NAME
consttime_memequal —
compare byte
strings for equality without timing leaks
LIBRARY
Standard C Library (libc, -lc)
SYNOPSIS
#include <string.h>
int
consttime_memequal(
void
*b1,
void *b2,
size_t len);
DESCRIPTION
The
consttime_memequal() function compares
len bytes of memory at
b1 and
b2 for equality, returning 0 if they are distinct and 1
if they are identical.
The time taken by
consttime_memequal() depends on
len, but not on the data at
b1 or
b2. Thus,
consttime_memequal() is
appropriate for comparing cryptographic secrets, hashes, message
authentication codes, etc., without leaking information about them through a
timing side channel. In crypto literature,
consttime_memequal() is said to take ‘constant
time’, meaning time that does not vary depending on the data it
processes.
Note that unlike
memcmp(3),
consttime_memequal() does not return a lexicographic
ordering on the data at
b1 and
b2;
it tells only whether they are equal.
NetBSD does not
provide a
consttime_memcmp() function, because all known use
cases that require ‘constant time’ memory comparison also require
only comparison for equality, not lexicographic ordering.
SEE ALSO
explicit_memset(3),
memcmp(3)
HISTORY
The
consttime_memequal() function appeared in
NetBSD 7.0.