ref: 013b2cad191eef50fd4e69c38f1544c5083b640d
parent: e72da62915b09d5673b0c0179ba8dfe045aeb8c3
author: cinap_lenrek <[email protected]>
date: Sat May 15 08:40:11 EDT 2021
memory(2): mention tsmemcmp (thanks kemal)
--- a/sys/man/2/memory
+++ b/sys/man/2/memory
@@ -1,6 +1,6 @@
.TH MEMORY 2
.SH NAME
-memccpy, memchr, memcmp, memcpy, memmove, memset \- memory operations
+memccpy, memchr, memcmp, memcpy, memmove, memset, tsmemcmp \- memory operations
.SH SYNOPSIS
.B #include <u.h>
.br
@@ -24,6 +24,11 @@
.PP
.B
void* memset(void *s, int c, ulong n)
+.PP
+.B #include <libsec.h>
+.PP
+.B
+int tsmemcmp(void *s1, void *s2, ulong n)
.SH DESCRIPTION
These functions operate efficiently on memory areas
(arrays of bytes bounded by a count, not terminated by a zero byte).
@@ -103,11 +108,22 @@
.IR c .
It returns
.IR s .
+.PP
+.I Tsmemcmp
+is a variant of
+.I memcmp
+that is safe against timing attacks.
+It does not stop when it sees a difference, this way it's runtime is function of
+.I n
+and not something that can lead clues to attackers.
.SH SOURCE
All these routines have portable C implementations in
.BR /sys/src/libc/port .
Most also have machine-dependent assembly language implementations in
.BR /sys/src/libc/$objtype .
+.I Tsmemcmp
+is found on
+.BR /sys/src/libsec/port/tsmemcmp.c .
.SH SEE ALSO
.IR strcat (2)
.SH BUGS
@@ -124,3 +140,8 @@
and
.I memmove
are handed a negative count, they abort.
+.PP
+.I Memcmp
+should not be used to compare sensitive data as it's vulnerable to timing attacks. Instead,
+.I tsmemcmp
+should be used.