9front - general discussion about 9front
 help / color / mirror / Atom feed
* [9front] memory(2): mention tsmemcmp
@ 2021-04-29 11:40 kemal
  2021-04-29 16:32 ` [9front] " kemal
  0 siblings, 1 reply; 10+ messages in thread
From: kemal @ 2021-04-29 11:40 UTC (permalink / raw)
  To: 9front

diff -r b341860aaa26 sys/man/2/memory
--- a/sys/man/2/memory	Sun Apr 25 21:49:01 2021 +0200
+++ b/sys/man/2/memory	Thu Apr 29 14:38:46 2021 +0300
@@ -24,6 +24,11 @@
 .PP
 .B
 void*	memset(void *s, int c, ulong n)
+.PP
+.B #include <libsec.h>
+.PP
+.B
+int	tsmemcmp(void *s1, void *s2, ulong n)
 .SH DESCRIPTION
 These functions operate efficiently on memory areas
 (arrays of bytes bounded by a count, not terminated by a zero byte).
@@ -103,6 +108,11 @@
 .IR c .
 It returns
 .IR s .
+.PP
+.I Tsmemcmp
+is a variant of
+.I memcmp
+that is safe against timing attacks.
 .SH SOURCE
 All these routines have portable C implementations in
 .BR /sys/src/libc/port .
@@ -124,3 +134,8 @@
 and
 .I memmove
 are handed a negative count, they abort.
+.PP
+.I Memcmp
+should not be used to compare sensitive data as it's vulnerable to
timing attacks. Instead,
+.I tsmemcmp
+should be used.

^ permalink raw reply	[flat|nested] 10+ messages in thread

* [9front] Re: memory(2): mention tsmemcmp
  2021-04-29 11:40 [9front] memory(2): mention tsmemcmp kemal
@ 2021-04-29 16:32 ` kemal
  2021-05-02 10:51   ` cinap_lenrek
  0 siblings, 1 reply; 10+ messages in thread
From: kemal @ 2021-04-29 16:32 UTC (permalink / raw)
  To: 9front

shit, had a mistake. apply this one instead.

diff -r b341860aaa26 sys/man/2/memory
--- a/sys/man/2/memory	Sun Apr 25 21:49:01 2021 +0200
+++ b/sys/man/2/memory	Thu Apr 29 19:30:43 2021 +0300
@@ -1,6 +1,6 @@
 .TH MEMORY 2
 .SH NAME
-memccpy, memchr, memcmp, memcpy, memmove, memset \- memory operations
+memccpy, memchr, memcmp, memcpy, memmove, memset, tsmemcmp \- memory operations
 .SH SYNOPSIS
 .B #include <u.h>
 .br
@@ -24,6 +24,11 @@
 .PP
 .B
 void*	memset(void *s, int c, ulong n)
+.PP
+.B #include <libsec.h>
+.PP
+.B
+int	tsmemcmp(void *s1, void *s2, ulong n)
 .SH DESCRIPTION
 These functions operate efficiently on memory areas
 (arrays of bytes bounded by a count, not terminated by a zero byte).
@@ -103,6 +108,11 @@
 .IR c .
 It returns
 .IR s .
+.PP
+.I Tsmemcmp
+is a variant of
+.I memcmp
+that is safe against timing attacks.
 .SH SOURCE
 All these routines have portable C implementations in
 .BR /sys/src/libc/port .
@@ -124,3 +134,8 @@
 and
 .I memmove
 are handed a negative count, they abort.
+.PP
+.I Memcmp
+should not be used to compare sensitive data as it's vulnerable to
timing attacks. Instead,
+.I tsmemcmp
+should be used.

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [9front] Re: memory(2): mention tsmemcmp
  2021-04-29 16:32 ` [9front] " kemal
@ 2021-05-02 10:51   ` cinap_lenrek
  2021-05-02 14:21     ` kemal
  0 siblings, 1 reply; 10+ messages in thread
From: cinap_lenrek @ 2021-05-02 10:51 UTC (permalink / raw)
  To: 9front

I think it should be explained how it works. Basically, tsmemcmp always reads
all the bytes and does NOT stop early when it sees a difference. That makes its
runtime only a function of N, not the contents of the data so here can be no
information gathered about the data from measuring its runtime behaviour or
cache side-effects.

