Utilities to safely compare cryptographic values.
Extra care must be taken when comparing values in cryptographic code. If done incorrectly, it can lead to a timing attack. By analyzing the time taken to execute parts of a cryptographic algorithm, and attacker can attempt to compromise the cryptosystem.
The utilities in this module are designed to be resistant to this type of attack.
To perform a constant-time comparision of two arrays of the same length but different values:
use openssl::memcmp::eq; // We want to compare `a` to `b` and `c`, without giving // away through timing analysis that `c` is more similar to `a` // than `b`. let a = [0, 0, 0]; let b = [1, 1, 1]; let c = [0, 0, 1]; // These statements will execute in the same amount of time. assert!(!eq(&a, &b)); assert!(!eq(&a, &c));