Module openssl::memcmp

source ·
Expand description

Utilities to safely compare cryptographic values.

Extra care must be taken when comparing values in cryptographic code. If done incorrectly, it can lead to a timing attack. By analyzing the time taken to execute parts of a cryptographic algorithm, and attacker can attempt to compromise the cryptosystem.

The utilities in this module are designed to be resistant to this type of attack.

Examples

To perform a constant-time comparison of two arrays of the same length but different values:

use openssl::memcmp::eq;

// We want to compare `a` to `b` and `c`, without giving
// away through timing analysis that `c` is more similar to `a`
// than `b`.
let a = [0, 0, 0];
let b = [1, 1, 1];
let c = [0, 0, 1];

// These statements will execute in the same amount of time.
assert!(!eq(&a, &b));
assert!(!eq(&a, &c));

Functions

  • Returns true iff a and b contain the same bytes.