native-ossl 0.1.1

Native Rust idiomatic bindings to OpenSSL
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193

//! General-purpose utilities.

use native_ossl_sys as sys;

// ── Constant-time comparison ──────────────────────────────────────────────────

/// Compare two byte slices in constant time, returning `true` iff they are equal.
///
/// The comparison time is proportional to the slice length and does not depend
/// on the data values, preventing timing side-channel attacks.
///
/// Slices of different lengths return `false` immediately (without constant-time
/// behaviour), since lengths are generally not considered secret.  If you need
/// to conceal the length, pad both inputs to the same size before calling.
///
/// Backed by `CRYPTO_memcmp` from OpenSSL.
#[must_use]
pub fn ct_eq(a: &[u8], b: &[u8]) -> bool {
    if a.len() != b.len() {
        return false;
    }
    if a.is_empty() {
        return true;
    }
    // SAFETY: both slices are valid for `a.len()` bytes (guaranteed by Rust)
    // and are not mutated; CRYPTO_memcmp reads them in constant time.
    let rc = unsafe {
        sys::CRYPTO_memcmp(
            a.as_ptr().cast::<std::ffi::c_void>(),
            b.as_ptr().cast::<std::ffi::c_void>(),
            a.len(),
        )
    };
    rc == 0
}

// ── SecretBuf ─────────────────────────────────────────────────────────────────

/// A heap buffer that is securely zeroed via `OPENSSL_cleanse` on drop.
///
/// Use to hold key material, passwords, and other sensitive byte sequences.
/// The zeroing is performed by OpenSSL's `OPENSSL_cleanse`, which is the
/// FIPS-approved memory-clearing function and is not eliminated by the
/// compiler's dead-store optimiser.
///
/// # Example
///
/// ```ignore
/// use native_ossl::util::SecretBuf;
///
/// let mut key = SecretBuf::with_len(32);
/// native_ossl::rand::Rand::fill(key.as_mut_slice()).unwrap();
/// // key bytes are securely erased when `key` is dropped.
/// ```
pub struct SecretBuf {
    data: Vec<u8>,
}

impl SecretBuf {
    /// Wrap an existing allocation. Takes ownership; the buffer will be
    /// securely zeroed when the `SecretBuf` is dropped.
    #[must_use]
    pub fn new(data: Vec<u8>) -> Self {
        SecretBuf { data }
    }

    /// Allocate a zero-initialised buffer of `len` bytes.
    #[must_use]
    pub fn with_len(len: usize) -> Self {
        SecretBuf {
            data: vec![0u8; len],
        }
    }

    /// Copy `data` into a new secure buffer.
    #[must_use]
    pub fn from_slice(data: &[u8]) -> Self {
        SecretBuf {
            data: data.to_vec(),
        }
    }

    /// Number of bytes in the buffer.
    #[must_use]
    pub fn len(&self) -> usize {
        self.data.len()
    }

    /// `true` if the buffer holds no bytes.
    #[must_use]
    pub fn is_empty(&self) -> bool {
        self.data.is_empty()
    }

    /// Expose the buffer as a mutable byte slice.
    ///
    /// Useful for writing derived key material directly into the buffer.
    pub fn as_mut_slice(&mut self) -> &mut [u8] {
        &mut self.data
    }
}

impl AsRef<[u8]> for SecretBuf {
    fn as_ref(&self) -> &[u8] {
        &self.data
    }
}

impl Drop for SecretBuf {
    fn drop(&mut self) {
        if !self.data.is_empty() {
            unsafe {
                sys::OPENSSL_cleanse(
                    self.data.as_mut_ptr().cast::<std::ffi::c_void>(),
                    self.data.len(),
                );
            }
        }
    }
}

// SAFETY: the buffer is owned; no aliasing across threads.
unsafe impl Send for SecretBuf {}
unsafe impl Sync for SecretBuf {}

#[cfg(test)]
mod tests {
    use super::{ct_eq, SecretBuf};

    #[test]
    fn ct_eq_equal_slices() {
        assert!(ct_eq(b"hello", b"hello"));
    }

    #[test]
    fn ct_eq_different_values() {
        assert!(!ct_eq(b"hello", b"world"));
    }

    #[test]
    fn ct_eq_different_lengths() {
        assert!(!ct_eq(b"hi", b"hii"));
    }

    #[test]
    fn ct_eq_empty_slices() {
        assert!(ct_eq(b"", b""));
    }

    #[test]
    fn ct_eq_one_byte_differ() {
        assert!(!ct_eq(&[0u8; 32], &{
            let mut v = [0u8; 32];
            v[31] = 1;
            v
        }));
    }

    #[test]
    fn with_len_creates_correct_size() {
        let buf = SecretBuf::with_len(32);
        assert_eq!(buf.len(), 32);
        assert!(!buf.is_empty());
    }

    #[test]
    fn from_slice_copies_data() {
        let src = b"secret key material";
        let buf = SecretBuf::from_slice(src);
        assert_eq!(buf.as_ref(), src);
    }

    #[test]
    fn new_wraps_ownership() {
        let v = vec![1u8, 2, 3];
        let buf = SecretBuf::new(v);
        assert_eq!(buf.as_ref(), &[1, 2, 3]);
    }

    #[test]
    fn empty_buf_is_empty() {
        let buf = SecretBuf::new(vec![]);
        assert!(buf.is_empty());
        // Drop must not call cleanse on a zero-length buffer (no panic).
    }

    #[test]
    fn as_mut_slice_writes_through() {
        let mut buf = SecretBuf::with_len(4);
        buf.as_mut_slice().copy_from_slice(&[10, 20, 30, 40]);
        assert_eq!(buf.as_ref(), &[10, 20, 30, 40]);
    }
}