tech-userlevel archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: New function: consttime_memcmp(3)

Taylor R Campbell wrote:
>    Date: Mon, 16 Mar 2015 01:58:19 +0100
>    From: "Kamil Rytarowski" <>
>    I'm attaching a patch against current adding a new libc and
>    kernel function: consttime_memcmp(3). The code is borrowed
>    from OpenBSD timingsafe_memcmp(3) [1].
> Why?  What do you want to use this for?

My personal use-case is playing with the code from src/lib/libssl (applies for LibreSSL), which comes from OpenBSD.

grep -r timingsafe_memcmp src/lib/libssl

./src/ssl/d1_pkt.c:		if (i < 0 || mac == NULL || timingsafe_memcmp(md, mac, (size_t)mac_size) != 0)
./src/ssl/s3_both.c:	if (timingsafe_memcmp(p, s->s3->tmp.peer_finish_md, md_len) != 0) {
./src/ssl/s3_clnt.c:	    timingsafe_memcmp(p, s->session->session_id, j) == 0) {
./src/ssl/s3_clnt.c:		    timingsafe_memcmp(s->session->sid_ctx,
./src/ssl/s3_pkt.c:		    timingsafe_memcmp(md, mac, (size_t)mac_size) != 0)
./src/ssl/s3_srvr.c:			} else if (timingsafe_memcmp(s->d1->rcvd_cookie, s->d1->cookie,
./src/ssl/ssl_lib.c:	if (timingsafe_memcmp(a->session_id, b->session_id, a->session_id_length) != 0)
./src/ssl/ssl_sess.c:	    timingsafe_memcmp(ret->sid_ctx,
./src/ssl/t1_lib.c:		if (timingsafe_memcmp(etick, tctx->tlsext_tick_key_name, 16))
./src/ssl/t1_lib.c:	if (timingsafe_memcmp(tick_hmac, etick + eticklen, mlen)) {
./src/ssl/t1_reneg.c:	if (timingsafe_memcmp(d, s->s3->previous_client_finished,
./src/ssl/t1_reneg.c:	if (timingsafe_memcmp(d, s->s3->previous_client_finished,
./src/ssl/t1_reneg.c:	if (timingsafe_memcmp(d, s->s3->previous_server_finished,

Instead of having a local copy or redesigning the code flow, I'm proposing the function to add to the base.

It's already stripped from the full behavior of memcmp(3), it works more like strcmp(3) for lexicographical ordering and I was considering to name it consttime_strcmp, however it takes the usual parameters for memcmp(3).

Home | Main Index | Thread Index | Old Index