Module Name: src
Committed By: riastradh
Date: Sun Jun 23 16:44:06 UTC 2013
Modified Files:
src/lib/libc/string: memcmp.3 memset.3
Added Files:
src/lib/libc/string: consttime_bcmp.3 explicit_bzero.3
Log Message:
Add man pages and xrefs for consttime_bcmp and explicit_bzero.
ok wiz
To generate a diff of this commit:
cvs rdiff -u -r0 -r1.1 src/lib/libc/string/consttime_bcmp.3 \
src/lib/libc/string/explicit_bzero.3
cvs rdiff -u -r1.9 -r1.10 src/lib/libc/string/memcmp.3 \
src/lib/libc/string/memset.3
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/lib/libc/string/memcmp.3
diff -u src/lib/libc/string/memcmp.3:1.9 src/lib/libc/string/memcmp.3:1.10
--- src/lib/libc/string/memcmp.3:1.9 Thu Aug 7 16:43:48 2003
+++ src/lib/libc/string/memcmp.3 Sun Jun 23 16:44:06 2013
@@ -30,9 +30,9 @@
.\" SUCH DAMAGE.
.\"
.\" from: @(#)memcmp.3 8.1 (Berkeley) 6/4/93
-.\" $NetBSD: memcmp.3,v 1.9 2003/08/07 16:43:48 agc Exp $
+.\" $NetBSD: memcmp.3,v 1.10 2013/06/23 16:44:06 riastradh Exp $
.\"
-.Dd June 4, 1993
+.Dd June 23, 2013
.Dt MEMCMP 3
.Os
.Sh NAME
@@ -67,8 +67,18 @@ is greater than
.Sq Li \&\e0 ,
for example).
Zero-length strings are always identical.
+.Pp
+Do not use
+.Fn memcmp
+to compare cryptographic secrets, because the time it takes varies
+depending on how many bytes are the same, and thus leaks information
+about the two strings by a timing side channel.
+To compare secrets, hashes, message authentication codes, etc., use
+.Xr consttime_bcmp 3
+instead.
.Sh SEE ALSO
.Xr bcmp 3 ,
+.Xr consttime_bcmp 3 ,
.Xr strcasecmp 3 ,
.Xr strcmp 3 ,
.Xr strcoll 3 ,
Index: src/lib/libc/string/memset.3
diff -u src/lib/libc/string/memset.3:1.9 src/lib/libc/string/memset.3:1.10
--- src/lib/libc/string/memset.3:1.9 Thu Aug 7 16:43:49 2003
+++ src/lib/libc/string/memset.3 Sun Jun 23 16:44:06 2013
@@ -30,9 +30,9 @@
.\" SUCH DAMAGE.
.\"
.\" from: @(#)memset.3 8.1 (Berkeley) 6/4/93
-.\" $NetBSD: memset.3,v 1.9 2003/08/07 16:43:49 agc Exp $
+.\" $NetBSD: memset.3,v 1.10 2013/06/23 16:44:06 riastradh Exp $
.\"
-.Dd June 4, 1993
+.Dd June 23, 2013
.Dt MEMSET 3
.Os
.Sh NAME
@@ -60,8 +60,17 @@ The
function
returns the original value of
.Fa b .
+.Pp
+Note that the compiler may optimize away a call to
+.Fn memset
+if it can prove that the string will not be used by the program again,
+for example if it is allocated on the stack and about to out of scope.
+If you want to guarantee that zeros are written to memory, for example
+to sanitize a buffer holding a cryptographic secret, use
+.Xr explicit_bzero .
.Sh SEE ALSO
.Xr bzero 3 ,
+.Xr explicit_bzero 3 ,
.Xr swab 3
.Sh STANDARDS
The
Added files:
Index: src/lib/libc/string/consttime_bcmp.3
diff -u /dev/null src/lib/libc/string/consttime_bcmp.3:1.1
--- /dev/null Sun Jun 23 16:44:06 2013
+++ src/lib/libc/string/consttime_bcmp.3 Sun Jun 23 16:44:06 2013
@@ -0,0 +1,88 @@
+.\" $NetBSD: consttime_bcmp.3,v 1.1 2013/06/23 16:44:06 riastradh Exp $
+.\"
+.\" Copyright (c) 2013 The NetBSD Foundation, Inc.
