diff options
author | G. Branden Robinson <g.branden.robinson@gmail.com> | 2023-07-30 10:31:37 -0500 |
---|---|---|
committer | Alejandro Colomar <alx@kernel.org> | 2023-07-30 19:29:19 +0200 |
commit | 96507853a1cc5ab3ce7123a7486fc3d13fd092b0 (patch) | |
tree | 44ddae231d7cc5d12dec7ef361227be84a9decbd | |
parent | da6d0c648bbc79fb1366029951e1bb1fce6504fa (diff) |
memcmp.3: Recast security caveat
Use terminology more carefully.
* Refer to the info sec property of confidentiality[1] instead of saying,
vaguely, "security-critical".
* Try not to confuse anyone who's studied the analysis of algorithms:
don't say "constant time" when "deterministic time" is meant. The
time to perform the memory comparison remains linear (O(n)), not
constant (O(1)).
* Tighten wording.
Link: [1] <https://informationsecurity.wustl.edu/items/confidentiality-integrity-and-availability-the-cia-triad/>
Signed-off-by: "G. Branden Robinson" <g.branden.robinson@gmail.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
-rw-r--r-- | man3/memcmp.3 | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/man3/memcmp.3 b/man3/memcmp.3 index 9a2aad353..67ebe392e 100644 --- a/man3/memcmp.3 +++ b/man3/memcmp.3 @@ -67,9 +67,17 @@ POSIX.1-2001, C89, SVr4, 4.3BSD. .SH CAVEATS Do not use .BR memcmp () -to compare security critical data, such as cryptographic secrets, -because the required CPU time depends on the number of equal bytes. -Instead, a function that performs comparisons in constant time is required. +to compare confidential data, +such as cryptographic secrets, +because the CPU time required for the comparison +depends on the contents of the addresses compared, +this function is subject to timing-based side-channel attacks. +In such cases, +a function that performs comparisons in deterministic time, +depending only on +.I n +(the quantity of bytes compared) +is required. Some operating systems provide such a function (e.g., NetBSD's .BR consttime_memequal ()), but no such function is specified in POSIX. |