Constant-time comparison of two binaries.
Used wherever an attacker-controlled value is checked against a secret
or a derived digest (a DPoP ath, a PKCE challenge) and a
short-circuiting == would leak information through timing.
Summary
Functions
Returns true iff a and b are byte-identical, comparing in
constant time.
Functions
Returns true iff a and b are byte-identical, comparing in
constant time.
:crypto.hash_equals/2 requires equal-length inputs, and at least one
operand here is attacker-controlled, so the length is gated first. The
length check is not itself timing-sensitive in the cases this is used
for: the operands are fixed-length base64url digests, so a length
mismatch only ever means a malformed input, not a near-miss secret.