ANSI C memcmp is not constant time function per spec so it should
be avoided in cryptography usage.
Fixes:
d61f70b4c918 ("crypto/libcrypto: add driver for OpenSSL library")
Cc: stable@dpdk.org
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
}
if (sess->auth.operation == RTE_CRYPTO_AUTH_OP_VERIFY) {
}
if (sess->auth.operation == RTE_CRYPTO_AUTH_OP_VERIFY) {
- if (memcmp(dst, op->sym->auth.digest.data,
+ if (CRYPTO_memcmp(dst, op->sym->auth.digest.data,
sess->auth.digest_length) != 0) {
op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
}
sess->auth.digest_length) != 0) {
op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
}
"Length of public_decrypt %d "
"length of message %zd\n",
ret, op->rsa.message.length);
"Length of public_decrypt %d "
"length of message %zd\n",
ret, op->rsa.message.length);
- if ((ret <= 0) || (memcmp(tmp, op->rsa.message.data,
+ if ((ret <= 0) || (CRYPTO_memcmp(tmp, op->rsa.message.data,
op->rsa.message.length))) {
OPENSSL_LOG(ERR, "RSA sign Verification failed");
cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
op->rsa.message.length))) {
OPENSSL_LOG(ERR, "RSA sign Verification failed");
cop->status = RTE_CRYPTO_OP_STATUS_ERROR;