abi_asprintf=unknown
abi_bsd_getopt=unknown
abi_closefrom=unknown
+abi_consttime_memequal=unknown
abi_err=unknown
abi_errc=unknown
abi_expand_number=unknown
# DROP: On glibc >= 2.34.
#abi_closefrom=no
abi_closefrom=yes
+ abi_consttime_memequal=yes
abi_err=no
abi_errc=yes
abi_expand_number=yes
#abi_bsd_getopt=no
abi_bsd_getopt=yes
abi_closefrom=yes
+ abi_consttime_memequal=yes
abi_err=no
abi_errc=yes
abi_expand_number=yes
abi_asprintf=no
abi_bsd_getopt=no
abi_closefrom=yes
+ abi_consttime_memequal=yes
abi_err=no
abi_errc=no
abi_expand_number=yes
abi_asprintf=no
abi_bsd_getopt=yes
abi_closefrom=no
+ abi_consttime_memequal=yes
abi_err=no
abi_errc=yes
abi_expand_number=yes
abi_asprintf=yes
abi_bsd_getopt=yes
abi_closefrom=yes
+ abi_consttime_memequal=yes
abi_err=yes
abi_errc=yes
abi_expand_number=yes
LIBBSD_SELECT_ABI([asprintf], [vasprintf()/asprintf()])
LIBBSD_SELECT_ABI([bsd_getopt], [BSD getopt()])
LIBBSD_SELECT_ABI([closefrom], [closefrom()])
+LIBBSD_SELECT_ABI([consttime_memequal], [consttime_memequal()])
LIBBSD_SELECT_ABI([err_h], [err.h header])
LIBBSD_SELECT_ABI([err], [err API])
LIBBSD_SELECT_ABI([errc], [errc API])
--- /dev/null
+.\" $NetBSD: consttime_memequal.3,v 1.5 2015/03/23 07:41:16 apb Exp $
+.\"
+.\" Copyright (c) 2013 The NetBSD Foundation, Inc.
+.\" All rights reserved.
+.\"
+.\" This documentation is derived from text contributed to The NetBSD
+.\" Foundation by Taylor R. Campbell.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+.\" POSSIBILITY OF SUCH DAMAGE.
+.\"
+.Dd March 23, 2015
+.Dt consttime_memequal 3bsd
+.Os
+.Sh NAME
+.Nm consttime_memequal
+.Nd compare byte strings for equality without timing leaks
+.Sh LIBRARY
+.ds str-Lb-libbsd Utility functions from BSD systems (libbsd, \-lbsd)
+.ds doc-str-Lb-libbsd \*[str-Lb-libbsd]
+.Lb libbsd
+.Sh SYNOPSIS
+.In string.h
+.Ft int
+.Fn consttime_memequal "void *b1" "void *b2" "size_t len"
+.Sh DESCRIPTION
+The
+.Fn consttime_memequal
+function compares
+.Fa len
+bytes of memory at
+.Fa b1
+and
+.Fa b2
+for equality, returning 0 if they are distinct and 1 if they are
+identical.
+.Pp
+The time taken by
+.Fn consttime_memequal
+depends on
+.Fa len ,
+but not on the data at
+.Fa b1
+or
+.Fa b2 .
+Thus,
+.Fn consttime_memequal
+is appropriate for comparing cryptographic secrets, hashes, message
+authentication codes, etc., without leaking information about them
+through a timing side channel.
+In crypto literature,
+.Fn consttime_memequal
+is said to take
+.Sq constant time ,
+meaning time that does not vary depending on the data it processes.
+.Pp
+Note that unlike
+.Xr memcmp 3 ,
+.Fn consttime_memequal
+does not return a lexicographic ordering on the data at
+.Fa b1
+and
+.Fa b2 ;
+it tells only whether they are equal.
+.Nx
+does not provide a
+.Fn consttime_memcmp
+function, because all known use cases that require
+.Sq constant time
+memory comparison also require only comparison for equality,
+not lexicographic ordering.
+.Sh SEE ALSO
+.Xr explicit_memset 3bsd ,
+.Xr memcmp 3
+.Sh HISTORY
+The
+.Fn consttime_memequal
+function appeared in
+.Nx 7.0 .
--- /dev/null
+/* $NetBSD: consttime_memequal.c,v 1.6 2015/03/18 20:11:35 riastradh Exp $ */
+
+/*
+ * Written by Matthias Drochner <drochner@NetBSD.org>.
+ * Public domain.
+ */
+
+#include <string.h>
+
+int
+consttime_memequal(const void *b1, const void *b2, size_t len)
+{
+ const unsigned char *c1 = b1, *c2 = b2;
+ unsigned int res = 0;
+
+ while (len--)
+ res |= *c1++ ^ *c2++;
+
+ /*
+ * Map 0 to 1 and [1, 256) to 0 using only constant-time
+ * arithmetic.
+ *
+ * This is not simply `!res' because although many CPUs support
+ * branchless conditional moves and many compilers will take
+ * advantage of them, certain compilers generate branches on
+ * certain CPUs for `!res'.
+ */
+ return (1 & ((res - 1) >> 8));
+}
projects / thirdparty / libbsd.git / commitdiff
