Re: CVS commit: src

To: source-changes-d%NetBSD.org@localhost
Subject: Re: CVS commit: src
From: christos%astron.com@localhost (Christos Zoulas)
Date: Thu, 30 Aug 2012 18:44:31 +0000 (UTC)

In article <20120830170609.14DD160534%jupiter.mumble.net@localhost>,
Taylor R Campbell  <campbell+netbsd-source-changes-d%mumble.net@localhost> 
wrote:
>   Date: Thu, 30 Aug 2012 11:44:41 -0400
>   From: christos%zoulas.com@localhost (Christos Zoulas)
>
>   memcmp() does not promise alphabetical sorting. It just promises to do the
>   byte comparison as unsigned so that the results are consistent. It is not
>   complicated to do this at all, for example:
>
>   int
>   consttime_memcmp(const void *s1, const void *s2, size_t n)
>   {
>           int rv = 0, sv = 0;
>           const unsigned char *p1 = s1, *p2 = s2;
>
>           do
>                   if (rv == 0)
>                           rv = *p1++ - *p2++;
>
>Data-dependent branches are totally unacceptable for a routine whose
>sole purpose is to avoid timing side channels.
>
>Are there any applications that both want memcmp semantics and need to
>avoid timing side channels?

How can you tell the difference if both branches execute code that does
exactly the same work?

christos

Follow-Ups:
- Re: CVS commit: src
  - From: Taylor R Campbell
- Re: CVS commit: src
  - From: David Laight

References:
- Re: CVS commit: src
  - From: Christos Zoulas
- Re: CVS commit: src
  - From: Taylor R Campbell

Prev by Date: Re: CVS commit: src
Next by Date: Re: CVS commit: src
Previous by Thread: Re: CVS commit: src
Next by Thread: Re: CVS commit: src
Indexes:

Home | Main Index | Thread Index | Old Index