* [9front] memory(2): mention tsmemcmp @ 2021-04-29 11:40 kemal 2021-04-29 16:32 ` [9front] " kemal 0 siblings, 1 reply; 10+ messages in thread From: kemal @ 2021-04-29 11:40 UTC (permalink / raw) To: 9front diff -r b341860aaa26 sys/man/2/memory --- a/sys/man/2/memory Sun Apr 25 21:49:01 2021 +0200 +++ b/sys/man/2/memory Thu Apr 29 14:38:46 2021 +0300 @@ -24,6 +24,11 @@ .PP .B void* memset(void *s, int c, ulong n) +.PP +.B #include <libsec.h> +.PP +.B +int tsmemcmp(void *s1, void *s2, ulong n) .SH DESCRIPTION These functions operate efficiently on memory areas (arrays of bytes bounded by a count, not terminated by a zero byte). @@ -103,6 +108,11 @@ .IR c . It returns .IR s . +.PP +.I Tsmemcmp +is a variant of +.I memcmp +that is safe against timing attacks. .SH SOURCE All these routines have portable C implementations in .BR /sys/src/libc/port . @@ -124,3 +134,8 @@ and .I memmove are handed a negative count, they abort. +.PP +.I Memcmp +should not be used to compare sensitive data as it's vulnerable to timing attacks. Instead, +.I tsmemcmp +should be used. ^ permalink raw reply [flat|nested] 10+ messages in thread
* [9front] Re: memory(2): mention tsmemcmp 2021-04-29 11:40 [9front] memory(2): mention tsmemcmp kemal @ 2021-04-29 16:32 ` kemal 2021-05-02 10:51 ` cinap_lenrek 0 siblings, 1 reply; 10+ messages in thread From: kemal @ 2021-04-29 16:32 UTC (permalink / raw) To: 9front shit, had a mistake. apply this one instead. diff -r b341860aaa26 sys/man/2/memory --- a/sys/man/2/memory Sun Apr 25 21:49:01 2021 +0200 +++ b/sys/man/2/memory Thu Apr 29 19:30:43 2021 +0300 @@ -1,6 +1,6 @@ .TH MEMORY 2 .SH NAME -memccpy, memchr, memcmp, memcpy, memmove, memset \- memory operations +memccpy, memchr, memcmp, memcpy, memmove, memset, tsmemcmp \- memory operations .SH SYNOPSIS .B #include <u.h> .br @@ -24,6 +24,11 @@ .PP .B void* memset(void *s, int c, ulong n) +.PP +.B #include <libsec.h> +.PP +.B +int tsmemcmp(void *s1, void *s2, ulong n) .SH DESCRIPTION These functions operate efficiently on memory areas (arrays of bytes bounded by a count, not terminated by a zero byte). @@ -103,6 +108,11 @@ .IR c . It returns .IR s . +.PP +.I Tsmemcmp +is a variant of +.I memcmp +that is safe against timing attacks. .SH SOURCE All these routines have portable C implementations in .BR /sys/src/libc/port . @@ -124,3 +134,8 @@ and .I memmove are handed a negative count, they abort. +.PP +.I Memcmp +should not be used to compare sensitive data as it's vulnerable to timing attacks. Instead, +.I tsmemcmp +should be used. ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [9front] Re: memory(2): mention tsmemcmp 2021-04-29 16:32 ` [9front] " kemal @ 2021-05-02 10:51 ` cinap_lenrek 2021-05-02 14:21 ` kemal 0 siblings, 1 reply; 10+ messages in thread From: cinap_lenrek @ 2021-05-02 10:51 UTC (permalink / raw) To: 9front I think it should be explained how it works. Basically, tsmemcmp always reads all the bytes and does NOT stop early when it sees a difference. That makes its runtime only a function of N, not the contents of the data so here can be no information gathered about the data from measuring its runtime behaviour or cache side-effects. -- cinap ^ permalink raw reply [flat|nested] 10+ messages in thread
