On Wed, Oct 01, 2025 at 03:32:41PM +0000, Kai Ji wrote: > Bugzilla ID: 1773 > https://bugs.dpdk.org/show_bug.cgi?id=1773 > > Signed-off-by: Kai Ji <[email protected]> > --- > lib/eal/include/rte_memory.h | 38 ++++++++++++++++++++++++++++++++++++ > 1 file changed, 38 insertions(+) > > diff --git a/lib/eal/include/rte_memory.h b/lib/eal/include/rte_memory.h > index dcc0e69cfe..6939c1caad 100644 > --- a/lib/eal/include/rte_memory.h > +++ b/lib/eal/include/rte_memory.h > @@ -746,6 +746,44 @@ __rte_experimental > void > rte_memzero_explicit(void *dst, size_t sz); > > +/** > + * @warning > + * @b EXPERIMENTAL: this API may change without prior notice. > + * > + * Constant-time memory comparison. > + * > + * This function compares two memory regions in constant time, making it > + * resistant to timing side-channel attacks. The execution time depends only > + * on the length parameter, not on the actual data values being compared. > + * > + * This is particularly important for cryptographic operations where timing > + * differences could leak information about secret keys, passwords, or other > + * sensitive data. > + * > + * @param a > + * Pointer to the first memory region to compare > + * @param b > + * Pointer to the second memory region to compare > + * @param n > + * Number of bytes to compare > + * @return > + * 0 if the memory regions are identical, non-zero if they differ > + */ > +__rte_experimental > +static inline int > +rte_timingsafe_memcmp(const void *a, const void *b, size_t n) > +{ > + const volatile uint8_t *pa = (const volatile uint8_t *)a; > + const volatile uint8_t *pb = (const volatile uint8_t *)b; > + uint8_t result = 0; > + size_t i; > + > + for (i = 0; i < n; i++) > + result |= pa[i] ^ pb[i]; > + > + return result; > +} > +
Just wondering if it's worth doing: #ifdef RTE_EXEC_ENV_FREEBSD #define rte_timingsafe_memcmp timingsafe_memcmp #else ... #endif to use the OS-provided function where possible. /Bruce
