From: Arek Kusztal Date: Fri, 31 May 2019 06:59:28 +0000 (+0200) Subject: crypto/openssl: fix usage of non constant time memcmp X-Git-Url: http://git.droids-corp.org/?a=commitdiff_plain;h=a3f9fededfca6758abb751d67b11cda660a3399a;p=dpdk.git crypto/openssl: fix usage of non constant time memcmp ANSI C memcmp is not constant time function per spec so it should be avoided in cryptography usage. Fixes: d61f70b4c918 ("crypto/libcrypto: add driver for OpenSSL library") Cc: stable@dpdk.org Signed-off-by: Arek Kusztal Acked-by: Fiona Trahe --- diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c index 6504959e69..73ce3833cc 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd.c +++ b/drivers/crypto/openssl/rte_openssl_pmd.c @@ -1529,7 +1529,7 @@ process_openssl_auth_op(struct openssl_qp *qp, struct rte_crypto_op *op, } if (sess->auth.operation == RTE_CRYPTO_AUTH_OP_VERIFY) { - if (memcmp(dst, op->sym->auth.digest.data, + if (CRYPTO_memcmp(dst, op->sym->auth.digest.data, sess->auth.digest_length) != 0) { op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED; } @@ -1914,7 +1914,7 @@ process_openssl_rsa_op(struct rte_crypto_op *cop, "Length of public_decrypt %d " "length of message %zd\n", ret, op->rsa.message.length); - if ((ret <= 0) || (memcmp(tmp, op->rsa.message.data, + if ((ret <= 0) || (CRYPTO_memcmp(tmp, op->rsa.message.data, op->rsa.message.length))) { OPENSSL_LOG(ERR, "RSA sign Verification failed"); cop->status = RTE_CRYPTO_OP_STATUS_ERROR;