Timing attacks in DPDK crypto were fixed earlier but several drivers did not use the new timing safe comparison operation.
First patch drops the experimental flag off rte_memeq_timingsafe(). The function is a static inline with no exported symbol, no ABI change. This avoids having to turn on experimental flag in other drivers. The rest convert the digest verify comparisons in the uadk, ccp, armv8 and cnxk PMDs. This problem was reported for several drivers and for those the Reported-by was added. Stephen Hemminger (5): eal: take experimental flag off of rte_memeq_timingsafe crypto/uadk: use timing-safe digest comparison crypto/ccp: use timing-safe digest comparison crypto/armv8: use timing-safe digest comparison crypto/cnxk: use timing-safe digest comparison doc/guides/rel_notes/release_26_07.rst | 4 ++++ drivers/crypto/armv8/rte_armv8_pmd.c | 4 ++-- drivers/crypto/ccp/ccp_crypto.c | 8 ++++---- drivers/crypto/cnxk/cnxk_se.h | 2 +- drivers/crypto/uadk/uadk_crypto_pmd.c | 4 ++-- lib/eal/include/rte_memory.h | 4 ---- 6 files changed, 13 insertions(+), 13 deletions(-) -- 2.53.0
