[EXTERNAL] [dpdk-dev v1] cryptodev: introduce constant-time memory comparison
Konstantin Ananyev
konstantin.ananyev at huawei.com
Fri Sep 26 10:13:28 CEST 2025
> 25/09/2025 12:33, Akhil Goyal:
> > > +/**
> > > + * Constant-time memory comparison for cryptographic use.
> > > + * Returns 0 if the memory regions are equal, nonzero otherwise.
> > > + * Runs in constant time with respect to the length to prevent timing attacks.
> > > + *
> > > + * @param a
> > > + * Pointer to the first memory region.
> > > + * @param b
> > > + * Pointer to the second memory region.
> > > + * @param n
> > > + * Number of bytes to compare.
> > > + * @return
> > > + * 0 if memory regions are equal, nonzero otherwise.
> > > + */
> > > +#define rte_consttime_memcmp(a, b, n) __extension__ ({ \
> > > + const volatile uint8_t *__pa = (const volatile uint8_t *)(a); \
> > > + const volatile uint8_t *__pb = (const volatile uint8_t *)(b); \
> > > + uint8_t __result = 0; \
> > > + for (size_t __i = 0; __i < (n); __i++) \
> > > + __result |= __pa[__i] ^ __pb[__i]; \
> > > + __result; \
> > > +})
> >
> > I believe this is not the right place to add this define.
> > It should be somewhere in common eal if it is already not there.
>
> Yes indeed.
> cryptodev is the API for managing crypto devices.
> A new memcmp function would be better hosted in libc,
> and in EAL for compatibility with all supported libc.
>
> I mean please add it in EAL, and propose it to glibc as well.
Stupid q: what's wrong with standard C memcmp() function?
More information about the dev
mailing list