memcmp.3: Recast security caveat

Use terminology more carefully.

* Refer to the info sec property of confidentiality[1] instead of saying,
  vaguely, "security-critical".
* Try not to confuse anyone who's studied the analysis of algorithms:
  don't say "constant time" when "deterministic time" is meant.  The
  time to perform the memory comparison remains linear (O(n)), not
  constant (O(1)).
* Tighten wording.

Link: [1] <https://informationsecurity.wustl.edu/items/confidentiality-integrity-and-availability-the-cia-triad/>
Signed-off-by: "G. Branden Robinson" <g.branden.robinson@gmail.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

diff --git a/man3/memcmp.3 b/man3/memcmp.3
index 9a2aad35347c65841d141c512b2f958462050e64..67ebe392e84bc3abc8f0f4820acd90156d3b2c42 100644 (file)
--- a/man3/memcmp.3
+++ b/man3/memcmp.3
@@ -67,9 +67,17 @@ POSIX.1-2001, C89, SVr4, 4.3BSD.
 .SH CAVEATS
 Do not use
 .BR memcmp ()
-to compare security critical data, such as cryptographic secrets,
-because the required CPU time depends on the number of equal bytes.
-Instead, a function that performs comparisons in constant time is required.
+to compare confidential data,
+such as cryptographic secrets,
+because the CPU time required for the comparison
+depends on the contents of the addresses compared,
+this function is subject to timing-based side-channel attacks.
+In such cases,
+a function that performs comparisons in deterministic time,
+depending only on
+.I n
+(the quantity of bytes compared)
+is required.
 Some operating systems provide such a function (e.g., NetBSD's
 .BR consttime_memequal ()),
 but no such function is specified in POSIX.