code: plan9front

Info  •  Files  •  Log

memory(2): mention tsmemcmp (thanks kemal)

--- a/sys/man/2/memory

+++ b/sys/man/2/memory

@@ -1,6 +1,6 @@

 .TH MEMORY 2

 .SH NAME

-memccpy, memchr, memcmp, memcpy, memmove, memset \- memory operations

+memccpy, memchr, memcmp, memcpy, memmove, memset, tsmemcmp \- memory operations

 .SH SYNOPSIS

 .B #include <u.h>

 .br

@@ -24,6 +24,11 @@

 .PP

 .B

 void*	memset(void *s, int c, ulong n)

+.PP

+.B #include <libsec.h>

+.PP

+.B

+int	tsmemcmp(void *s1, void *s2, ulong n)

 .SH DESCRIPTION

 These functions operate efficiently on memory areas

 (arrays of bytes bounded by a count, not terminated by a zero byte).

@@ -103,11 +108,22 @@

 .IR c .

 It returns

 .IR s .

+.PP

+.I Tsmemcmp

+is a variant of

+.I memcmp

+that is safe against timing attacks.

+It does not stop when it sees a difference, this way it's runtime is function of

+.I n

+and not something that can lead clues to attackers.

 .SH SOURCE

 All these routines have portable C implementations in

 .BR /sys/src/libc/port .

 Most also have machine-dependent assembly language implementations in

 .BR /sys/src/libc/$objtype .

+.I Tsmemcmp

+is found on

+.BR /sys/src/libsec/port/tsmemcmp.c .

 .SH SEE ALSO

 .IR strcat (2)

 .SH BUGS

@@ -124,3 +140,8 @@

 and

 .I memmove

 are handed a negative count, they abort.

+.PP

+.I Memcmp

+should not be used to compare sensitive data as it's vulnerable to timing attacks. Instead, 

+.I tsmemcmp

+should be used.