[PATCH 5/5] crypto/cnxk: use timing-safe digest comparison

Stephen Hemminger stephen at networkplumber.org
Thu Jun 25 17:56:38 CEST 2026

Previous message (by thread): [PATCH 4/5] crypto/armv8: use timing-safe digest comparison
Next message (by thread): [PATCH v3] dts: update dts check format script and resolve errors
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

compl_auth_verify() compared the generated and received MAC with
memcmp(), which returns early on the first differing byte and leaks
the number of matching leading bytes through timing.

Use rte_memeq_timingsafe() for the verify comparison.

Bugzilla ID: 1773
Fixes: 786963fdcf3e ("crypto/cnxk: add digest support")
Cc: stable at dpdk.org

Signed-off-by: Stephen Hemminger <stephen at networkplumber.org>
---
 drivers/crypto/cnxk/cnxk_se.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/crypto/cnxk/cnxk_se.h b/drivers/crypto/cnxk/cnxk_se.h
index 8dbf3e73c7..d2306a9daf 100644
--- a/drivers/crypto/cnxk/cnxk_se.h
+++ b/drivers/crypto/cnxk/cnxk_se.h
@@ -3282,7 +3282,7 @@ compl_auth_verify(struct rte_crypto_op *op, uint8_t *gen_mac, uint64_t mac_len)
 		return;
 	}
 
-	if (memcmp(mac, gen_mac, mac_len))
+	if (!rte_memeq_timingsafe(mac, gen_mac, mac_len))
 		op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
 	else
 		op->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
-- 
2.53.0

Previous message (by thread): [PATCH 4/5] crypto/armv8: use timing-safe digest comparison
Next message (by thread): [PATCH v3] dts: update dts check format script and resolve errors
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dev mailing list