+.\" All rights reserved.
+.\"
+.\" This documentation is derived from text contributed to The NetBSD
+.\" Foundation by Taylor R. Campbell.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+.\" POSSIBILITY OF SUCH DAMAGE.
+.\"
+.Dd June 23, 2013
+.Dt CONSTTIME_BCMP 3
+.Os
+.Sh NAME
+.Nm consttime_bcmp
+.Nd compare byte strings for equality without timing leaks
+.Sh LIBRARY
+.Lb libc
+.Sh SYNOPSIS
+.In string.h
+.Ft int
+.Fn consttime_bcmp "void *b1" "void *b2" "size_t len"
+.Sh DESCRIPTION
+The
+.Fn consttime_bcmp
+function compares
+.Fa len
+bytes of memory at
+.Fa b1
+and
+.Fa b2
+for equality, returning zero if they are identical and nonzero
+otherwise.
+.Pp
+The time taken by
+.Fn consttime_bcmp
+depends on
+.Fa len ,
+but not on the data at
+.Fa b1
+or
+.Fa b2 .
+Thus,
+.Fn consttime_bcmp
+is appropriate for comparing cryptographic secrets, hashes, message
+authentication codes, etc., without leaking information about them
+through a timing side channel.
+In crypto literature,
+.Fn consttime_bcmp
+is said to take
+.Sq constant time ,
+meaning time that does not vary depending on the data it processes.
+.Pp
+Note that unlike
+.Xr memcmp 3 ,
+.Fn consttime_bcmp
+does not return a lexicographic ordering on the data at
+.Fa b1
+and
+.Fa b2 ;
+it tells only whether they are equal.
+.Sh SEE ALSO
+.Xr explicit_bzero 3 ,
+.Xr memcmp 3
+.Sh HISTORY
+The
+.Fn consttime_bcmp
+function appeared in
+.Nx 7.0 .
Index: src/lib/libc/string/explicit_bzero.3
diff -u /dev/null src/lib/libc/string/explicit_bzero.3:1.1
--- /dev/null Sun Jun 23 16:44:06 2013
+++ src/lib/libc/string/explicit_bzero.3 Sun Jun 23 16:44:06 2013
@@ -0,0 +1,75 @@
+.\" $NetBSD: explicit_bzero.3,v 1.1 2013/06/23 16:44:06 riastradh Exp $
+.\"
+.\" Copyright (c) 2013 The NetBSD Foundation, Inc.
+.\" All rights reserved.
+.\"
+.\" This documentation is derived from text contributed to The NetBSD
+.\" Foundation by Taylor R. Campbell.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+.\" POSSIBILITY OF SUCH DAMAGE.
+.\"
+.Dd June 23, 2013
+.Dt EXPLICIT_BZERO 3
+.Os
+.Sh NAME
+.Nm explicit_bzero
+.Nd guarantee zeroing a buffer in memory
+.Sh LIBRARY
+.Lb libc
+.Sh SYNOPSIS
+.In string.h
+.Ft void
+.Fn explicit_bzero "void *ptr" "size_t len"
+.Sh DESCRIPTION
+The
+.Fn explicit_bzero
+function writes
+.Fa len
+zero bytes to the memory pointed to by
+.Fa ptr .
+It is guaranteed not to be optimized away by the compiler even if
+.Fa ptr
+is no longer used and is about to be freed or go out of scope.
+.Sh EXAMPLES
+Create a buffer on the stack for a secret key, use it, and then zero it
+in memory before throwing it away.
+.Bd -literal -offset indent
+void
+f(void)
+{
+ uint8_t key[32];
+
+ crypto_random(key, sizeof(key));
+ do_crypto_stuff(key, sizeof(key));
+ \&...
+
+ explicit_bzero(key, sizeof(key));
+}
+.Ed
+.Sh SEE ALSO
+.Xr consttime_bcmp 3 ,
+.Xr memset 3
+.Sh HISTORY
+The
+.Fn explicit_bzero
+function appeared in
+.Nx 7.0 .
