[dpdk-dev v4 1/2] eal: Add mem equal and non-equal to prevent timing attacks memcmp.

Stephen Hemminger stephen at networkplumber.org
Mon Sep 29 18:32:36 CEST 2025


On Mon, 29 Sep 2025 14:50:48 +0000
Kai Ji <kai.ji at intel.com> wrote:

> diff --git a/lib/eal/include/rte_memory.h b/lib/eal/include/rte_memory.h
> index dcc0e69cfe..bbdef8e939 100644
> --- a/lib/eal/include/rte_memory.h
> +++ b/lib/eal/include/rte_memory.h
> @@ -746,6 +746,74 @@ __rte_experimental
>  void
>  rte_memzero_explicit(void *dst, size_t sz);
>  
> +/**
> + * @warning
> + * @b EXPERIMENTAL: this API may change without prior notice.
> + *
> + * Constant-time memory inequality comparison.
> + *
> + * This function compares two memory regions in constant time, making it
> + * resistant to timing side-channel attacks. The execution time depends only
> + * on the length parameter, not on the actual data values being compared.
> + *
> + * This is particularly important for cryptographic operations where timing
> + * differences could leak information about secret keys, passwords, or other
> + * sensitive data.
> + *
> + * @param a
> + *   Pointer to the first memory region to compare
> + * @param b
> + *   Pointer to the second memory region to compare
> + * @param n
> + *   Number of bytes to compare
> + * @return
> + *   false if the memory regions are identical, true if they differ
> + */
> +__rte_experimental
> +static inline bool
> +rte_memneq_consttime(const void *a, const void *b, size_t n)

NAK
Please change to match BSD equivalent function (ie not not equal)


More information about the dev mailing list