* [9front] Re: memory(2): mention tsmemcmp 2021-05-02 10:51 ` cinap_lenrek @ 2021-05-02 14:21 ` kemal 2021-05-04 10:40 ` umbraticus 0 siblings, 1 reply; 10+ messages in thread From: kemal @ 2021-05-02 14:21 UTC (permalink / raw) To: 9front OK, added an explanation. diff -r 47a307f91238 sys/man/2/memory --- a/sys/man/2/memory Fri Apr 30 00:20:39 2021 +0200 +++ b/sys/man/2/memory Sun May 02 17:20:35 2021 +0300 @@ -1,6 +1,6 @@ .TH MEMORY 2 .SH NAME -memccpy, memchr, memcmp, memcpy, memmove, memset \- memory operations +memccpy, memchr, memcmp, memcpy, memmove, memset, tsmemcmp \- memory operations .SH SYNOPSIS .B #include <u.h> .br @@ -24,6 +24,11 @@ .PP .B void* memset(void *s, int c, ulong n) +.PP +.B #include <libsec.h> +.PP +.B +int tsmemcmp(void *s1, void *s2, ulong n) .SH DESCRIPTION These functions operate efficiently on memory areas (arrays of bytes bounded by a count, not terminated by a zero byte). @@ -103,11 +108,22 @@ .IR c . It returns .IR s . +.PP +.I Tsmemcmp +is a variant of +.I memcmp +that is safe against timing attacks. +It does not stop when it sees a difference, this way it's runtime is function of +.I n +and not something that can lead clues to attackers. .SH SOURCE All these routines have portable C implementations in .BR /sys/src/libc/port . Most also have machine-dependent assembly language implementations in .BR /sys/src/libc/$objtype . +.I Tsmemcmp +is found on +.BR /sys/src/libsec/port/tsmemcmp.c . .SH SEE ALSO .IR strcat (2) .SH BUGS @@ -124,3 +140,8 @@ and .I memmove are handed a negative count, they abort. +.PP +.I Memcmp +should not be used to compare sensitive data as it's vulnerable to timing attacks. Instead, +.I tsmemcmp +should be used. ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [9front] Re: memory(2): mention tsmemcmp 2021-05-02 14:21 ` kemal @ 2021-05-04 10:40 ` umbraticus 2021-05-09 13:10 ` cinap_lenrek 0 siblings, 1 reply; 10+ messages in thread From: umbraticus @ 2021-05-04 10:40 UTC (permalink / raw) To: 9front Thanks. Just fixed your itses and suggested some mild improvements to the wording below. diff -r 47a307f91238 sys/man/2/memory --- a/sys/man/2/memory Fri Apr 30 00:20:39 2021 +0200 +++ b/sys/man/2/memory Sun May 02 17:20:35 2021 +0300 @@ -1,6 +1,6 @@ .TH MEMORY 2 .SH NAME -memccpy, memchr, memcmp, memcpy, memmove, memset \- memory operations +memccpy, memchr, memcmp, memcpy, memmove, memset, tsmemcmp \- memory operations .SH SYNOPSIS .B #include <u.h> .br @@ -24,6 +24,11 @@ .PP .B void* memset(void *s, int c, ulong n) +.PP +.B #include <libsec.h> +.PP +.B +int tsmemcmp(void *s1, void *s2, ulong n) .SH DESCRIPTION These functions operate efficiently on memory areas (arrays of bytes bounded by a count, not terminated by a zero byte). @@ -103,11 +108,22 @@ .IR c . It returns .IR s . +.PP +.I Tsmemcmp +is a variant of +.I memcmp +that is safe against timing attacks. +It does not stop when it sees a difference, +so that its runtime is a function of +.I n +and not something that can give an attacker clues. .SH SOURCE All these routines have portable C implementations in .BR /sys/src/libc/port . Most also have machine-dependent assembly language implementations in .BR /sys/src/libc/$objtype . +.I Tsmemcmp +is found at +.BR /sys/src/libsec/port/tsmemcmp.c . .SH SEE ALSO .IR strcat (2) .SH BUGS @@ -124,3 +140,8 @@ and .I memmove are handed a negative count, they abort. +.PP +.I Memcmp +should not be used to compare sensitive data, +as it is vulnerable to timing attacks. +Instead, +.I tsmemcmp +should be used. ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [9front] Re: memory(2): mention tsmemcmp 2021-05-04 10:40 ` umbraticus @ 2021-05-09 13:10 ` cinap_lenrek 2021-05-09 15:25 ` kemal 0 siblings, 1 reply; 10+ messages in thread From: cinap_lenrek @ 2021-05-09 13:10 UTC (permalink / raw) To: 9front sorry, this patch doesnt apply to me. patching file `sys/man/2/memory' patch: **** malformed patch at line 47: .SH BUGS -- cinap ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [9front] Re: memory(2): mention tsmemcmp 2021-05-09 13:10 ` cinap_lenrek @ 2021-05-09 15:25 ` kemal 2021-05-09 16:10 ` hiro 0 siblings, 1 reply; 10+ messages in thread From: kemal @ 2021-05-09 15:25 UTC (permalink / raw) To: 9front > sorry, this patch doesnt apply to me. huh? i just generate it with `hg diff /sys/man/2/memory`. how come it's malformed? is there any better way to generate patches? ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [9front] Re: memory(2): mention tsmemcmp 2021-05-09 15:25 ` kemal @ 2021-05-09 16:10 ` hiro 2021-05-09 19:17 ` kemal 0 siblings, 1 reply; 10+ messages in thread From: hiro @ 2021-05-09 16:10 UTC (permalink / raw) To: 9front just add the patch as an attachment instead of inline. maybe your mail client won't mangle it then :) On 5/9/21, kemal <kemalinanc8@gmail.com> wrote: >> sorry, this patch doesnt apply to me. > > huh? i just generate it with `hg diff /sys/man/2/memory`. how come > it's malformed? > is there any better way to generate patches? > ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [9front] Re: memory(2): mention tsmemcmp 2021-05-09 16:10 ` hiro @ 2021-05-09 19:17 ` kemal 2021-05-15 10:40 ` cinap_lenrek 0 siblings, 1 reply; 10+ messages in thread From: kemal @ 2021-05-09 19:17 UTC (permalink / raw) To: 9front [-- Attachment #1: Type: text/plain, Size: 226 bytes --] > just add the patch as an attachment instead of inline. maybe your mail > client won't mangle it then :) oh, right. also i couldn't manage to setup smtp on 9 and i have to use this shitty gmail web client, somebody help me. [-- Attachment #2: a --] [-- Type: application/octet-stream, Size: 1459 bytes --] diff -r 5c3701c99ef7 sys/man/2/memory --- a/sys/man/2/memory Tue May 04 15:32:35 2021 +0200 +++ b/sys/man/2/memory Sun May 09 22:10:05 2021 +0300 @@ -1,6 +1,6 @@ .TH MEMORY 2 .SH NAME -memccpy, memchr, memcmp, memcpy, memmove, memset \- memory operations +memccpy, memchr, memcmp, memcpy, memmove, memset, tsmemcmp \- memory operations .SH SYNOPSIS .B #include <u.h> .br @@ -24,6 +24,11 @@ .PP .B void* memset(void *s, int c, ulong n) +.PP +.B #include <libsec.h> +.PP +.B +int tsmemcmp(void *s1, void *s2, ulong n) .SH DESCRIPTION These functions operate efficiently on memory areas (arrays of bytes bounded by a count, not terminated by a zero byte). @@ -103,11 +108,22 @@ .IR c . It returns .IR s . +.PP +.I Tsmemcmp +is a variant of +.I memcmp +that is safe against timing attacks. +It does not stop when it sees a difference, this way it's runtime is function of +.I n +and not something that can lead clues to attackers. .SH SOURCE All these routines have portable C implementations in .BR /sys/src/libc/port . Most also have machine-dependent assembly language implementations in .BR /sys/src/libc/$objtype . +.I Tsmemcmp +is found on +.BR /sys/src/libsec/port/tsmemcmp.c . .SH SEE ALSO .IR strcat (2) .SH BUGS @@ -124,3 +140,8 @@ and .I memmove are handed a negative count, they abort. +.PP +.I Memcmp +should not be used to compare sensitive data as it's vulnerable to timing attacks. Instead, +.I tsmemcmp +should be used. ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [9front] Re: memory(2): mention tsmemcmp 2021-05-09 19:17 ` kemal @ 2021-05-15 10:40 ` cinap_lenrek 0 siblings, 0 replies; 10+ messages in thread From: cinap_lenrek @ 2021-05-15 10:40 UTC (permalink / raw) To: 9front applied! thanks! -- cinap ^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2021-05-15 10:51 UTC | newest] Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2021-04-29 11:40 [9front] memory(2): mention tsmemcmp kemal 2021-04-29 16:32 ` [9front] " kemal 2021-05-02 10:51 ` cinap_lenrek 2021-05-02 14:21 ` kemal 2021-05-04 10:40 ` umbraticus 2021-05-09 13:10 ` cinap_lenrek 2021-05-09 15:25 ` kemal 2021-05-09 16:10 ` hiro 2021-05-09 19:17 ` kemal 2021-05-15 10:40 ` cinap_lenrek
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).