Replace memcmp() with rte_memeq_timingsafe() when verifying RSA signatures to prevent timing-based side-channel attacks.
The comparison at drivers/crypto/octeontx/otx_cryptodev_ops.c:742 is used to verify RSA signed data against expected message content. Using regular memcmp() for cryptographic verification can leak information about the compared data through timing differences. Signed-off-by: Stephen Hemminger <[email protected]> --- drivers/crypto/octeontx/otx_cryptodev_ops.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/crypto/octeontx/otx_cryptodev_ops.c b/drivers/crypto/octeontx/otx_cryptodev_ops.c index d6d1b2cea9..40f565cd78 100644 --- a/drivers/crypto/octeontx/otx_cryptodev_ops.c +++ b/drivers/crypto/octeontx/otx_cryptodev_ops.c @@ -12,6 +12,7 @@ #include <rte_errno.h> #include <rte_malloc.h> #include <rte_mempool.h> +#include <rte_memory.h> #include "otx_cryptodev.h" #include "otx_cryptodev_capabilities.h" @@ -739,7 +740,7 @@ otx_cpt_asym_rsa_op(struct rte_crypto_op *cop, struct cpt_request_info *req, } memcpy(rsa->sign.data, req->rptr, rsa->sign.length); - if (memcmp(rsa->sign.data, rsa->message.data, + if (!rte_memeq_timingsafe(rsa->sign.data, rsa->message.data, rsa->message.length)) { CPT_LOG_DP_ERR("RSA verification failed"); cop->status = RTE_CRYPTO_OP_STATUS_ERROR; -- 2.53.0
