[EXTERNAL] [dpdk-dev v1] cryptodev: introduce constant-time memory comparison

Thomas Monjalon thomas at monjalon.net
Thu Sep 25 22:47:42 CEST 2025


25/09/2025 12:33, Akhil Goyal:
> > +/**
> > + * Constant-time memory comparison for cryptographic use.
> > + * Returns 0 if the memory regions are equal, nonzero otherwise.
> > + * Runs in constant time with respect to the length to prevent timing attacks.
> > + *
> > + * @param a
> > + *   Pointer to the first memory region.
> > + * @param b
> > + *   Pointer to the second memory region.
> > + * @param n
> > + *   Number of bytes to compare.
> > + * @return
> > + *   0 if memory regions are equal, nonzero otherwise.
> > + */
> > +#define rte_consttime_memcmp(a, b, n) __extension__ ({ \
> > +	const volatile uint8_t *__pa = (const volatile uint8_t *)(a); \
> > +	const volatile uint8_t *__pb = (const volatile uint8_t *)(b); \
> > +	uint8_t __result = 0; \
> > +	for (size_t __i = 0; __i < (n); __i++) \
> > +		__result |= __pa[__i] ^ __pb[__i]; \
> > +	__result; \
> > +})
> 
> I believe this is not the right place to add this define.
> It should be somewhere in common eal if it is already not there.

Yes indeed.
cryptodev is the API for managing crypto devices.
A new memcmp function would be better hosted in libc,
and in EAL for compatibility with all supported libc.

I mean please add it in EAL, and propose it to glibc as well.






More information about the dev mailing list