From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 70EE6A04A2; Wed, 6 Nov 2019 11:54:33 +0100 (CET) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id BEB301C08C; Wed, 6 Nov 2019 11:54:32 +0100 (CET) Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) by dpdk.org (Postfix) with ESMTP id 1F4711C07D; Wed, 6 Nov 2019 11:54:29 +0100 (CET) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga002.jf.intel.com ([10.7.209.21]) by fmsmga103.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 06 Nov 2019 02:54:29 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.68,274,1569308400"; d="scan'208";a="214207007" Received: from silpixa00398673.ir.intel.com (HELO silpixa00398673.ger.corp.intel.com) ([10.237.223.136]) by orsmga002.jf.intel.com with ESMTP; 06 Nov 2019 02:54:27 -0800 From: Fan Zhang To: dev@dpdk.org Cc: akhil.goyal@nxp.com, Fan Zhang , marko.kovacevic@intel.com, stable@dpdk.org Date: Wed, 6 Nov 2019 10:54:25 +0000 Message-Id: <20191106105425.1061-1-roy.fan.zhang@intel.com> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Subject: [dpdk-dev] [PATCH] fips_validation: fix auth verify X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Fixes: f64adb6714e0 ("examples/fips_validation: support HMAC parsing") Cc: marko.kovacevic@intel.com Cc: stable@dpdk.org This patch fixes the incorrect mbuf write and digest memory leak in fips_validation authentication verify. Signed-off-by: Fan Zhang --- examples/fips_validation/main.c | 58 +++++++++------------------------ 1 file changed, 16 insertions(+), 42 deletions(-) diff --git a/examples/fips_validation/main.c b/examples/fips_validation/main.c index f8694ef96..9a2c8da61 100644 --- a/examples/fips_validation/main.c +++ b/examples/fips_validation/main.c @@ -512,6 +512,7 @@ static int prepare_auth_op(void) { struct rte_crypto_sym_op *sym = env.op->sym; + uint8_t *pt; __rte_crypto_op_reset(env.op, RTE_CRYPTO_OP_TYPE_SYMMETRIC); rte_pktmbuf_reset(env.mbuf); @@ -519,52 +520,25 @@ prepare_auth_op(void) sym->m_src = env.mbuf; sym->auth.data.offset = 0; - if (info.op == FIPS_TEST_ENC_AUTH_GEN) { - uint8_t *pt; - - if (vec.pt.len > RTE_MBUF_MAX_NB_SEGS) { - RTE_LOG(ERR, USER1, "PT len %u\n", vec.pt.len); - return -EPERM; - } - - pt = (uint8_t *)rte_pktmbuf_append(env.mbuf, vec.pt.len + - vec.cipher_auth.digest.len); - - if (!pt) { - RTE_LOG(ERR, USER1, "Error %i: MBUF too small\n", - -ENOMEM); - return -ENOMEM; - } - - memcpy(pt, vec.pt.val, vec.pt.len); - sym->auth.data.length = vec.pt.len; - sym->auth.digest.data = pt + vec.pt.len; - sym->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset( - env.mbuf, vec.pt.len); - - } else { - uint8_t *ct; + pt = (uint8_t *)rte_pktmbuf_append(env.mbuf, vec.pt.len + + vec.cipher_auth.digest.len); - if (vec.ct.len > RTE_MBUF_MAX_NB_SEGS) { - RTE_LOG(ERR, USER1, "CT len %u\n", vec.ct.len); - return -EPERM; - } + if (!pt) { + RTE_LOG(ERR, USER1, "Error %i: MBUF too small\n", + -ENOMEM); + return -ENOMEM; + } - ct = (uint8_t *)rte_pktmbuf_append(env.mbuf, - vec.ct.len + vec.cipher_auth.digest.len); + sym->auth.data.length = vec.pt.len; + sym->auth.digest.data = pt + vec.pt.len; + sym->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset( + env.mbuf, vec.pt.len); - if (!ct) { - RTE_LOG(ERR, USER1, "Error %i: MBUF too small\n", - -ENOMEM); - return -ENOMEM; - } + memcpy(pt, vec.pt.val, vec.pt.len); - memcpy(ct, vec.ct.val, vec.ct.len); - sym->auth.data.length = vec.ct.len; - sym->auth.digest.data = vec.cipher_auth.digest.val; - sym->auth.digest.phys_addr = rte_malloc_virt2iova( - sym->auth.digest.data); - } + if (info.op == FIPS_TEST_DEC_AUTH_VERIF) + memcpy(pt + vec.pt.len, vec.cipher_auth.digest.val, + vec.cipher_auth.digest.len); rte_crypto_op_attach_sym_session(env.op, env.sess); -- 2.20.1