diff -r b341860aaa26 sys/man/2/memory --- a/sys/man/2/memory Sun Apr 25 21:49:01 2021 +0200 +++ b/sys/man/2/memory Thu Apr 29 14:38:46 2021 +0300 @@ -24,6 +24,11 @@ .PP .B void* memset(void *s, int c, ulong n) +.PP +.B #include <libsec.h> +.PP +.B +int tsmemcmp(void *s1, void *s2, ulong n) .SH DESCRIPTION These functions operate efficiently on memory areas (arrays of bytes bounded by a count, not terminated by a zero byte). @@ -103,6 +108,11 @@ .IR c . It returns .IR s . +.PP +.I Tsmemcmp +is a variant of +.I memcmp +that is safe against timing attacks. .SH SOURCE All these routines have portable C implementations in .BR /sys/src/libc/port . @@ -124,3 +134,8 @@ and .I memmove are handed a negative count, they abort. +.PP +.I Memcmp +should not be used to compare sensitive data as it's vulnerable to timing attacks. Instead, +.I tsmemcmp +should be used.
shit, had a mistake. apply this one instead. diff -r b341860aaa26 sys/man/2/memory --- a/sys/man/2/memory Sun Apr 25 21:49:01 2021 +0200 +++ b/sys/man/2/memory Thu Apr 29 19:30:43 2021 +0300 @@ -1,6 +1,6 @@ .TH MEMORY 2 .SH NAME -memccpy, memchr, memcmp, memcpy, memmove, memset \- memory operations +memccpy, memchr, memcmp, memcpy, memmove, memset, tsmemcmp \- memory operations .SH SYNOPSIS .B #include <u.h> .br @@ -24,6 +24,11 @@ .PP .B void* memset(void *s, int c, ulong n) +.PP +.B #include <libsec.h> +.PP +.B +int tsmemcmp(void *s1, void *s2, ulong n) .SH DESCRIPTION These functions operate efficiently on memory areas (arrays of bytes bounded by a count, not terminated by a zero byte). @@ -103,6 +108,11 @@ .IR c . It returns .IR s . +.PP +.I Tsmemcmp +is a variant of +.I memcmp +that is safe against timing attacks. .SH SOURCE All these routines have portable C implementations in .BR /sys/src/libc/port . @@ -124,3 +134,8 @@ and .I memmove are handed a negative count, they abort. +.PP +.I Memcmp +should not be used to compare sensitive data as it's vulnerable to timing attacks. Instead, +.I tsmemcmp +should be used.
I think it should be explained how it works. Basically, tsmemcmp always reads all the bytes and does NOT stop early when it sees a difference. That makes its runtime only a function of N, not the contents of the data so here can be no information gathered about the data from measuring its runtime behaviour or cache side-effects. -- cinap
OK, added an explanation. diff -r 47a307f91238 sys/man/2/memory --- a/sys/man/2/memory Fri Apr 30 00:20:39 2021 +0200 +++ b/sys/man/2/memory Sun May 02 17:20:35 2021 +0300 @@ -1,6 +1,6 @@ .TH MEMORY 2 .SH NAME -memccpy, memchr, memcmp, memcpy, memmove, memset \- memory operations +memccpy, memchr, memcmp, memcpy, memmove, memset, tsmemcmp \- memory operations .SH SYNOPSIS .B #include <u.h> .br @@ -24,6 +24,11 @@ .PP .B void* memset(void *s, int c, ulong n) +.PP +.B #include <libsec.h> +.PP +.B +int tsmemcmp(void *s1, void *s2, ulong n) .SH DESCRIPTION These functions operate efficiently on memory areas (arrays of bytes bounded by a count, not terminated by a zero byte). @@ -103,11 +108,22 @@ .IR c . It returns .IR s . +.PP +.I Tsmemcmp +is a variant of +.I memcmp +that is safe against timing attacks. +It does not stop when it sees a difference, this way it's runtime is function of +.I n +and not something that can lead clues to attackers. .SH SOURCE All these routines have portable C implementations in .BR /sys/src/libc/port . Most also have machine-dependent assembly language implementations in .BR /sys/src/libc/$objtype . +.I Tsmemcmp +is found on +.BR /sys/src/libsec/port/tsmemcmp.c . .SH SEE ALSO .IR strcat (2) .SH BUGS @@ -124,3 +140,8 @@ and .I memmove are handed a negative count, they abort. +.PP +.I Memcmp +should not be used to compare sensitive data as it's vulnerable to timing attacks. Instead, +.I tsmemcmp +should be used.
