* [9front] memory(2): mention tsmemcmp
@ 2021-04-29 11:40 kemal
2021-04-29 16:32 ` [9front] " kemal
0 siblings, 1 reply; 10+ messages in thread
From: kemal @ 2021-04-29 11:40 UTC (permalink / raw)
To: 9front
diff -r b341860aaa26 sys/man/2/memory
--- a/sys/man/2/memory Sun Apr 25 21:49:01 2021 +0200
+++ b/sys/man/2/memory Thu Apr 29 14:38:46 2021 +0300
@@ -24,6 +24,11 @@
.PP
.B
void* memset(void *s, int c, ulong n)
+.PP
+.B #include <libsec.h>
+.PP
+.B
+int tsmemcmp(void *s1, void *s2, ulong n)
.SH DESCRIPTION
These functions operate efficiently on memory areas
(arrays of bytes bounded by a count, not terminated by a zero byte).
@@ -103,6 +108,11 @@
.IR c .
It returns
.IR s .
+.PP
+.I Tsmemcmp
+is a variant of
+.I memcmp
+that is safe against timing attacks.
.SH SOURCE
All these routines have portable C implementations in
.BR /sys/src/libc/port .
@@ -124,3 +134,8 @@
and
.I memmove
are handed a negative count, they abort.
+.PP
+.I Memcmp
+should not be used to compare sensitive data as it's vulnerable to
timing attacks. Instead,
+.I tsmemcmp
+should be used.
^ permalink raw reply [flat|nested] 10+ messages in thread
* [9front] Re: memory(2): mention tsmemcmp
2021-04-29 11:40 [9front] memory(2): mention tsmemcmp kemal
@ 2021-04-29 16:32 ` kemal
2021-05-02 10:51 ` cinap_lenrek
0 siblings, 1 reply; 10+ messages in thread
From: kemal @ 2021-04-29 16:32 UTC (permalink / raw)
To: 9front
shit, had a mistake. apply this one instead.
diff -r b341860aaa26 sys/man/2/memory
--- a/sys/man/2/memory Sun Apr 25 21:49:01 2021 +0200
+++ b/sys/man/2/memory Thu Apr 29 19:30:43 2021 +0300
@@ -1,6 +1,6 @@
.TH MEMORY 2
.SH NAME
-memccpy, memchr, memcmp, memcpy, memmove, memset \- memory operations
+memccpy, memchr, memcmp, memcpy, memmove, memset, tsmemcmp \- memory operations
.SH SYNOPSIS
.B #include <u.h>
.br
@@ -24,6 +24,11 @@
.PP
.B
void* memset(void *s, int c, ulong n)
+.PP
+.B #include <libsec.h>
+.PP
+.B
+int tsmemcmp(void *s1, void *s2, ulong n)
.SH DESCRIPTION
These functions operate efficiently on memory areas
(arrays of bytes bounded by a count, not terminated by a zero byte).
@@ -103,6 +108,11 @@
.IR c .
It returns
.IR s .
+.PP
+.I Tsmemcmp
+is a variant of
+.I memcmp
+that is safe against timing attacks.
.SH SOURCE
All these routines have portable C implementations in
.BR /sys/src/libc/port .
@@ -124,3 +134,8 @@
and
.I memmove
are handed a negative count, they abort.
+.PP
+.I Memcmp
+should not be used to compare sensitive data as it's vulnerable to
timing attacks. Instead,
+.I tsmemcmp
+should be used.
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [9front] Re: memory(2): mention tsmemcmp
2021-04-29 16:32 ` [9front] " kemal
@ 2021-05-02 10:51 ` cinap_lenrek
2021-05-02 14:21 ` kemal
0 siblings, 1 reply; 10+ messages in thread
From: cinap_lenrek @ 2021-05-02 10:51 UTC (permalink / raw)
To: 9front
I think it should be explained how it works. Basically, tsmemcmp always reads
all the bytes and does NOT stop early when it sees a difference. That makes its
runtime only a function of N, not the contents of the data so here can be no
information gathered about the data from measuring its runtime behaviour or
cache side-effects.
