Updated: 2022/Sep/29

Please read Privacy Policy. It's for your privacy.


CONSTTIME_MEMEQUAL(3)      Library Functions Manual      CONSTTIME_MEMEQUAL(3)

NAME
     consttime_memequal - compare byte strings for equality without timing
     leaks

LIBRARY
     Standard C Library (libc, -lc)

SYNOPSIS
     #include <string.h>

     int
     consttime_memequal(void *b1, void *b2, size_t len);

DESCRIPTION
     The consttime_memequal() function compares len bytes of memory at b1 and
     b2 for equality, returning 0 if they are distinct and 1 if they are
     identical.

     The time taken by consttime_memequal() depends on len, but not on the
     data at b1 or b2.  Thus, consttime_memequal() is appropriate for
     comparing cryptographic secrets, hashes, message authentication codes,
     etc., without leaking information about them through a timing side
     channel.  In crypto literature, consttime_memequal() is said to take
     `constant time', meaning time that does not vary depending on the data it
     processes.

     Note that unlike memcmp(3), consttime_memequal() does not return a
     lexicographic ordering on the data at b1 and b2; it tells only whether
     they are equal.  NetBSD does not provide a consttime_memcmp() function,
     because all known use cases that require `constant time' memory
     comparison also require only comparison for equality, not lexicographic
     ordering.

SEE ALSO
     explicit_memset(3), memcmp(3)

HISTORY
     The consttime_memequal() function appeared in NetBSD 7.0.

NetBSD 10.99                    March 23, 2015                    NetBSD 10.99