[dpdk-dev v1] crypto/openssl: fix of dstlen passed in HMAC

[dpdk-dev v1] crypto/openssl: fix of dstlen passed in HMAC

[Kai Ji]

This fix of dstlen passed in OpenSSL 3.0 lib EVP MAC final routine.

Fixes: 75adf1eae44f ("crypto/openssl: update HMAC routine with 3.0 EVP API")

Signed-off-by: Kai Ji <kai.ji@intel.com>
---
 drivers/crypto/openssl/rte_openssl_pmd.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index e01dacc98d..5658b9db66 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -1395,7 +1395,7 @@ process_openssl_auth_hmac(struct rte_mbuf *mbuf_src, uint8_t *dst, int offset,
 	}
 
 process_auth_final:
-	if (EVP_MAC_final(ctx, dst, &dstlen, sizeof(dst)) != 1)
+	if (EVP_MAC_final(ctx, dst, &dstlen, DIGEST_LENGTH_MAX) != 1)
 		goto process_auth_err;
 
 	EVP_MAC_CTX_free(ctx);
-- 
2.17.1

RE: [dpdk-dev v1] crypto/openssl: fix of dstlen passed in HMAC

[Zhang, Roy Fan]

> -----Original Message-----
> From: Kai Ji <kai.ji@intel.com>
> Sent: Monday, July 11, 2022 6:08 PM
> To: dev@dpdk.org
> Cc: gakhil@marvell.com; Ji, Kai <kai.ji@intel.com>
> Subject: [dpdk-dev v1] crypto/openssl: fix of dstlen passed in HMAC
> 
> This fix of dstlen passed in OpenSSL 3.0 lib EVP MAC final routine.
> 
> Fixes: 75adf1eae44f ("crypto/openssl: update HMAC routine with 3.0 EVP
> API")
> 
> Signed-off-by: Kai Ji <kai.ji@intel.com>
> ---
>  drivers/crypto/openssl/rte_openssl_pmd.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c
> b/drivers/crypto/openssl/rte_openssl_pmd.c
> index e01dacc98d..5658b9db66 100644
> --- a/drivers/crypto/openssl/rte_openssl_pmd.c
> +++ b/drivers/crypto/openssl/rte_openssl_pmd.c
> @@ -1395,7 +1395,7 @@ process_openssl_auth_hmac(struct rte_mbuf
> *mbuf_src, uint8_t *dst, int offset,
>  	}
> 
>  process_auth_final:
> -	if (EVP_MAC_final(ctx, dst, &dstlen, sizeof(dst)) != 1)
> +	if (EVP_MAC_final(ctx, dst, &dstlen, DIGEST_LENGTH_MAX) != 1)
>  		goto process_auth_err;
> 
>  	EVP_MAC_CTX_free(ctx);
> --
> 2.17.1
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>

RE: [EXT] [dpdk-dev v1] crypto/openssl: fix of dstlen passed in HMAC

[Akhil Goyal]

> Subject: [EXT] [dpdk-dev v1] crypto/openssl: fix of dstlen passed in HMAC
> 
Title can be reworded
Crypto/openssl: fix HMAC output length

> This fix of dstlen passed in OpenSSL 3.0 lib EVP MAC final routine.

Please reword the description to explain what is not correct and what is done to fix it.

> 
> Fixes: 75adf1eae44f ("crypto/openssl: update HMAC routine with 3.0 EVP API")
> 
> Signed-off-by: Kai Ji <kai.ji@intel.com>
> ---
>  drivers/crypto/openssl/rte_openssl_pmd.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c
> b/drivers/crypto/openssl/rte_openssl_pmd.c
> index e01dacc98d..5658b9db66 100644
> --- a/drivers/crypto/openssl/rte_openssl_pmd.c
> +++ b/drivers/crypto/openssl/rte_openssl_pmd.c
> @@ -1395,7 +1395,7 @@ process_openssl_auth_hmac(struct rte_mbuf
> *mbuf_src, uint8_t *dst, int offset,
>  	}
> 
>  process_auth_final:
> -	if (EVP_MAC_final(ctx, dst, &dstlen, sizeof(dst)) != 1)
> +	if (EVP_MAC_final(ctx, dst, &dstlen, DIGEST_LENGTH_MAX) != 1)
>  		goto process_auth_err;
> 
>  	EVP_MAC_CTX_free(ctx);
> --
> 2.17.1

[dpdk-dev v2] crypto/openssl: fix HMAC output length

[Kai Ji]

This patch sets the max length of dst in OpenSSL 3.0 lib EVP MAC final
routine to ensure enough space for the result.

Fixes: 75adf1eae44f ("crypto/openssl: update HMAC routine with 3.0 EVP API")

Signed-off-by: Kai Ji <kai.ji@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
---
 drivers/crypto/openssl/rte_openssl_pmd.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index 392b546a63..a078038651 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -1447,7 +1447,7 @@ process_openssl_auth_mac(struct rte_mbuf *mbuf_src, uint8_t *dst, int offset,
 	}
 
 process_auth_final:
-	if (EVP_MAC_final(ctx, dst, &dstlen, sizeof(dst)) != 1)
+	if (EVP_MAC_final(ctx, dst, &dstlen, DIGEST_LENGTH_MAX) != 1)
 		goto process_auth_err;
 
 	EVP_MAC_CTX_free(ctx);
-- 
2.17.1

RE: [EXT] [dpdk-dev v2] crypto/openssl: fix HMAC output length

[Akhil Goyal]

> This patch sets the max length of dst in OpenSSL 3.0 lib EVP MAC final
> routine to ensure enough space for the result.
> 
> Fixes: 75adf1eae44f ("crypto/openssl: update HMAC routine with 3.0 EVP API")
Cc: stable@dpdk.org

> 
> Signed-off-by: Kai Ji <kai.ji@intel.com>
> Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Applied to dpdk-next-crypto

Thanks.