--
cinap

^ permalink raw reply	[flat|nested] 10+ messages in thread

* [9front] Re: memory(2): mention tsmemcmp
  2021-05-02 10:51   ` cinap_lenrek
@ 2021-05-02 14:21     ` kemal
  2021-05-04 10:40       ` umbraticus
  0 siblings, 1 reply; 10+ messages in thread
From: kemal @ 2021-05-02 14:21 UTC (permalink / raw)
  To: 9front

OK, added an explanation.

diff -r 47a307f91238 sys/man/2/memory
--- a/sys/man/2/memory	Fri Apr 30 00:20:39 2021 +0200
+++ b/sys/man/2/memory	Sun May 02 17:20:35 2021 +0300
@@ -1,6 +1,6 @@
 .TH MEMORY 2
 .SH NAME
-memccpy, memchr, memcmp, memcpy, memmove, memset \- memory operations
+memccpy, memchr, memcmp, memcpy, memmove, memset, tsmemcmp \- memory operations
 .SH SYNOPSIS
 .B #include <u.h>
 .br
@@ -24,6 +24,11 @@
 .PP
 .B
 void*	memset(void *s, int c, ulong n)
+.PP
+.B #include <libsec.h>
+.PP
+.B
+int	tsmemcmp(void *s1, void *s2, ulong n)
 .SH DESCRIPTION
 These functions operate efficiently on memory areas
 (arrays of bytes bounded by a count, not terminated by a zero byte).
@@ -103,11 +108,22 @@
 .IR c .
 It returns
 .IR s .
+.PP
+.I Tsmemcmp
+is a variant of
+.I memcmp
+that is safe against timing attacks.
+It does not stop when it sees a difference, this way it's runtime is
function of
+.I n
+and not something that can lead clues to attackers.
 .SH SOURCE
 All these routines have portable C implementations in
 .BR /sys/src/libc/port .
 Most also have machine-dependent assembly language implementations in
 .BR /sys/src/libc/$objtype .
+.I Tsmemcmp
+is found on
+.BR /sys/src/libsec/port/tsmemcmp.c .
 .SH SEE ALSO
 .IR strcat (2)
 .SH BUGS
@@ -124,3 +140,8 @@
 and
 .I memmove
 are handed a negative count, they abort.
+.PP
+.I Memcmp
+should not be used to compare sensitive data as it's vulnerable to
timing attacks. Instead,
+.I tsmemcmp
+should be used.

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [9front] Re: memory(2): mention tsmemcmp
  2021-05-02 14:21     ` kemal
@ 2021-05-04 10:40       ` umbraticus
  2021-05-09 13:10         ` cinap_lenrek
  0 siblings, 1 reply; 10+ messages in thread
From: umbraticus @ 2021-05-04 10:40 UTC (permalink / raw)
  To: 9front

Thanks.  Just fixed your itses and suggested some
mild improvements to the wording below.

diff -r 47a307f91238 sys/man/2/memory
--- a/sys/man/2/memory	Fri Apr 30 00:20:39 2021 +0200
+++ b/sys/man/2/memory	Sun May 02 17:20:35 2021 +0300
@@ -1,6 +1,6 @@
 .TH MEMORY 2
 .SH NAME
-memccpy, memchr, memcmp, memcpy, memmove, memset \- memory operations
+memccpy, memchr, memcmp, memcpy, memmove, memset, tsmemcmp \- memory operations
 .SH SYNOPSIS
 .B #include <u.h>
 .br
@@ -24,6 +24,11 @@
 .PP
 .B
 void*	memset(void *s, int c, ulong n)
+.PP
+.B #include <libsec.h>
+.PP
+.B
+int	tsmemcmp(void *s1, void *s2, ulong n)
 .SH DESCRIPTION
 These functions operate efficiently on memory areas
 (arrays of bytes bounded by a count, not terminated by a zero byte).
@@ -103,11 +108,22 @@
 .IR c .
 It returns
 .IR s .
+.PP
+.I Tsmemcmp
+is a variant of
+.I memcmp
+that is safe against timing attacks.
+It does not stop when it sees a difference,
+so that its runtime is a function of
+.I n
+and not something that can give an attacker clues.
 .SH SOURCE
 All these routines have portable C implementations in
 .BR /sys/src/libc/port .
 Most also have machine-dependent assembly language implementations in
 .BR /sys/src/libc/$objtype .
+.I Tsmemcmp
+is found at
+.BR /sys/src/libsec/port/tsmemcmp.c .
 .SH SEE ALSO
 .IR strcat (2)
 .SH BUGS
@@ -124,3 +140,8 @@
 and
 .I memmove
 are handed a negative count, they abort.
+.PP
+.I Memcmp
+should not be used to compare sensitive data,
+as it is vulnerable to timing attacks.
+Instead,
+.I tsmemcmp
+should be used.

