From: Alejandro Colomar <alx@kernel.org>
To: "G. Branden Robinson" <g.branden.robinson@gmail.com>
Cc: linux-man@vger.kernel.org
Subject: Re: [PATCH v2] memcmp.3: Recast security caveat
Date: Sun, 30 Jul 2023 19:31:39 +0200 [thread overview]
Message-ID: <08b04a82-8bd3-07fb-9962-a28354e8de60@kernel.org> (raw)
In-Reply-To: <20230730153137.qgkurw4mudy6etca@illithid>
[-- Attachment #1.1: Type: text/plain, Size: 2217 bytes --]
Hi Branden,
On 2023-07-30 17:31, G. Branden Robinson wrote:
> Use terminology more carefully.
>
> * Refer to the info sec property of confidentiality instead of saying,
> vaguely, "security-critical".
> https://informationsecurity.wustl.edu/items/\
> confidentiality-integrity-and-availability-the-cia-triad/
> * Try not to confuse anyone who's studied the analysis of algorithms:
> don't say "constant time" when "deterministic time" is meant. The
> time to perform the memory comparison remains linear (O(n)), not
> constant (O(1)).
> * Tighten wording.
I prefer 2 spaces between the bullet and the list contents. See
man-pages(7). Anyway, I accepted it this time. :)
>
> Signed-off-by: G. Branden Robinson <g.branden.robinson@gmail.com>
You need to quote your name with '"' due to the '.'. I've found
some software has issues with it. git-send-email(1) is one of them
(due to the perl library it uses).
Anyway, patch applied. Thanks!
Cheers,
Alex
> ---
> man3/memcmp.3 | 14 +++++++++++---
> 1 file changed, 11 insertions(+), 3 deletions(-)
>
> diff --git a/man3/memcmp.3 b/man3/memcmp.3
> index 9a2aad353..67ebe392e 100644
> --- a/man3/memcmp.3
> +++ b/man3/memcmp.3
> @@ -67,9 +67,17 @@ .SH HISTORY
> .SH CAVEATS
> Do not use
> .BR memcmp ()
> -to compare security critical data, such as cryptographic secrets,
> -because the required CPU time depends on the number of equal bytes.
> -Instead, a function that performs comparisons in constant time is required.
> +to compare confidential data,
> +such as cryptographic secrets,
> +because the CPU time required for the comparison
> +depends on the contents of the addresses compared,
> +this function is subject to timing-based side-channel attacks.
> +In such cases,
> +a function that performs comparisons in deterministic time,
> +depending only on
> +.I n
> +(the quantity of bytes compared)
> +is required.
> Some operating systems provide such a function (e.g., NetBSD's
> .BR consttime_memequal ()),
> but no such function is specified in POSIX.
--
<http://www.alejandro-colomar.es/>
GPG key fingerprint: A9348594CE31283A826FBDD8D57633D441E25BB5
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
next prev parent reply other threads:[~2023-07-30 17:31 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-07-30 15:31 [PATCH v2] memcmp.3: Recast security caveat G. Branden Robinson
2023-07-30 17:31 ` Alejandro Colomar [this message]
2023-07-31 11:06 ` G. Branden Robinson
2023-07-31 11:53 ` Alejandro Colomar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=08b04a82-8bd3-07fb-9962-a28354e8de60@kernel.org \
--to=alx@kernel.org \
--cc=g.branden.robinson@gmail.com \
--cc=linux-man@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox