Return-path: Received: from mail-io0-f170.google.com ([209.85.223.170]:32990 "EHLO mail-io0-f170.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751729AbdFKNg3 (ORCPT ); Sun, 11 Jun 2017 09:36:29 -0400 Received: by mail-io0-f170.google.com with SMTP id t87so26801382ioe.0 for ; Sun, 11 Jun 2017 06:36:28 -0700 (PDT) MIME-Version: 1.0 In-Reply-To: <878tkzq6wi.fsf@purkki.adurom.net> References: <20170610025912.6499-1-Jason@zx2c4.com> <878tkzq6wi.fsf@purkki.adurom.net> From: Kees Cook Date: Sun, 11 Jun 2017 06:36:27 -0700 Message-ID: (sfid-20170611_153708_782431_306D284E) Subject: Re: [PATCH 0/6] Constant Time Memory Comparisons Are Important To: Kalle Valo Cc: "Jason A. Donenfeld" , LKML , "kernel-hardening@lists.openwall.com" , Anna Schumaker , David Howells , David Safford , "David S. Miller" , Gilad Ben-Yossef , Greg Kroah-Hartman , Gustavo Padovan , "J. Bruce Fields" , Jeff Layton , Johan Hedberg , Johannes Berg , Marcel Holtmann , Mimi Zohar , Trond Myklebust , keyrings@vger.kernel.org, linux-bluetooth@vger.kernel.org, "open list:NFS, SUNRPC, AND..." , linux-wireless , Network Development Content-Type: text/plain; charset="UTF-8" Sender: linux-wireless-owner@vger.kernel.org List-ID: On Sun, Jun 11, 2017 at 1:13 AM, Kalle Valo wrote: > "Jason A. Donenfeld" writes: > >> Whenever you're comparing two MACs, it's important to do this using >> crypto_memneq instead of memcmp. With memcmp, you leak timing information, >> which could then be used to iteratively forge a MAC. > > Do you have any pointers where I could learn more about this? While not using C specifically, this talks about the problem generally: https://www.chosenplaintext.ca/articles/beginners-guide-constant-time-cryptography.html -Kees -- Kees Cook Pixel Security