Page MenuHomePhabricator
Create Task
Maniphest T520

Use constant time memory compare function
Closed, ResolvedPublic
Actions

Description

Standard memcmp() can be target to timing side channel attacks. Replace this function with a safe implementation, which has a constant execution time.

Event Timeline

Unknown Object (User) added a subscriber: Unknown Object (User).Sep 27 2019, 12:34 PM
This comment was removed by Unknown Object (User).
Unknown Object (User) added a comment.Sep 27 2019, 12:35 PM
This comment was removed by Unknown Object (User).
Unknown Object (User) added a comment.Sep 27 2019, 12:36 PM

Added the new boot_secure_memeql function, after some discussion about whether it'd be better to try and recreate all behaviour of memcpm or go for the simpler memeql. This should be used for any security critical comparisons.

Unknown Object (User) closed this task as Resolved.Sep 27 2019, 2:32 PM