From nobody Thu Sep 12 15:14:36 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4X4LZk6WFbz5W2RS; Thu, 12 Sep 2024 15:14:38 +0000 (UTC) (envelope-from kevans@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4X4LZk5sS4z4H2h; Thu, 12 Sep 2024 15:14:38 +0000 (UTC) (envelope-from kevans@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1726154078; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=I3v+Q5vIVgLKRGW6qadvaLekfDph9BxNElXjk2om26g=; b=kD8403TXrPHPi8iha9otg2xubYtocOQooA9CYOVDpRrK5dBkidNsotMSzogF1q8u4gMrAx hit1Li4KsqSKCRpNpB7GZfQJUxN1m11ZuX/9vHIBzEW+CgSOt8q8TQhH887v9XmICS6ukK 7dBkB9BfNrQtPP4LkF+Phf0Ja5ImE3/bjMk3WAmUEPJenhJZau4kxTXOVw1SxpJ27wFLnW tQuZevm8HRGahTxnR59kwYQ0fB1XPtYXZPNzfrPEFK5dT+J3xDrg9OoASuzpYkjF+4FgPf QsxhgH2iT3JlduQJIU0/7Fk+OKirEcZUJVvlM5+5yA5A4pUmTNcNGJQ8iti4Gw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1726154078; a=rsa-sha256; cv=none; b=gmqCxiChRo/vh5u392xww3gymxV22+CeI6eTMnZ3PlNOPAKlAL+NkFm1745ubmJFcFHha8 z9uPhVyNQdjbrqoJ+0oJNMWEQybzjz17GTvtfgTRgDKqcns6goTOA8ZmxJ0uVar7SijSny hG0rcVzckmh9ycRxb++EQ24QeZfebgB5vA1jS1jIzTQUgSNf2hhUYSljQmew1aweDJ9OrX y+A3wJsQwHvBx7YudARfyT1C6XlpdAdVwPh43KiLa5F5H6XxW9+Nr9Vwk6I4ftxY4TP5t+ aNqrAN2Txh1KnayR47VLE9HVT8RJqgMZZQecI1Rf91iRbIaqYs8yuEVSlLsvIw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1726154078; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=I3v+Q5vIVgLKRGW6qadvaLekfDph9BxNElXjk2om26g=; b=YHnX6Kiq6FOFGNwY5WuGwDPVA+9jNpNyDY8mxDiiIw8nXNecGz6BMbsN6BylF7a5fBMDJO YIKm2YrLvg9E4TLiWx5Ysh0pw/PsG68DyRNfpz6KUFLjA95b9OzERHnSByq+x/P4C/Jwli prkknSsLySbOxq+fbvb6tMigkK1gMu8baJixnEqZ3/X59mTVthcU7T+9O9o4NwWOjL+Vsz 2wDbnxe62LdchZEbA0v4Q5sCl14uXtjP6BpSmbYGKvWSTPHK2UeEfCpQblLj4T6AjAD/NI QXKy+Im4bT5PsqPAvAUgbluXqArlU3cMHf4d9WXJAKDKZ9hMgHlHxtHufGgAzA== Received: from [10.9.4.95] (unknown [209.182.120.176]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) (Authenticated sender: kevans/mail) by smtp.freebsd.org (Postfix) with ESMTPSA id 4X4LZk2T5pzV9k; Thu, 12 Sep 2024 15:14:38 +0000 (UTC) (envelope-from kevans@FreeBSD.org) Message-ID: <46ddb4e7-2dfe-4f00-9210-1d482e03ef27@FreeBSD.org> Date: Thu, 12 Sep 2024 10:14:36 -0500 List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: git: 76c2b331bcd9 - main - lib/libc/amd64/string: add timingsafe_bcmp(3) scalar, baseline implementations To: Robert Clausecker , src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org References: <202310151931.39FJVIpF088761@gitrepo.freebsd.org> Content-Language: en-US From: Kyle Evans In-Reply-To: <202310151931.39FJVIpF088761@gitrepo.freebsd.org> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit On 10/15/23 14:31, Robert Clausecker wrote: > The branch main has been updated by fuz: > > URL: https://cgit.FreeBSD.org/src/commit/?id=76c2b331bcd9f73c5c8c43a06e328fa0c7b8c39a > > commit 76c2b331bcd9f73c5c8c43a06e328fa0c7b8c39a > Author: Robert Clausecker > AuthorDate: 2023-08-30 15:37:26 +0000 > Commit: Robert Clausecker > CommitDate: 2023-10-15 19:19:04 +0000 > > lib/libc/amd64/string: add timingsafe_bcmp(3) scalar, baseline implementations > > Very straightforward and similar to memcmp(3). The code has > been written to use only instructions specified as having > data operand independent timing by Intel. > > Sponsored by: The FreeBSD Foundation > Approved by: security (cperciva) > Differential Revision: https://reviews.freebsd.org/D41673 Hi Robert, I only just noticed this, but I have to admit that I'm pretty uncomfortable with the idea of rolling our own timingsafe assembly implementations in general. My main concern is that, e.g., auditing timingsafe_bcmp.S will clearly take a lot longer than auditing the C counterpart, but also the audit requirements have gone up for every architecture you want to support that might be using this from a single simple C implementation to C + however many architectures end up rolling their own implementation in assembly after this. Are these really used in enough perf-critical context to justify the additional complexity? Did anyone *actually* verify the constant-time properties of these implementations? I didn't really find any written confirmation of that, which I was really hoping for- we should have a much higher bar for changes like this. Thanks, Kyle Evans