Page MenuHomePhabricator

Constant time variant of memcmp()
Open, Needs TriagePublic


memcmp() returns as soon as a difference is found between two buffers. Because it is not constant time it can reveal information about the buffer content and might lead to side-channel attacks (particularly if a secret is involved). It seems like a good idea to provide a constant time variant of memcmp() to secure partitions. If you use the same function name then you won't have to modify existing software, but you might have integration issues if a toolchain provides their own memcmp implementation.

Event Timeline