sources, their implementations match our naive fallback. It's not worth the hassle of using a platform-specific function for no gain.
1 parent 23ba394 commit 2d18194

File tree

2 files changed

+2
-13
lines changed

2 files changed

+2
-13
lines changed

configure.ac

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -968,8 +968,6 @@ AC_CHECK_DECLS([setsid])
968968

969969
AC_CHECK_DECLS([pipe2])
970970

971-
AC_CHECK_FUNCS([timingsafe_bcmp])
972-
973971
AC_MSG_CHECKING([for __builtin_clzl])
974972
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ ]], [[
975973
(void) __builtin_clzl(0);

src/crypto/chacha20poly1305.cpp

Lines changed: 2 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -2,10 +2,6 @@
22
// Distributed under the MIT software license, see the accompanying
33
// file COPYING or http://www.opensource.org/licenses/mit-license.php.
44

5-
#if defined(HAVE_CONFIG_H)
6-
#include <config/bitcoin-config.h>
7-
#endif
8-
95
#include <crypto/chacha20poly1305.h>
106

117
#include <crypto/common.h>
@@ -30,10 +26,7 @@ void AEADChaCha20Poly1305::SetKey(Span<const std::byte> key) noexcept
3026

3127
namespace {
3228

33-
#ifndef HAVE_TIMINGSAFE_BCMP
34-
#define HAVE_TIMINGSAFE_BCMP
35-
36-
int timingsafe_bcmp(const unsigned char* b1, const unsigned char* b2, size_t n) noexcept
29+
int timingsafe_bcmp_internal(const unsigned char* b1, const unsigned char* b2, size_t n) noexcept
3730
{
3831
const unsigned char *p1 = b1, *p2 = b2;
3932
int ret = 0;
@@ -42,8 +35,6 @@ int timingsafe_bcmp(const unsigned char* b1, const unsigned char* b2, size_t n)
4235
return (ret != 0);
4336
}
4437

45-
#endif
46-
4738
/** Compute poly1305 tag. chacha20 must be set to the right nonce, block 0. Will be at block 1 after. */
4839
void ComputeTag(ChaCha20& chacha20, Span<const std::byte> aad, Span<const std::byte> cipher, Span<std::byte> tag) noexcept
4940
{
@@ -97,7 +88,7 @@ bool AEADChaCha20Poly1305::Decrypt(Span<const std::byte> cipher, Span<const std:
9788
m_chacha20.Seek(nonce, 0);
9889
std::byte expected_tag[EXPANSION];
9990
ComputeTag(m_chacha20, aad, cipher.first(cipher.size() - EXPANSION), expected_tag);
100-
if (timingsafe_bcmp(UCharCast(expected_tag), UCharCast(cipher.last(EXPANSION).data()), EXPANSION)) return false;
91+
if (timingsafe_bcmp_internal(UCharCast(expected_tag), UCharCast(cipher.last(EXPANSION).data()), EXPANSION)) return false;
10192

10293
// Decrypt (starting at block 1).
10394
m_chacha20.Crypt(cipher.first(plain1.size()), plain1);

0 commit comments

Comments
 (0)