Expand description
Utilities to safely compare cryptographic values.
Extra care must be taken when comparing values in cryptographic code. If done incorrectly, it can lead to a timing attack. By analyzing the time taken to execute parts of a cryptographic algorithm, and attacker can attempt to compromise the cryptosystem.
The utilities in this module are designed to be resistant to this type of attack.
Examples
To perform a constant-time comparison of two arrays of the same length but different values:
use openssl::memcmp::eq;
// We want to compare `a` to `b` and `c`, without giving
// away through timing analysis that `c` is more similar to `a`
// than `b`.
let a = [0, 0, 0];
let b = [1, 1, 1];
let c = [0, 0, 1];
// These statements will execute in the same amount of time.
assert!(!eq(&a, &b));
assert!(!eq(&a, &c));
Functions
- Returns
true
iffa
andb
contain the same bytes.