[src/trunk]: src/lib/libc/string Add man pages and xrefs for consttime_bcmp a...

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/trunk]: src/lib/libc/string Add man pages and xrefs for consttime_bcmp a...
From: riastradh <riastradh%NetBSD.org@localhost>
Date: Tue, 07 Apr 2020 00:47:14 +0000
details:   https://anonhg.NetBSD.org/src/rev/c26229ed47b7
branches:  trunk
changeset: 787556:c26229ed47b7
user:      riastradh <riastradh%NetBSD.org@localhost>
date:      Sun Jun 23 16:44:06 2013 +0000

description:
Add man pages and xrefs for consttime_bcmp and explicit_bzero.

ok wiz

diffstat:

 lib/libc/string/consttime_bcmp.3 |  88 ++++++++++++++++++++++++++++++++++++++++
 lib/libc/string/explicit_bzero.3 |  75 ++++++++++++++++++++++++++++++++++
 lib/libc/string/memcmp.3         |  14 +++++-
 lib/libc/string/memset.3         |  13 +++++-
 4 files changed, 186 insertions(+), 4 deletions(-)

diffs (238 lines):

diff -r 7e7b1e08a2cc -r c26229ed47b7 lib/libc/string/consttime_bcmp.3
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/lib/libc/string/consttime_bcmp.3  Sun Jun 23 16:44:06 2013 +0000
@@ -0,0 +1,88 @@
+.\"    $NetBSD: consttime_bcmp.3,v 1.1 2013/06/23 16:44:06 riastradh Exp $
+.\"
+.\" Copyright (c) 2013 The NetBSD Foundation, Inc.
+.\" All rights reserved.
+.\"
+.\" This documentation is derived from text contributed to The NetBSD
+.\" Foundation by Taylor R. Campbell.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+.\" POSSIBILITY OF SUCH DAMAGE.
+.\"
+.Dd June 23, 2013
+.Dt CONSTTIME_BCMP 3
+.Os
+.Sh NAME
+.Nm consttime_bcmp
+.Nd compare byte strings for equality without timing leaks
+.Sh LIBRARY
+.Lb libc
+.Sh SYNOPSIS
+.In string.h
+.Ft int
+.Fn consttime_bcmp "void *b1" "void *b2" "size_t len"
+.Sh DESCRIPTION
+The
+.Fn consttime_bcmp
+function compares
+.Fa len
+bytes of memory at
+.Fa b1
+and
+.Fa b2
+for equality, returning zero if they are identical and nonzero
+otherwise.
+.Pp
+The time taken by
+.Fn consttime_bcmp
+depends on
+.Fa len ,
+but not on the data at
+.Fa b1
+or
+.Fa b2 .
+Thus,
+.Fn consttime_bcmp
+is appropriate for comparing cryptographic secrets, hashes, message
+authentication codes, etc., without leaking information about them
+through a timing side channel.
+In crypto literature,
+.Fn consttime_bcmp
+is said to take
+.Sq constant time ,
+meaning time that does not vary depending on the data it processes.
+.Pp
+Note that unlike
+.Xr memcmp 3 ,
+.Fn consttime_bcmp
+does not return a lexicographic ordering on the data at
+.Fa b1
+and
+.Fa b2 ;
+it tells only whether they are equal.
+.Sh SEE ALSO
+.Xr explicit_bzero 3 ,
+.Xr memcmp 3
+.Sh HISTORY
+The
+.Fn consttime_bcmp
+function appeared in
+.Nx 7.0 .
diff -r 7e7b1e08a2cc -r c26229ed47b7 lib/libc/string/explicit_bzero.3
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/lib/libc/string/explicit_bzero.3  Sun Jun 23 16:44:06 2013 +0000
@@ -0,0 +1,75 @@
+.\"    $NetBSD: explicit_bzero.3,v 1.1 2013/06/23 16:44:06 riastradh Exp $
+.\"
+.\" Copyright (c) 2013 The NetBSD Foundation, Inc.
+.\" All rights reserved.
+.\"
+.\" This documentation is derived from text contributed to The NetBSD
+.\" Foundation by Taylor R. Campbell.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+.\" POSSIBILITY OF SUCH DAMAGE.
+.\"
+.Dd June 23, 2013
+.Dt EXPLICIT_BZERO 3
