Re: [PATCH] crypto_mem_not_equal: add constant-time equality testing of memory regions

On 09/19/2013 02:13 AM, James Yonan wrote: [...] We can easily specify -Os in the Makefile rather than depending on #pragma optimize or __attribute__ optimize if they are considered broken. Re: arch/*/crypto/... asm, not sure it's worth it given the extra effort to develop, test, and maintain

Re: [PATCH] crypto_mem_not_equal: add constant-time equality testing of memory regions

On 17/09/2013 13:07, Daniel Borkmann wrote: On 09/16/2013 07:10 PM, James Yonan wrote: On 16/09/2013 01:56, Daniel Borkmann wrote: On 09/15/2013 06:59 PM, James Yonan wrote: On 15/09/2013 09:45, Florian Weimer wrote: * James Yonan: + * Constant-time equality testing of memory regions. + *

Re: [PATCH] crypto_mem_not_equal: add constant-time equality testing of memory regions

On 09/16/2013 07:10 PM, James Yonan wrote: On 16/09/2013 01:56, Daniel Borkmann wrote: On 09/15/2013 06:59 PM, James Yonan wrote: On 15/09/2013 09:45, Florian Weimer wrote: * James Yonan: + * Constant-time equality testing of memory regions. + * Returns 0 when data is equal, non-zero

Re: [PATCH] crypto_mem_not_equal: add constant-time equality testing of memory regions

On 09/15/2013 06:59 PM, James Yonan wrote: On 15/09/2013 09:45, Florian Weimer wrote: * James Yonan: + * Constant-time equality testing of memory regions. + * Returns 0 when data is equal, non-zero otherwise. + * Fast path if size == 16. + */ +noinline unsigned long crypto_mem_not_equal(const

Re: [PATCH] crypto_mem_not_equal: add constant-time equality testing of memory regions

On 16/09/2013 01:56, Daniel Borkmann wrote: On 09/15/2013 06:59 PM, James Yonan wrote: On 15/09/2013 09:45, Florian Weimer wrote: * James Yonan: + * Constant-time equality testing of memory regions. + * Returns 0 when data is equal, non-zero otherwise. + * Fast path if size == 16. + */

Re: [PATCH] crypto_mem_not_equal: add constant-time equality testing of memory regions

* James Yonan: noinline unsigned long __crypto_mem_not_equal(const void *a, const void *b, size_t size); static inline int crypto_mem_not_equal(const void *a, const void *b, size_t size) { return __crypto_mem_not_equal(a, b, size) != 0UL ? 1 : 0; } This hides the fact that we are

[PATCH] crypto_mem_not_equal: add constant-time equality testing of memory regions

When comparing MAC hashes, AEAD authentication tags, or other hash values in the context of authentication or integrity checking, it is important not to leak timing information to a potential attacker. Bytewise memory comparisons (such as memcmp) are usually optimized so that they return a

Re: [PATCH] crypto_mem_not_equal: add constant-time equality testing of memory regions

* James Yonan: + * Constant-time equality testing of memory regions. + * Returns 0 when data is equal, non-zero otherwise. + * Fast path if size == 16. + */ +noinline unsigned long crypto_mem_not_equal(const void *a, const void *b, size_t size) I think this should really return unsigned

Re: [PATCH] crypto_mem_not_equal: add constant-time equality testing of memory regions

On 15/09/2013 09:45, Florian Weimer wrote: * James Yonan: + * Constant-time equality testing of memory regions. + * Returns 0 when data is equal, non-zero otherwise. + * Fast path if size == 16. + */ +noinline unsigned long crypto_mem_not_equal(const void *a, const void *b, size_t size) I