|WARNING| [v2, 6/6] crypto/octeontx: use timing-safe RSA signature verification

dpdklab at iol.unh.edu dpdklab at iol.unh.edu
Mon Jun 29 23:05:25 CEST 2026


Test-Label: ai-code-review
Test-Status: WARNING
https://dpdk.org/patch/166405

_AI Code Review_

=== Patch Review: series.patch (via Claude) ===
Review date: 2026-06-29

# DPDK Patch Review

## Overview
This patch series removes the experimental tag from `rte_memeq_timingsafe()` and applies it to fix timing-based side-channel vulnerabilities in several crypto PMDs. The patches address a security issue (Bugzilla 1773) where `memcmp()` was used to verify cryptographic MACs and signatures, leaking information through timing differences.

---

## Patch 1/6: eal: take experimental flag off of rte_memeq_timingsafe

**No issues found.**

The patch correctly promotes an inline function from experimental to stable, with appropriate release notes documentation. Since the function is inline, there is no ABI exposure.

---

## Patch 2/6: crypto/uadk: use timing-safe digest comparison

**No issues found.**

The patch correctly replaces `memcmp()` with `rte_memeq_timingsafe()` in the MAC verification path. The inverted logic is correct (`memcmp() != 0` becomes `!rte_memeq_timingsafe()`).

---

## Patch 3/6: crypto/ccp: use timing-safe digest comparison

**No issues found.**

The patch correctly fixes two instances of timing-unsafe digest verification (CPU path and offload path). Both replacements properly invert the comparison logic.

---

## Patch 4/6: crypto/armv8: use timing-safe digest comparison

**No issues found.**

The patch correctly replaces `memcmp()` with `rte_memeq_timingsafe()` in the chained-op authentication verification path with proper logic inversion.

---

## Patch 5/6: crypto/cnxk: use timing-safe digest comparison

### Errors

**Missing include directive ordering.**

`drivers/crypto/cnxk/cnxk_ae.h` adds `#include <rte_memory.h>` at line 11, but the include order is now:
```c
#include <rte_common.h>
#include <rte_crypto_asym.h>
#include <rte_malloc.h>
#include <rte_memory.h>
```

Per DPDK style guidelines, DPDK EAL includes (`rte_common.h`, `rte_memory.h`) should be grouped separately from DPDK misc library includes (`rte_crypto_asym.h`, `rte_malloc.h`), with a blank line between groups. The correct order is:

```c
#include <rte_common.h>
#include <rte_memory.h>

#include <rte_crypto_asym.h>
#include <rte_malloc.h>
```

Move `#include <rte_memory.h>` before the blank line separating EAL from misc library includes.

---

## Patch 6/6: crypto/octeontx: use timing-safe RSA signature verification

### Errors

**Missing include directive ordering.**

`drivers/crypto/octeontx/otx_cryptodev_ops.c` adds `#include <rte_memory.h>` at line 15, creating:
```c
#include <rte_errno.h>
#include <rte_malloc.h>
#include <rte_mempool.h>
#include <rte_memory.h>
```

Per DPDK style guidelines, `rte_memory.h` is an EAL include and must be grouped with other libc/EAL includes, separated from misc library includes (`rte_malloc.h`, `rte_mempool.h`). The existing includes already violate ordering (no blank line separating groups), but adding `rte_memory.h` in the wrong group makes it worse.

The correct approach: add `#include <rte_memory.h>` after `#include <rte_errno.h>` (both are EAL), with a blank line before `#include <rte_malloc.h>`:

```c
#include <rte_errno.h>
#include <rte_memory.h>

#include <rte_malloc.h>
#include <rte_mempool.h>
```

---

## Summary

**Errors:**
- Patch 5/6: Include directive ordering violation in `cnxk_ae.h`
- Patch 6/6: Include directive ordering violation in `otx_cryptodev_ops.c`

**Warnings:** None

**Info:** The patches effectively address the reported timing side-channel vulnerability (Bugzilla 1773). All functional changes are correct.


More information about the test-report mailing list