Function secp256k1::hashes::cmp::fixed_time_eq
source · pub fn fixed_time_eq(a: &[u8], b: &[u8]) -> bool
Expand description
Compare two slices for equality in fixed time. Panics if the slices are of non-equal length.
This works by XOR’ing each byte of the two inputs together and keeping an OR counter of the results.
Instead of doing fancy bit twiddling to try to outsmart the compiler and prevent early exits, which is not guaranteed to remain stable as compilers get ever smarter, we take the hit of writing each intermediate value to memory with a volatile write and then re-reading it with a volatile read. This should remain stable across compiler upgrades, but is much slower.
As of rust 1.31.0 disassembly looks completely within reason for this, see https://godbolt.org/z/mMbGQv.