Thanks. Just fixed your itses and suggested some mild improvements to the wording below. diff -r 47a307f91238 sys/man/2/memory --- a/sys/man/2/memory Fri Apr 30 00:20:39 2021 +0200 +++ b/sys/man/2/memory Sun May 02 17:20:35 2021 +0300 @@ -1,6 +1,6 @@ .TH MEMORY 2 .SH NAME -memccpy, memchr, memcmp, memcpy, memmove, memset \- memory operations +memccpy, memchr, memcmp, memcpy, memmove, memset, tsmemcmp \- memory operations .SH SYNOPSIS .B #include <u.h> .br @@ -24,6 +24,11 @@ .PP .B void* memset(void *s, int c, ulong n) +.PP +.B #include <libsec.h> +.PP +.B +int tsmemcmp(void *s1, void *s2, ulong n) .SH DESCRIPTION These functions operate efficiently on memory areas (arrays of bytes bounded by a count, not terminated by a zero byte). @@ -103,11 +108,22 @@ .IR c . It returns .IR s . +.PP +.I Tsmemcmp +is a variant of +.I memcmp +that is safe against timing attacks. +It does not stop when it sees a difference, +so that its runtime is a function of +.I n +and not something that can give an attacker clues. .SH SOURCE All these routines have portable C implementations in .BR /sys/src/libc/port . Most also have machine-dependent assembly language implementations in .BR /sys/src/libc/$objtype . +.I Tsmemcmp +is found at +.BR /sys/src/libsec/port/tsmemcmp.c . .SH SEE ALSO .IR strcat (2) .SH BUGS @@ -124,3 +140,8 @@ and .I memmove are handed a negative count, they abort. +.PP +.I Memcmp +should not be used to compare sensitive data, +as it is vulnerable to timing attacks. +Instead, +.I tsmemcmp +should be used.
sorry, this patch doesnt apply to me. patching file `sys/man/2/memory' patch: **** malformed patch at line 47: .SH BUGS -- cinap
> sorry, this patch doesnt apply to me.
huh? i just generate it with `hg diff /sys/man/2/memory`. how come
it's malformed?
is there any better way to generate patches?
just add the patch as an attachment instead of inline. maybe your mail
client won't mangle it then :)
On 5/9/21, kemal <kemalinanc8@gmail.com> wrote:
>> sorry, this patch doesnt apply to me.
>
> huh? i just generate it with `hg diff /sys/man/2/memory`. how come
> it's malformed?
> is there any better way to generate patches?
>
[-- Attachment #1: Type: text/plain, Size: 226 bytes --] > just add the patch as an attachment instead of inline. maybe your mail > client won't mangle it then :) oh, right. also i couldn't manage to setup smtp on 9 and i have to use this shitty gmail web client, somebody help me. [-- Attachment #2: a --] [-- Type: application/octet-stream, Size: 1459 bytes --] diff -r 5c3701c99ef7 sys/man/2/memory --- a/sys/man/2/memory Tue May 04 15:32:35 2021 +0200 +++ b/sys/man/2/memory Sun May 09 22:10:05 2021 +0300 @@ -1,6 +1,6 @@ .TH MEMORY 2 .SH NAME -memccpy, memchr, memcmp, memcpy, memmove, memset \- memory operations +memccpy, memchr, memcmp, memcpy, memmove, memset, tsmemcmp \- memory operations .SH SYNOPSIS .B #include <u.h> .br @@ -24,6 +24,11 @@ .PP .B void* memset(void *s, int c, ulong n) +.PP +.B #include <libsec.h> +.PP +.B +int tsmemcmp(void *s1, void *s2, ulong n) .SH DESCRIPTION These functions operate efficiently on memory areas (arrays of bytes bounded by a count, not terminated by a zero byte). @@ -103,11 +108,22 @@ .IR c . It returns .IR s . +.PP +.I Tsmemcmp +is a variant of +.I memcmp +that is safe against timing attacks. +It does not stop when it sees a difference, this way it's runtime is function of +.I n +and not something that can lead clues to attackers. .SH SOURCE All these routines have portable C implementations in .BR /sys/src/libc/port . Most also have machine-dependent assembly language implementations in .BR /sys/src/libc/$objtype . +.I Tsmemcmp +is found on +.BR /sys/src/libsec/port/tsmemcmp.c . .SH SEE ALSO .IR strcat (2) .SH BUGS @@ -124,3 +140,8 @@ and .I memmove are handed a negative count, they abort. +.PP +.I Memcmp +should not be used to compare sensitive data as it's vulnerable to timing attacks. Instead, +.I tsmemcmp +should be used.
applied! thanks! -- cinap