diff options
-rw-r--r-- | man3/memcmp.3 | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/man3/memcmp.3 b/man3/memcmp.3 index 9a2aad353..67ebe392e 100644 --- a/man3/memcmp.3 +++ b/man3/memcmp.3 @@ -67,9 +67,17 @@ POSIX.1-2001, C89, SVr4, 4.3BSD. .SH CAVEATS Do not use .BR memcmp () -to compare security critical data, such as cryptographic secrets, -because the required CPU time depends on the number of equal bytes. -Instead, a function that performs comparisons in constant time is required. +to compare confidential data, +such as cryptographic secrets, +because the CPU time required for the comparison +depends on the contents of the addresses compared, +this function is subject to timing-based side-channel attacks. +In such cases, +a function that performs comparisons in deterministic time, +depending only on +.I n +(the quantity of bytes compared) +is required. Some operating systems provide such a function (e.g., NetBSD's .BR consttime_memequal ()), but no such function is specified in POSIX. |