Use terminology more carefully.
* Refer to the info sec property of confidentiality instead of saying,
vaguely, "security-critical".
https://informationsecurity.wustl.edu/items/\
confidentiality-integrity-and-availability-the-cia-triad/
* Try not to confuse anyone who's studied the analysis of algorithms:
don't say "constant time" when "deterministic time" is meant. The
time to perform the memory comparison remains linear (O(n)), not
constant (O(1)).
* Tighten wording.
Signed-off-by: G. Branden Robinson <g.branden.robinson@xxxxxxxxx>
---
man3/memcmp.3 | 16 ++++++++++++----
1 file changed, 12 insertions(+), 4 deletions(-)
diff --git a/man3/memcmp.3 b/man3/memcmp.3
index c2427a00a..004556744 100644
--- a/man3/memcmp.3
+++ b/man3/memcmp.3
@@ -67,12 +67,20 @@ POSIX.1-2001, POSIX.1-2008, C99, SVr4, 4.3BSD.
.SH NOTES
Do not use
.BR memcmp ()
-to compare security critical data, such as cryptographic secrets,
-because the required CPU time depends on the number of equal bytes.
-Instead, a function that performs comparisons in constant time is required.
+to compare confidential data,
+such as cryptographic secrets;
+because the CPU time required for the comparison depends on the contents
+of the addresses compared,
+this function is subject to timing-based side-channel attacks.
+In such cases,
+a function that performs comparisons in deterministic time,
+depending only on
+.I n
+(the quantity of bytes compared)
+is required.
Some operating systems provide such a function (e.g., NetBSD's
.BR consttime_memequal ()),
-but no such function is specified in POSIX.
+but none is specified in POSIX.
On Linux, it may be necessary to implement such a function oneself.
.SH SEE ALSO
.BR bstring (3),
--
2.30.2
Attachment:
signature.asc
Description: PGP signature
