Use terminology more carefully.
* Refer to the info sec property of confidentiality instead of saying,
vaguely, "security-critical".
https://informationsecurity.wustl.edu/items/\
confidentiality-integrity-and-availability-the-cia-triad/
* Try not to confuse anyone who's studied the analysis of algorithms:
don't say "constant time" when "deterministic time" is meant. The
time to perform the memory comparison remains linear (O(n)), not
constant (O(1)).
* Tighten wording.
Signed-off-by: G. Branden Robinson <g.branden.robinson@xxxxxxxxx>
---
man3/memcmp.3 | 14 +++++++++++---
1 file changed, 11 insertions(+), 3 deletions(-)
diff --git a/man3/memcmp.3 b/man3/memcmp.3
index 9a2aad353..67ebe392e 100644
--- a/man3/memcmp.3
+++ b/man3/memcmp.3
@@ -67,9 +67,17 @@ .SH HISTORY
.SH CAVEATS
Do not use
.BR memcmp ()
-to compare security critical data, such as cryptographic secrets,
-because the required CPU time depends on the number of equal bytes.
-Instead, a function that performs comparisons in constant time is required.
+to compare confidential data,
+such as cryptographic secrets,
+because the CPU time required for the comparison
+depends on the contents of the addresses compared,
+this function is subject to timing-based side-channel attacks.
+In such cases,
+a function that performs comparisons in deterministic time,
+depending only on
+.I n
+(the quantity of bytes compared)
+is required.
Some operating systems provide such a function (e.g., NetBSD's
.BR consttime_memequal ()),
but no such function is specified in POSIX.
--
2.30.2
v2: Tweak phrasing per suggestions from Alex Colomar.
Regards,
Branden
Attachment:
signature.asc
Description: PGP signature
