tech-userlevel archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: constant-time comparison and guaranteed zeroing bikeshed

In article <>,
Taylor R Campbell  <> wrote:
>(I am not subscribed to this list, so please cc me in replies.)
>Last year, drochner@ introduced consttime_bcmp and explicit_bzero to
>support constant-time comparison of cryptographic secrets and zeroing
>of buffers guaranteed not to be optimized away by the compiler.
>christos@ objected to creating new APIs based on the deprecated bcmp /
>bzero family, so these ended up with a double-underscore prefix in
>userland as if to ward off incautious users.
>I have been using these in-kernel and assumed without thinking that
>they were also available in userland when I kinda jumped the gun and
>made section 3 man page references to them and then renamed them
>according to christos's objections.  With apologies for jumping the
>gun like that, these changes should be discussed here.  We could do
>several things:
>1. Go back to the way things were -- __consttime_bcmp/__explicit_bzero
>in libc, consttime_bcmp/explicit_bzero in kernel, and move the man
>pages into section 9 -- against christos's objection.
>2. Use __consttime_memequal/__explicit_memset in userland,
>consttime_memequal/explicit_memset in kernel, and move the man pages
>into section 9.
>3. Use consttime_memequal/explicit_memset in userland and kernel,
>expose them as a public part of libc, and keep the man pages in
>section 3.  This would presumably require the rigamarole of making the
>libc symbols weak with internal namespacing wotsits.
>4. Teal with maroon trim and a great big red door.
>Thoughts?  I am inclined to suggest 3, but there may be issues I am
>not aware of with it.

My vote is also 3.


Home | Main Index | Thread Index | Old Index