On 02/11/2013 08:00 PM, Florian Weimer wrote: > * Daniel Borkmann:
Thanks for your feedback, Florian! >> + * memcmp_nta - memcmp that is secure against timing attacks > > It's not providing an ordering, so it should not have "cmp" in the > name. I agree. What would you suggest? Probably, it would make sense to integrate this into the Linux crypto API and name it sth like ... crypto_mem_verify(const void *,const void *,__kernel_size_t) ... which returns: == 0 - mem regions equal each other != 0 - mem regions do not equal each other >> + for (su1 = cs, su2 = ct; 0 < count; ++su1, ++su2, count--) >> + res |= (*su1 ^ *su2); > > The compiler could still short-circuit this loop. Unlikely at > present, but this looks like a maintenance hazard. So then better we leave out '|' as a possible candidate and rewrite it as: + for (su1 = cs, su2 = ct; 0 < count; ++su1, ++su2, count--) + res += (*su1 ^ *su2); -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
