| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <5119777E.6030005@iogearbox.net> Date: Mon, 11 Feb 2013 23:58:06 +0100 From: Daniel Borkmann <borkmann@...earbox.net> To: Florian Weimer <fw@...eb.enyo.de> CC: gregkh@...uxfoundation.org, akpm@...ux-foundation.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH] lib: memcmp_nta: add timing-attack secure memcmp On 02/11/2013 08:00 PM, Florian Weimer wrote: > * Daniel Borkmann: Thanks for your feedback, Florian! >> + * memcmp_nta - memcmp that is secure against timing attacks > > It's not providing an ordering, so it should not have "cmp" in the > name. I agree. What would you suggest? Probably, it would make sense to integrate this into the Linux crypto API and name it sth like ... crypto_mem_verify(const void *,const void *,__kernel_size_t) ... which returns: == 0 - mem regions equal each other != 0 - mem regions do not equal each other >> + for (su1 = cs, su2 = ct; 0 < count; ++su1, ++su2, count--) >> + res |= (*su1 ^ *su2); > > The compiler could still short-circuit this loop. Unlikely at > present, but this looks like a maintenance hazard. So then better we leave out '|' as a possible candidate and rewrite it as: + for (su1 = cs, su2 = ct; 0 < count; ++su1, ++su2, count--) + res += (*su1 ^ *su2); -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists