On Wed, Apr 23, 2014 at 09:05, Michael W. Bombardieri wrote: > CRYPTO_memcmp() is different to memcmp() because it can only check > for equality, not greater-than/less-than. > If we check the string in reverse order we can remove a variable > from the comparison loop. > > Does this look ok?
Almost, but... > + while (n-- > 0) > + x |= a[n] ^ b[n]; Won't compare the bytes at [0]. I think switching this to be timingsafe_bcmp would be better, then we only have copy.
