* Daniel Borkmann: > On 02/11/2013 08:00 PM, Florian Weimer wrote: >> * Daniel Borkmann: > > Thanks for your feedback, Florian! > >>> + * memcmp_nta - memcmp that is secure against timing attacks >> >> It's not providing an ordering, so it should not have "cmp" in the >> name. > > I agree. What would you suggest? Probably, it would make sense to > integrate this into the Linux crypto API and name it sth like ... > > crypto_mem_verify(const void *,const void *,__kernel_size_t) > > ... which returns: > > == 0 - mem regions equal each other > != 0 - mem regions do not equal each other
crypto_mem_equal or crypto_mem_equals should be fine. Or anything else which matches an existing function name with similar function. >>> + for (su1 = cs, su2 = ct; 0 < count; ++su1, ++su2, count--) >>> + res |= (*su1 ^ *su2); >> >> The compiler could still short-circuit this loop. Unlikely at >> present, but this looks like a maintenance hazard. > > So then better we leave out '|' as a possible candidate and rewrite it as: > > + for (su1 = cs, su2 = ct; 0 < count; ++su1, ++su2, count--) > + res += (*su1 ^ *su2); That will cause false matches for long inputs. If we had only four platforms to support, I would write this function in assembler because it will be considerably easier to read. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
