Verify cryptographic function behavior

When implementing cryptographic algorithms, always verify the exact behavior and return values of security-critical functions. Misinterpreting how functions signal success or equality can lead to severe security vulnerabilities.

In particular:

• Confirm whether comparison functions return true/false or 0/non-0 for equality
• Implement security checks with precise understanding of function semantics
• Follow relevant cryptographic standards (RFCs) meticulously
• Use constant-time operations for cryptographic comparisons to prevent timing attacks

Example of a potential error in a security check:

// INCORRECT: Misinterpreting constantTimeMemcmp which returns 0 for equality
if (derivedKey->size() != expectedOutputSize || !constantTimeMemcmp(derivedKey->span(), zeros)) {
    // Handle insecure all-zeros key case
}

// CORRECT: Properly checking for equality with constantTimeMemcmp
if (derivedKey->size() != expectedOutputSize || constantTimeMemcmp(derivedKey->span(), zeros) == 0) {
    // Handle insecure all-zeros key case
}

Security-critical checks must be implemented correctly the first time - cryptographic vulnerabilities can be subtle and devastating.