Acked-by: Jack Bond-Preston <[email protected]>
On 25/06/2026 16:56, Stephen Hemminger wrote:
The chained-op verify path compared the computed and expected MAC with memcmp(), whose run time depends on the number of matching leading bytes and can leak the digest to an attacker submitting forged values. Use rte_memeq_timingsafe() for the verify comparison. Bugzilla ID: 1773 Fixes: 169ca3db550c ("crypto/armv8: add PMD optimized for ARMv8 processors") Cc: [email protected] Reported-by: Siraj Luthfi Ananda <[email protected]> Signed-off-by: Stephen Hemminger <[email protected]> --- drivers/crypto/armv8/rte_armv8_pmd.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/crypto/armv8/rte_armv8_pmd.c b/drivers/crypto/armv8/rte_armv8_pmd.c index 320e2d4b3b..a7caac186d 100644 --- a/drivers/crypto/armv8/rte_armv8_pmd.c +++ b/drivers/crypto/armv8/rte_armv8_pmd.c @@ -631,8 +631,8 @@ process_armv8_chained_op(struct armv8_crypto_qp *qp, struct rte_crypto_op *op,op->status = RTE_CRYPTO_OP_STATUS_SUCCESS;if (sess->auth.operation == RTE_CRYPTO_AUTH_OP_VERIFY) { - if (memcmp(adst, op->sym->auth.digest.data, - sess->auth.digest_length) != 0) { + if (!rte_memeq_timingsafe(adst, op->sym->auth.digest.data, + sess->auth.digest_length)) { op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED; } }