--
cinap
^ permalink raw reply [flat|nested] 10+ messages in thread
* [9front] Re: memory(2): mention tsmemcmp
2021-05-02 10:51 ` cinap_lenrek
@ 2021-05-02 14:21 ` kemal
2021-05-04 10:40 ` umbraticus
0 siblings, 1 reply; 10+ messages in thread
From: kemal @ 2021-05-02 14:21 UTC (permalink / raw)
To: 9front
OK, added an explanation.
diff -r 47a307f91238 sys/man/2/memory
--- a/sys/man/2/memory Fri Apr 30 00:20:39 2021 +0200
+++ b/sys/man/2/memory Sun May 02 17:20:35 2021 +0300
@@ -1,6 +1,6 @@
.TH MEMORY 2
.SH NAME
-memccpy, memchr, memcmp, memcpy, memmove, memset \- memory operations
+memccpy, memchr, memcmp, memcpy, memmove, memset, tsmemcmp \- memory operations
.SH SYNOPSIS
.B #include <u.h>
.br
@@ -24,6 +24,11 @@
.PP
.B
void* memset(void *s, int c, ulong n)
+.PP
+.B #include <libsec.h>
+.PP
+.B
+int tsmemcmp(void *s1, void *s2, ulong n)
.SH DESCRIPTION
These functions operate efficiently on memory areas
(arrays of bytes bounded by a count, not terminated by a zero byte).
@@ -103,11 +108,22 @@
.IR c .
It returns
.IR s .
+.PP
+.I Tsmemcmp
+is a variant of
+.I memcmp
+that is safe against timing attacks.
+It does not stop when it sees a difference, this way it's runtime is
function of
+.I n
+and not something that can lead clues to attackers.
.SH SOURCE
All these routines have portable C implementations in
.BR /sys/src/libc/port .
Most also have machine-dependent assembly language implementations in
.BR /sys/src/libc/$objtype .
+.I Tsmemcmp
+is found on
+.BR /sys/src/libsec/port/tsmemcmp.c .
.SH SEE ALSO
.IR strcat (2)
.SH BUGS
@@ -124,3 +140,8 @@
and
.I memmove
are handed a negative count, they abort.
+.PP
+.I Memcmp
+should not be used to compare sensitive data as it's vulnerable to
timing attacks. Instead,
+.I tsmemcmp
+should be used.
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [9front] Re: memory(2): mention tsmemcmp
2021-05-02 14:21 ` kemal
@ 2021-05-04 10:40 ` umbraticus
2021-05-09 13:10 ` cinap_lenrek
0 siblings, 1 reply; 10+ messages in thread
From: umbraticus @ 2021-05-04 10:40 UTC (permalink / raw)
To: 9front
Thanks. Just fixed your itses and suggested some
mild improvements to the wording below.
diff -r 47a307f91238 sys/man/2/memory
--- a/sys/man/2/memory Fri Apr 30 00:20:39 2021 +0200
+++ b/sys/man/2/memory Sun May 02 17:20:35 2021 +0300
@@ -1,6 +1,6 @@
.TH MEMORY 2
.SH NAME
-memccpy, memchr, memcmp, memcpy, memmove, memset \- memory operations
+memccpy, memchr, memcmp, memcpy, memmove, memset, tsmemcmp \- memory operations
.SH SYNOPSIS
.B #include <u.h>
.br
@@ -24,6 +24,11 @@
.PP
.B
void* memset(void *s, int c, ulong n)
+.PP
+.B #include <libsec.h>
+.PP
+.B
+int tsmemcmp(void *s1, void *s2, ulong n)
.SH DESCRIPTION
These functions operate efficiently on memory areas
(arrays of bytes bounded by a count, not terminated by a zero byte).
@@ -103,11 +108,22 @@
.IR c .
It returns
.IR s .
+.PP
+.I Tsmemcmp
+is a variant of
+.I memcmp
+that is safe against timing attacks.
+It does not stop when it sees a difference,
+so that its runtime is a function of
+.I n
+and not something that can give an attacker clues.
.SH SOURCE
All these routines have portable C implementations in
.BR /sys/src/libc/port .
Most also have machine-dependent assembly language implementations in
.BR /sys/src/libc/$objtype .
+.I Tsmemcmp
+is found at
+.BR /sys/src/libsec/port/tsmemcmp.c .
.SH SEE ALSO
.IR strcat (2)
.SH BUGS
@@ -124,3 +140,8 @@
and
.I memmove
are handed a negative count, they abort.
+.PP
+.I Memcmp
+should not be used to compare sensitive data,
+as it is vulnerable to timing attacks.
+Instead,
+.I tsmemcmp
+should be used.
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [9front] Re: memory(2): mention tsmemcmp
2021-05-04 10:40 ` umbraticus
@ 2021-05-09 13:10 ` cinap_lenrek
2021-05-09 15:25 ` kemal
0 siblings, 1 reply; 10+ messages in thread
From: cinap_lenrek @ 2021-05-09 13:10 UTC (permalink / raw)
To: 9front
sorry, this patch doesnt apply to me.
patching file `sys/man/2/memory'
patch: **** malformed patch at line 47: .SH BUGS
--
cinap
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [9front] Re: memory(2): mention tsmemcmp
2021-05-09 13:10 ` cinap_lenrek
@ 2021-05-09 15:25 ` kemal
2021-05-09 16:10 ` hiro
0 siblings, 1 reply; 10+ messages in thread
From: kemal @ 2021-05-09 15:25 UTC (permalink / raw)
To: 9front
> sorry, this patch doesnt apply to me.
huh? i just generate it with `hg diff /sys/man/2/memory`. how come
it's malformed?
is there any better way to generate patches?
