From: Daniel Borkmann <dborkman@redhat.com>
To: James Yonan <james@openvpn.net>
Cc: Florian Weimer <fw@deneb.enyo.de>,
Marcelo Cerri <mhcerri@linux.vnet.ibm.com>,
linux-crypto@vger.kernel.org, herbert@gondor.hengli.com.au
Subject: Re: [PATCH] crypto_mem_not_equal: add constant-time equality testing of memory regions
Date: Thu, 19 Sep 2013 10:37:28 +0200 [thread overview]
Message-ID: <523AB7C8.2010108@redhat.com> (raw)
In-Reply-To: <523A41AE.9060105@openvpn.net>
On 09/19/2013 02:13 AM, James Yonan wrote:
[...]
> We can easily specify -Os in the Makefile rather than depending on #pragma optimize or __attribute__ optimize if they are considered broken.
>
> Re: arch/*/crypto/... asm, not sure it's worth it given the extra effort to develop, test, and maintain asm for all archs. The two things we care about (constant time and performance) seem readily achievable in C.
>
> Regarding O0 vs. Os, I would tend to prefer Os because it's much faster than O0, but still carries the desirable property that optimizations that increase code size are disabled. It seems that short-circuit optimizations would be disabled by this, since by definition a short-circuit optimization requires the addition of a compare and branch.
Ok, if we can make sure that this would overwrite global defaults in any circumstances,
then that approach should be fine, imho.
I would suggest that you use the crypto_mem_not_equal() function that you originally had
or that I was proposing, and still allow the possibility for an arch optimized version,
if people want to.
In that way, it can be kept simple and stupid and easy to review, just like all other
util functions such as memcmp etc is implemented in [1].
[1] http://lingrok.org/xref/linux-net-next/lib/string.c#643
next prev parent reply other threads:[~2013-09-19 8:39 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-09-10 18:38 [PATCH] crypto_memcmp: add constant-time memcmp James Yonan
2013-09-10 18:57 ` Daniel Borkmann
2013-09-11 12:19 ` Marcelo Cerri
2013-09-11 17:20 ` James Yonan
2013-09-13 8:33 ` Daniel Borkmann
2013-09-15 15:32 ` [PATCH] crypto_mem_not_equal: add constant-time equality testing of memory regions James Yonan
2013-09-15 15:45 ` Florian Weimer
2013-09-15 16:59 ` James Yonan
2013-09-16 7:56 ` Daniel Borkmann
2013-09-16 17:10 ` James Yonan
2013-09-17 19:07 ` Daniel Borkmann
2013-09-19 0:13 ` James Yonan
2013-09-19 8:37 ` Daniel Borkmann [this message]
2013-09-16 17:25 ` Florian Weimer
2013-09-15 15:38 ` [PATCH] crypto_memcmp: add constant-time memcmp James Yonan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=523AB7C8.2010108@redhat.com \
--to=dborkman@redhat.com \
--cc=fw@deneb.enyo.de \
--cc=herbert@gondor.hengli.com.au \
--cc=james@openvpn.net \
--cc=linux-crypto@vger.kernel.org \
--cc=mhcerri@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).