shithub: plan9front

Download patch

ref: 013b2cad191eef50fd4e69c38f1544c5083b640d
parent: e72da62915b09d5673b0c0179ba8dfe045aeb8c3
author: cinap_lenrek <cinap_lenrek@felloff.net>
date: Sat May 15 06:40:11 EDT 2021

memory(2): mention tsmemcmp (thanks kemal)

--- a/sys/man/2/memory	Sun May  2 10:29:43 2021
+++ b/sys/man/2/memory	Sat May 15 06:40:11 2021
@@ -1,6 +1,6 @@
 .TH MEMORY 2
 .SH NAME
-memccpy, memchr, memcmp, memcpy, memmove, memset \- memory operations
+memccpy, memchr, memcmp, memcpy, memmove, memset, tsmemcmp \- memory operations
 .SH SYNOPSIS
 .B #include <u.h>
 .br
@@ -24,6 +24,11 @@
 .PP
 .B
 void*	memset(void *s, int c, ulong n)
+.PP
+.B #include <libsec.h>
+.PP
+.B
+int	tsmemcmp(void *s1, void *s2, ulong n)
 .SH DESCRIPTION
 These functions operate efficiently on memory areas
 (arrays of bytes bounded by a count, not terminated by a zero byte).
@@ -103,11 +108,22 @@
 .IR c .
 It returns
 .IR s .
+.PP
+.I Tsmemcmp
+is a variant of
+.I memcmp
+that is safe against timing attacks.
+It does not stop when it sees a difference, this way it's runtime is function of
+.I n
+and not something that can lead clues to attackers.
 .SH SOURCE
 All these routines have portable C implementations in
 .BR /sys/src/libc/port .
 Most also have machine-dependent assembly language implementations in
 .BR /sys/src/libc/$objtype .
+.I Tsmemcmp
+is found on
+.BR /sys/src/libsec/port/tsmemcmp.c .
 .SH SEE ALSO
 .IR strcat (2)
 .SH BUGS
@@ -124,3 +140,8 @@
 and
 .I memmove
 are handed a negative count, they abort.
+.PP
+.I Memcmp
+should not be used to compare sensitive data as it's vulnerable to timing attacks. Instead, 
+.I tsmemcmp
+should be used.