From: Stephen Hemminger <stephen@networkplumber.org>
To: dev@dpdk.org
Cc: Stephen Hemminger <stephen@networkplumber.org>,
stable@dpdk.org, Siraj Luthfi Ananda <sirajluthfi@gmail.com>
Subject: [PATCH 3/5] crypto/ccp: use timing-safe digest comparison
Date: Thu, 25 Jun 2026 08:56:36 -0700 [thread overview]
Message-ID: <20260625160200.24170-4-stephen@networkplumber.org> (raw)
In-Reply-To: <20260625160200.24170-1-stephen@networkplumber.org>
Both the CPU HMAC verify path and the offload digest verify path
compared the computed and expected MAC with memcmp(), which short
circuits on the first mismatching byte and leaks the number of
matching leading bytes through timing.
Use rte_memeq_timingsafe() for both verify comparisons.
Bugzilla ID: 1773
Fixes: 6c561b03b54c ("crypto/ccp: support CPU based MD5 and SHA2 family")
Fixes: 70f0f8a8d78c ("crypto/ccp: support burst enqueue/dequeue")
Cc: stable@dpdk.org
Reported-by: Siraj Luthfi Ananda <sirajluthfi@gmail.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
---
drivers/crypto/ccp/ccp_crypto.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/crypto/ccp/ccp_crypto.c b/drivers/crypto/ccp/ccp_crypto.c
index 5899d83bae..b07a786d8e 100644
--- a/drivers/crypto/ccp/ccp_crypto.c
+++ b/drivers/crypto/ccp/ccp_crypto.c
@@ -1490,8 +1490,8 @@ static int cpu_crypto_auth(struct ccp_qp *qp,
}
if (sess->auth.op == CCP_AUTH_OP_VERIFY) {
- if (memcmp(dst, op->sym->auth.digest.data,
- sess->auth.digest_length) != 0) {
+ if (!rte_memeq_timingsafe(dst, op->sym->auth.digest.data,
+ sess->auth.digest_length)) {
op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
} else {
op->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
@@ -2801,8 +2801,8 @@ static inline void ccp_auth_dq_prepare(struct rte_crypto_op *op)
op->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
if (session->auth.op == CCP_AUTH_OP_VERIFY) {
- if (memcmp(addr + offset, digest_data,
- session->auth.digest_length) != 0)
+ if (!rte_memeq_timingsafe(addr + offset, digest_data,
+ session->auth.digest_length))
op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
} else {
--
2.53.0
next prev parent reply other threads:[~2026-06-25 16:02 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-25 15:56 [PATCH 0/5] crypto: use timing-safe digest comparison Stephen Hemminger
2026-06-25 15:56 ` [PATCH 1/5] eal: take experimental flag off of rte_memeq_timingsafe Stephen Hemminger
2026-06-25 15:56 ` [PATCH 2/5] crypto/uadk: use timing-safe digest comparison Stephen Hemminger
2026-06-25 15:56 ` Stephen Hemminger [this message]
2026-06-25 15:56 ` [PATCH 4/5] crypto/armv8: " Stephen Hemminger
2026-06-25 15:56 ` [PATCH 5/5] crypto/cnxk: " Stephen Hemminger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260625160200.24170-4-stephen@networkplumber.org \
--to=stephen@networkplumber.org \
--cc=dev@dpdk.org \
--cc=sirajluthfi@gmail.com \
--cc=stable@dpdk.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox