Browse Source
Use subtle to replace deprecated ring::constant_time::verify_slices_are_equal (#5680)
pull/5694/head^2
Timshel
2 weeks ago
committed by
GitHub
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with
7 additions and
6 deletions
-
Cargo.lock
-
Cargo.toml
-
src/crypto.rs
|
|
|
@ -2972,9 +2972,9 @@ dependencies = [ |
|
|
|
|
|
|
|
[[package]] |
|
|
|
name = "ring" |
|
|
|
version = "0.17.11" |
|
|
|
version = "0.17.13" |
|
|
|
source = "registry+https://github.com/rust-lang/crates.io-index" |
|
|
|
checksum = "da5349ae27d3887ca812fb375b45a4fbb36d8d12d2df394968cd86e35683fe73" |
|
|
|
checksum = "70ac5d832aa16abd7d1def883a8545280c20a60f523a370aa3a9617c2b8550ee" |
|
|
|
dependencies = [ |
|
|
|
"cc", |
|
|
|
"cfg-if", |
|
|
|
@ -4142,6 +4142,7 @@ dependencies = [ |
|
|
|
"semver", |
|
|
|
"serde", |
|
|
|
"serde_json", |
|
|
|
"subtle", |
|
|
|
"syslog", |
|
|
|
"time", |
|
|
|
"tokio", |
|
|
|
|
|
|
|
@ -90,7 +90,8 @@ libsqlite3-sys = { version = "0.31.0", features = ["bundled"], optional = true } |
|
|
|
|
|
|
|
# Crypto-related libraries |
|
|
|
rand = "0.9.0" |
|
|
|
ring = "0.17.11" |
|
|
|
ring = "0.17.13" |
|
|
|
subtle = "2.6.1" |
|
|
|
|
|
|
|
# UUID generation |
|
|
|
uuid = { version = "1.14.0", features = ["v4"] } |
|
|
|
|
|
|
|
@ -110,7 +110,6 @@ pub fn generate_api_key() -> String { |
|
|
|
// Constant time compare
|
|
|
|
//
|
|
|
|
pub fn ct_eq<T: AsRef<[u8]>, U: AsRef<[u8]>>(a: T, b: U) -> bool { |
|
|
|
use ring::constant_time::verify_slices_are_equal; |
|
|
|
|
|
|
|
verify_slices_are_equal(a.as_ref(), b.as_ref()).is_ok() |
|
|
|
use subtle::ConstantTimeEq; |
|
|
|
a.as_ref().ct_eq(b.as_ref()).into() |
|
|
|
} |
|
|
|
|