+.Os
+.Sh NAME
+.Nm explicit_bzero
+.Nd guarantee zeroing a buffer in memory
+.Sh LIBRARY
+.Lb libc
+.Sh SYNOPSIS
+.In string.h
+.Ft void
+.Fn explicit_bzero "void *ptr" "size_t len"
+.Sh DESCRIPTION
+The
+.Fn explicit_bzero
+function writes
+.Fa len
+zero bytes to the memory pointed to by
+.Fa ptr .
+It is guaranteed not to be optimized away by the compiler even if
+.Fa ptr
+is no longer used and is about to be freed or go out of scope.
+.Sh EXAMPLES
+Create a buffer on the stack for a secret key, use it, and then zero it
+in memory before throwing it away.
+.Bd -literal -offset indent
+void
+f(void)
+{
+       uint8_t key[32];
+
+       crypto_random(key, sizeof(key));
+       do_crypto_stuff(key, sizeof(key));
+       \&...
+
+       explicit_bzero(key, sizeof(key));
+}
+.Ed
+.Sh SEE ALSO
+.Xr consttime_bcmp 3 ,
+.Xr memset 3
+.Sh HISTORY
+The
+.Fn explicit_bzero
+function appeared in
+.Nx 7.0 .
diff -r 7e7b1e08a2cc -r c26229ed47b7 lib/libc/string/memcmp.3
--- a/lib/libc/string/memcmp.3  Sun Jun 23 13:56:01 2013 +0000
+++ b/lib/libc/string/memcmp.3  Sun Jun 23 16:44:06 2013 +0000
@@ -30,9 +30,9 @@
 .\" SUCH DAMAGE.
 .\"
 .\"     from: @(#)memcmp.3     8.1 (Berkeley) 6/4/93
-.\"    $NetBSD: memcmp.3,v 1.9 2003/08/07 16:43:48 agc Exp $
+.\"    $NetBSD: memcmp.3,v 1.10 2013/06/23 16:44:06 riastradh Exp $
 .\"
-.Dd June 4, 1993
+.Dd June 23, 2013
 .Dt MEMCMP 3
 .Os
 .Sh NAME
@@ -67,8 +67,18 @@
 .Sq Li \&\e0 ,
 for example).
 Zero-length strings are always identical.
+.Pp
+Do not use
+.Fn memcmp
+to compare cryptographic secrets, because the time it takes varies
+depending on how many bytes are the same, and thus leaks information
+about the two strings by a timing side channel.
+To compare secrets, hashes, message authentication codes, etc., use
+.Xr consttime_bcmp 3
+instead.
 .Sh SEE ALSO
 .Xr bcmp 3 ,
+.Xr consttime_bcmp 3 ,
 .Xr strcasecmp 3 ,
 .Xr strcmp 3 ,
 .Xr strcoll 3 ,
diff -r 7e7b1e08a2cc -r c26229ed47b7 lib/libc/string/memset.3
--- a/lib/libc/string/memset.3  Sun Jun 23 13:56:01 2013 +0000
+++ b/lib/libc/string/memset.3  Sun Jun 23 16:44:06 2013 +0000
@@ -30,9 +30,9 @@
 .\" SUCH DAMAGE.
 .\"
 .\"     from: @(#)memset.3     8.1 (Berkeley) 6/4/93
-.\"    $NetBSD: memset.3,v 1.9 2003/08/07 16:43:49 agc Exp $
+.\"    $NetBSD: memset.3,v 1.10 2013/06/23 16:44:06 riastradh Exp $
 .\"
-.Dd June 4, 1993
+.Dd June 23, 2013
 .Dt MEMSET 3
 .Os
 .Sh NAME
@@ -60,8 +60,17 @@
 function
 returns the original value of
 .Fa b .
+.Pp
+Note that the compiler may optimize away a call to
+.Fn memset
+if it can prove that the string will not be used by the program again,
+for example if it is allocated on the stack and about to out of scope.
+If you want to guarantee that zeros are written to memory, for example
+to sanitize a buffer holding a cryptographic secret, use
+.Xr explicit_bzero .
 .Sh SEE ALSO
 .Xr bzero 3 ,
+.Xr explicit_bzero 3 ,
 .Xr swab 3
 .Sh STANDARDS
 The
Prev by Date: [src/trunk]: src/lib/libutil Put code example on its own line, using Dl.
Next by Date: [src/trunk]: src/sys/arch/evbarm/stand Add -fno-unwind-tables
Previous by Thread: [src/trunk]: src/lib/libutil Put code example on its own line, using Dl.
Next by Thread: [src/trunk]: src/sys/arch/evbarm/stand Add -fno-unwind-tables
Indexes:
Home | Main Index | Thread Index | Old Index