From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.1 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU,MAILING_LIST_MULTI,T_SCC_BODY_TEXT_LINE autolearn=ham
	autolearn_force=no version=3.4.4
Received: (qmail 24271 invoked from network); 28 May 2023 10:13:44 -0000
Received: from second.openwall.net (193.110.157.125)
  by inbox.vuxu.org with ESMTPUTF8; 28 May 2023 10:13:44 -0000
Received: (qmail 26293 invoked by uid 550); 28 May 2023 10:13:39 -0000
Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm
Precedence: bulk
List-Post: <mailto:musl@lists.openwall.com>
List-Help: <mailto:musl-help@lists.openwall.com>
List-Unsubscribe: <mailto:musl-unsubscribe@lists.openwall.com>
List-Subscribe: <mailto:musl-subscribe@lists.openwall.com>
List-ID: <musl.lists.openwall.com>
Reply-To: musl@lists.openwall.com
Received: (qmail 26257 invoked from network); 28 May 2023 10:13:38 -0000
X-Virus-Scanned: SPAM Filter at disroot.org
Date: Sun, 28 May 2023 16:13:18 +0600
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=disroot.org; s=mail;
	t=1685268805; bh=7ufQ5/x2o+50Dn8dF97cSz3jW63rN52Q7w3E1E+sEzU=;
	h=Date:From:To:Subject:References:In-Reply-To;
	b=emOHwjvbT4YrpG5jo4jkYrex+A9LkU9c1CPG6VHO4wl1JM5Rt3JKrwuB2FytSw+0F
	 vvFt66OMpvudaXxRoe+FPvFHgKm5sVrcr2++wMi13oA2sSEFqKnFVSoeQkRVs5xx/S
	 XLVQ/eetvaNe4KQswYuDhSRd0E41+jh1QR4edXx+u6FxNapDR2GPBZgjv3jsxqcGzN
	 Neoo90wVk1+jRRHj1MNdU2CJyAAm6Ob4zqbYXlDV792jJu0l4I1atH0TM8Tg1+T9/i
	 A0cqFl0RVB+L1I39xmvuJSX8BzbUeePjSorKiTZJoFFhV+SSLJxYjpnSb0sbvyxUj3
	 lwr2l1hsB9EiQ==
From: NRK <nrk@disroot.org>
To: musl@lists.openwall.com
Message-ID: <20230528101318.qewkay4z7s3bdj46@gen2.localdomain>
References: <cover.1684932960.git.Jens.Gustedt@inria.fr>
 <b1a510c14f340b855a5900178e0191891751c8fa.1684932960.git.Jens.Gustedt@inria.fr>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <b1a510c14f340b855a5900178e0191891751c8fa.1684932960.git.Jens.Gustedt@inria.fr>
Subject: Re: [musl] [C23 string conversion 1/3] C23: add the new
 memset_explicit function

Hi Jens,

On Fri, May 26, 2023 at 11:25:43AM +0200, Jens Gustedt wrote:
> By having a slow bytewise copy, we intent also to have predictable
> timing, such that we can avoid side-channel attacks.

I don't believe `volatile` provides any guarantee of emitting
constant-time operations (which can be CPU dependent). But even if it
happens to work out in practice, from a user/non-cryptographer's
perspective, I feel like claims like "avoiding side-channel attacks"
needs much more substantiation than just slapping a `volatile` on top of
a pointer.

But as I've said, not a cryptographer, so please *do* correct me if I'm
wrong or am being unnecessarily paranoid.

P.S: even if the claim is correct, other major implementation would also
have to agree to provide such guarantee in a documented manner for this
to be useful to the users. Otherwise, users will have to resort to
hard-coded libc checks or simply not rely on this property at all.

- NRK