Google Git
Sign in
boringssl/boringssl/5159ae6ff56fcfb1dbd7b1ebec11b6eff1296b5e^!/.
commit
5159ae6ff56fcfb1dbd7b1ebec11b6eff1296b5e
[log]
author
Maurice Lam <yukl@google.com>
Thu Jun 01 02:06:33 2023 +0000
committer
Boringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com>
Fri Jun 09 18:17:04 2023 +0000
tree
aa715afcf85979f0af1a098b635cd04455de9568
parent
04c3d40f0695b07b9795e8a69a3babeab52b861f [diff]
Add memcmp binding to bssl-crypto

Bug: 285222580
Change-Id: I14715c50c3b5b0425443c191f4bf2e3ef7d665ae
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/60266
Reviewed-by: Bob Beck <bbe@google.com>
Commit-Queue: Bob Beck <bbe@google.com>

diff --git a/rust/bssl-crypto/src/lib.rs b/rust/bssl-crypto/src/lib.rs
index ce9500b..f4d1291 100644
--- a/rust/bssl-crypto/src/lib.rs
+++ b/rust/bssl-crypto/src/lib.rs

@@ -44,6 +44,9 @@
 /// Random number generation.
 pub mod rand;
 
+/// BoringSSL implemented memory-manipulation operations.
+pub mod mem;
+
 #[cfg(test)]
 mod test_helpers;
 

diff --git a/rust/bssl-crypto/src/mem.rs b/rust/bssl-crypto/src/mem.rs
new file mode 100644
index 0000000..a9031c4
--- /dev/null
+++ b/rust/bssl-crypto/src/mem.rs

@@ -0,0 +1,62 @@
+/* Copyright (c) 2023, Google Inc.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/// Returns true iff `a` and `b` contain the same bytes. It takes an amount of time dependent on the
+/// lengths, but independent of the contents of the slices `a` and `b`. The return type is a `bool`,
+/// since unlike `memcmp` in C this function cannot be used to put elements into a defined order.
+pub fn crypto_memcmp(a: &[u8], b: &[u8]) -> bool {
+    if a.len() != b.len() {
+        return false;
+    }
+    if a.is_empty() && b.is_empty() {
+        // Avoid FFI issues with empty slices that may potentially cause UB
+        return true;
+    }
+    // Safety:
+    // - The lengths of a and b are checked above.
+    let result =
+        unsafe { bssl_sys::CRYPTO_memcmp(a.as_ptr() as *const _, b.as_ptr() as *const _, a.len()) };
+    result == 0
+}
+
+#[cfg(test)]
+mod test {
+    use super::*;
+
+    #[test]
+    fn test_different_length() {
+        assert!(!crypto_memcmp(&[0, 1, 2], &[0]))
+    }
+
+    #[test]
+    fn test_same_length_different_content() {
+        assert!(!crypto_memcmp(&[0, 1, 2], &[1, 2, 3]))
+    }
+
+    #[test]
+    fn test_same_content() {
+        assert!(crypto_memcmp(&[0, 1, 2], &[0, 1, 2]))
+    }
+
+    #[test]
+    fn test_empty_slices() {
+        assert!(crypto_memcmp(&[], &[]))
+    }
+
+    #[test]
+    fn test_empty_slices_different() {
+        assert!(!crypto_memcmp(&[], &[0, 1, 2]))
+    }
+}