MEMCMP(3) | Library Functions Manual | MEMCMP(3) |
memcmp
—
#include <string.h>
int
memcmp
(const
void *b1, const void
*b2, size_t
len);
memcmp
() function compares byte string
b1 against byte string b2. Both
strings are assumed to be len bytes long.
memcmp
() function returns zero if the two strings
are identical, otherwise returns the difference between the first two
differing bytes (treated as unsigned char values, so that
‘\200
’ is greater than
‘\0
’, for example). Zero-length strings
are always identical.
Do not use memcmp
() to compare
cryptographic secrets, because the time it takes varies depending on how
many bytes are the same, and thus leaks information about the two strings by
a timing side channel. To compare secrets, hashes, message authentication
codes, etc., use
consttime_memequal(3)
instead.
memcmp
() function conforms to ANSI
X3.159-1989 (“ANSI C89”).
June 23, 2013 | NetBSD 9.2 |