> Timing attacks in DPDK crypto were fixed earlier but
> several drivers did not use the new timing safe comparison
> operation.
>
> First patch drops the experimental flag off rte_memeq_timingsafe().
> The function is a static inline with no exported symbol, no ABI change.
> This avoids having to turn on experimental flag in other drivers.
>
> The rest convert the digest verify comparisons in the uadk, ccp,
> armv8 and cnxk PMDs.
>
> This problem was reported for several drivers and for those
> the Reported-by was added.
>
> Stephen Hemminger (5):
> eal: take experimental flag off of rte_memeq_timingsafe
> crypto/uadk: use timing-safe digest comparison
> crypto/ccp: use timing-safe digest comparison
> crypto/armv8: use timing-safe digest comparison
> crypto/cnxk: use timing-safe digest comparison
>
> doc/guides/rel_notes/release_26_07.rst | 4 ++++
> drivers/crypto/armv8/rte_armv8_pmd.c | 4 ++--
> drivers/crypto/ccp/ccp_crypto.c | 8 ++++----
> drivers/crypto/cnxk/cnxk_se.h | 2 +-
> drivers/crypto/uadk/uadk_crypto_pmd.c | 4 ++--
> lib/eal/include/rte_memory.h | 4 ----
> 6 files changed, 13 insertions(+), 13 deletions(-)
>
A couple of more instances which can be fixed for asym crypto.
drivers/crypto/octeontx/otx_cryptodev_ops.c:742: if
(memcmp(rsa->sign.data, rsa->message.data,
drivers/crypto/cnxk/cnxk_ae.h:1924: if (memcmp(rptr + 2,
rsa->message.data, rsa->message.length))
