You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
security: use constant-time equality for secret-bearing types
Secret-bearing types in the public API used derived (non-constant-time)
`PartialEq`, allowing timing side-channels when comparing secrets.
Replace the derived `PartialEq` with manual implementations backed by
`subtle::ConstantTimeEq`:
- `SharedSecret` in `src/kem/mod.rs`
- `SecretKey` and `UserSecretKey` in `boyen_waters`, `waters` and
`waters_naccache`
Each type now implements `ConstantTimeEq` (delegating to the field(s)'
`ct_eq`) and `PartialEq` via `self.ct_eq(other).into()`, matching the
pattern already used for `CipherText` in the `cgw` module.
Refs GHSA-whr9-835c-9m5j, closes#43
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
0 commit comments