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [9front] Re: memory(2): mention tsmemcmp
2021-05-09 15:25 ` kemal
@ 2021-05-09 16:10 ` hiro
2021-05-09 19:17 ` kemal
0 siblings, 1 reply; 10+ messages in thread
From: hiro @ 2021-05-09 16:10 UTC (permalink / raw)
To: 9front
just add the patch as an attachment instead of inline. maybe your mail
client won't mangle it then :)
On 5/9/21, kemal <kemalinanc8@gmail.com> wrote:
>> sorry, this patch doesnt apply to me.
>
> huh? i just generate it with `hg diff /sys/man/2/memory`. how come
> it's malformed?
> is there any better way to generate patches?
>
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [9front] Re: memory(2): mention tsmemcmp
2021-05-09 16:10 ` hiro
@ 2021-05-09 19:17 ` kemal
2021-05-15 10:40 ` cinap_lenrek
0 siblings, 1 reply; 10+ messages in thread
From: kemal @ 2021-05-09 19:17 UTC (permalink / raw)
To: 9front
[-- Attachment #1: Type: text/plain, Size: 226 bytes --]
> just add the patch as an attachment instead of inline. maybe your mail
> client won't mangle it then :)
oh, right. also i couldn't manage to setup smtp on 9 and
i have to use this shitty gmail web client, somebody help me.
[-- Attachment #2: a --]
[-- Type: application/octet-stream, Size: 1459 bytes --]
diff -r 5c3701c99ef7 sys/man/2/memory
--- a/sys/man/2/memory Tue May 04 15:32:35 2021 +0200
+++ b/sys/man/2/memory Sun May 09 22:10:05 2021 +0300
@@ -1,6 +1,6 @@
.TH MEMORY 2
.SH NAME
-memccpy, memchr, memcmp, memcpy, memmove, memset \- memory operations
+memccpy, memchr, memcmp, memcpy, memmove, memset, tsmemcmp \- memory operations
.SH SYNOPSIS
.B #include <u.h>
.br
@@ -24,6 +24,11 @@
.PP
.B
void* memset(void *s, int c, ulong n)
+.PP
+.B #include <libsec.h>
+.PP
+.B
+int tsmemcmp(void *s1, void *s2, ulong n)
.SH DESCRIPTION
These functions operate efficiently on memory areas
(arrays of bytes bounded by a count, not terminated by a zero byte).
@@ -103,11 +108,22 @@
.IR c .
It returns
.IR s .
+.PP
+.I Tsmemcmp
+is a variant of
+.I memcmp
+that is safe against timing attacks.
+It does not stop when it sees a difference, this way it's runtime is function of
+.I n
+and not something that can lead clues to attackers.
.SH SOURCE
All these routines have portable C implementations in
.BR /sys/src/libc/port .
Most also have machine-dependent assembly language implementations in
.BR /sys/src/libc/$objtype .
+.I Tsmemcmp
+is found on
+.BR /sys/src/libsec/port/tsmemcmp.c .
.SH SEE ALSO
.IR strcat (2)
.SH BUGS
@@ -124,3 +140,8 @@
and
.I memmove
are handed a negative count, they abort.
+.PP
+.I Memcmp
+should not be used to compare sensitive data as it's vulnerable to timing attacks. Instead,
+.I tsmemcmp
+should be used.
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [9front] Re: memory(2): mention tsmemcmp
2021-05-09 19:17 ` kemal
@ 2021-05-15 10:40 ` cinap_lenrek
0 siblings, 0 replies; 10+ messages in thread
From: cinap_lenrek @ 2021-05-15 10:40 UTC (permalink / raw)
To: 9front
applied! thanks!
--
cinap
^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2021-05-15 10:51 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-04-29 11:40 [9front] memory(2): mention tsmemcmp kemal
2021-04-29 16:32 ` [9front] " kemal
2021-05-02 10:51 ` cinap_lenrek
2021-05-02 14:21 ` kemal
2021-05-04 10:40 ` umbraticus
2021-05-09 13:10 ` cinap_lenrek
2021-05-09 15:25 ` kemal
2021-05-09 16:10 ` hiro
2021-05-09 19:17 ` kemal
2021-05-15 10:40 ` cinap_lenrek
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).