memcmp.3: Warn against use of memcmp() for comparing security-critical data

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-12-30 22:09:02 +01:00 · 2014-12-30 22:09:02 +01:00 · f70fe9d7cb
parent 7f139a4512
commit f70fe9d7cb
1 changed files with 6 additions and 0 deletions
--- a/man3/memcmp.3
+++ b/man3/memcmp.3
@ -68,6 +68,12 @@ The
 function is thread-safe.
 .SH CONFORMING TO
 SVr4, 4.3BSD, C89, C99, POSIX.1-2001.
+.SH NOTES
+.PP
+Do not use
+.BR memcmp ()
+to compare security critical data, such as cryptographic secrets,
+because the required CPU time depends on the amount of equal bytes.
 .SH SEE ALSO
 .BR bcmp (3),
 .BR strcasecmp (3),