Possible Unsound API

[charlesxsh]

src/util.rs

pub fn fixed_time_eq(lhs: &[u8], rhs: &[u8]) -> bool {
    if lhs.len() != rhs.len() {
        false
    } else {
        let count = lhs.len() as libc::size_t;

        unsafe {
            let lhsp = lhs.get_unchecked(0);
            let rhsp = rhs.get_unchecked(0);
            rust_crypto_util_fixed_time_eq_asm(lhsp, rhsp, count) == 0
        }
    }
}

In function fixed_time_eq, The unsafe call get_unchecked might cause memory issue if lhs and rhs are zero length array. In Rust, we should not cause memory issue when merely using safe function.

[Pranavjeet-Naidu]

Turns out the crate itself has been unmaintained since a long time . See : https://rustsec.org/advisories/RUSTSEC-2016-0005.html