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [9front] Re: memory(2): mention tsmemcmp
  2021-05-04 10:40       ` umbraticus
@ 2021-05-09 13:10         ` cinap_lenrek
  2021-05-09 15:25           ` kemal
  0 siblings, 1 reply; 10+ messages in thread
From: cinap_lenrek @ 2021-05-09 13:10 UTC (permalink / raw)
  To: 9front

sorry, this patch doesnt apply to me.

patching file `sys/man/2/memory'
patch: **** malformed patch at line 47:  .SH BUGS

--
cinap

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [9front] Re: memory(2): mention tsmemcmp
  2021-05-09 13:10         ` cinap_lenrek
@ 2021-05-09 15:25           ` kemal
  2021-05-09 16:10             ` hiro
  0 siblings, 1 reply; 10+ messages in thread
From: kemal @ 2021-05-09 15:25 UTC (permalink / raw)
  To: 9front

> sorry, this patch doesnt apply to me.

huh? i just generate it with `hg diff /sys/man/2/memory`. how come
it's malformed?
is there any better way to generate patches?

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [9front] Re: memory(2): mention tsmemcmp
  2021-05-09 15:25           ` kemal
@ 2021-05-09 16:10             ` hiro
  2021-05-09 19:17               ` kemal
  0 siblings, 1 reply; 10+ messages in thread
From: hiro @ 2021-05-09 16:10 UTC (permalink / raw)
  To: 9front

just add the patch as an attachment instead of inline. maybe your mail
client won't mangle it then :)

On 5/9/21, kemal <kemalinanc8@gmail.com> wrote:
>> sorry, this patch doesnt apply to me.
>
> huh? i just generate it with `hg diff /sys/man/2/memory`. how come
> it's malformed?
> is there any better way to generate patches?
>

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [9front] Re: memory(2): mention tsmemcmp
  2021-05-09 16:10             ` hiro
@ 2021-05-09 19:17               ` kemal
  2021-05-15 10:40                 ` cinap_lenrek
  0 siblings, 1 reply; 10+ messages in thread
From: kemal @ 2021-05-09 19:17 UTC (permalink / raw)
  To: 9front

[-- Attachment #1: Type: text/plain, Size: 226 bytes --]

> just add the patch as an attachment instead of inline. maybe your mail
> client won't mangle it then :)

oh, right. also i couldn't manage to setup smtp on 9 and
i have to use this shitty gmail web client, somebody help me.

[-- Attachment #2: a --]
[-- Type: application/octet-stream, Size: 1459 bytes --]

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [9front] Re: memory(2): mention tsmemcmp
  2021-05-09 19:17               ` kemal
@ 2021-05-15 10:40                 ` cinap_lenrek
  0 siblings, 0 replies; 10+ messages in thread
From: cinap_lenrek @ 2021-05-15 10:40 UTC (permalink / raw)
  To: 9front

applied! thanks!

--
cinap

^ permalink raw reply	[flat|nested] 10+ messages in thread

end of thread, other threads:[~2021-05-15 10:51 UTC | newest]

Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-04-29 11:40 [9front] memory(2): mention tsmemcmp kemal
2021-04-29 16:32 ` [9front] " kemal
2021-05-02 10:51   ` cinap_lenrek
2021-05-02 14:21     ` kemal
2021-05-04 10:40       ` umbraticus
2021-05-09 13:10         ` cinap_lenrek
2021-05-09 15:25           ` kemal
2021-05-09 16:10             ` hiro
2021-05-09 19:17               ` kemal
2021-05-15 10:40                 ` cinap_lenrek

9front - general discussion about 9front

This inbox may be cloned and mirrored by anyone:

	git clone --mirror http://inbox.vuxu.org/9front

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V1 9front 9front/ http://inbox.vuxu.org/9front \
		9front@9front.org
	public-inbox-index 9front

Example config snippet for mirrors.
Newsgroup available over NNTP:
	nntp://inbox.vuxu.org/vuxu.archive.9front


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git