Page MenuHomeFreeBSD

Add timingsafe_bcmp and timingsafe_memcmp.
ClosedPublic

Authored by delphij on Jul 22 2016, 7:49 AM.

Details

Summary

Add timingsafe_bcmp and timingsafe_memcmp.

Obtained from: OpenBSD
MFC after: 1 month

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

delphij retitled this revision from to Add timingsafe_bcmp and timingsafe_memcmp..
delphij updated this object.
delphij edited the test plan for this revision. (Show Details)
delphij added reviewers: jmg, trasz.
delphij edited edge metadata.

Fix typo.

delphij edited edge metadata.

Style in manpage.

I hate to bikeshed, but did we do any research on what names are used for constant-time functions elsewhere than OpenBSD?
Somehow I had the impression that a constant_time_ prefix was in use several places, though maybe that's just OpenSSL..

lib/libc/string/timingsafe_bcmp.3
18 ↗(On Diff #18656)

Is this a target merge date? ;)

66 ↗(On Diff #18656)

I slightly worry that future advances in compiler optimizers will make these semantics hard to support, but have no real objection.

I wonder if it makes more sense to write this in asm than in C? Can we add
explicit "volatile" mentions here to ensure that optimizations don't occur?
If we can't write in asm, can we write a unit test to ensure the asm does
not get optimized out?

trasz edited edge metadata.
This revision is now accepted and ready to land.Jul 23 2016, 7:15 AM
In D7280#151588, @bjk wrote:

I hate to bikeshed, but did we do any research on what names are used for constant-time functions elsewhere than OpenBSD?
Somehow I had the impression that a constant_time_ prefix was in use several places, though maybe that's just OpenSSL..

Yes, but we already adopted timingsafe_bcmp in kernel...

delphij added inline comments.
lib/libc/string/timingsafe_bcmp.3
18 ↗(On Diff #18656)

Yes.

66 ↗(On Diff #18656)

That's possible, but I think we can always hint compiler not to optimize a select subset of library functions when this become a problem?

This revision was automatically updated to reflect the committed changes.
delphij marked an inline comment as done.