memory(2): mention tsmemcmp (thanks kemal)

1 files changed, 22 insertions, 1 deletions

diff --git a/sys/man/2/memory b/sys/man/2/memory
index 42bcc0555..30c5cfb1e 100644
--- a/sys/man/2/memory
+++ b/sys/man/2/memory
@@ -1,6 +1,6 @@
 .TH MEMORY 2
 .SH NAME
-memccpy, memchr, memcmp, memcpy, memmove, memset \- memory operations
+memccpy, memchr, memcmp, memcpy, memmove, memset, tsmemcmp \- memory operations
 .SH SYNOPSIS
 .B #include <u.h>
 .br
@@ -24,6 +24,11 @@ void*	memmove(void *s1, void *s2, ulong n)
 .PP
 .B
 void*	memset(void *s, int c, ulong n)
+.PP
+.B #include <libsec.h>
+.PP
+.B
+int	tsmemcmp(void *s1, void *s2, ulong n)
 .SH DESCRIPTION
 These functions operate efficiently on memory areas
 (arrays of bytes bounded by a count, not terminated by a zero byte).
@@ -103,11 +108,22 @@ to the value of byte
 .IR c .
 It returns
 .IR s .
+.PP
+.I Tsmemcmp
+is a variant of
+.I memcmp
+that is safe against timing attacks.
+It does not stop when it sees a difference, this way it's runtime is function of
+.I n
+and not something that can lead clues to attackers.
 .SH SOURCE
 All these routines have portable C implementations in
 .BR /sys/src/libc/port .
 Most also have machine-dependent assembly language implementations in
 .BR /sys/src/libc/$objtype .
+.I Tsmemcmp
+is found on
+.BR /sys/src/libsec/port/tsmemcmp.c .
 .SH SEE ALSO
 .IR strcat (2)
 .SH BUGS
@@ -124,3 +140,8 @@ If
 and
 .I memmove
 are handed a negative count, they abort.
+.PP
+.I Memcmp
+should not be used to compare sensitive data as it's vulnerable to timing attacks. Instead, 
+.I tsmemcmp
+should be used.