From: "Zhang, Roy Fan" <roy.fan.zhang@intel.com>
To: "Power, Ciara" <ciara.power@intel.com>, "dev@dpdk.org" <dev@dpdk.org>
Cc: "stable@dpdk.org" <stable@dpdk.org>,
"De Lara Guarch, Pablo" <pablo.de.lara.guarch@intel.com>,
"Doherty, Declan" <declan.doherty@intel.com>
Subject: Re: [dpdk-dev] [PATCH] crypto/openssl: fix CCM processing 0 length source
Date: Tue, 24 Aug 2021 09:53:19 +0000 [thread overview]
Message-ID: <BL0PR11MB30434AA078CEC77A21451512B8C59@BL0PR11MB3043.namprd11.prod.outlook.com> (raw)
In-Reply-To: <20210823124714.255341-1-ciara.power@intel.com>
> -----Original Message-----
> From: Power, Ciara <ciara.power@intel.com>
> Sent: Monday, August 23, 2021 1:47 PM
> To: dev@dpdk.org
> Cc: stable@dpdk.org; Zhang, Roy Fan <roy.fan.zhang@intel.com>; Power,
> Ciara <ciara.power@intel.com>; De Lara Guarch, Pablo
> <pablo.de.lara.guarch@intel.com>; Doherty, Declan
> <declan.doherty@intel.com>
> Subject: [PATCH] crypto/openssl: fix CCM processing 0 length source
>
> When given a source length 0 for CCM, the encryption and decryption
> functions did not call the EVP_ENCRYPTUPDATE/EVP_DECRYPTUPDATE
> functions
> with a src and dst, causing some FIPS validation failures for testcases
> with PLen=0:
>
> process_openssl_auth_encryption_ccm() line 1131:
> Process openssl auth encryption ccm failed
>
> Fixes: 1a4998dc4d94 ("crypto/openssl: support AES-CCM")
> Cc: pablo.de.lara.guarch@intel.com
> Cc: stable@dpdk.org
>
> Signed-off-by: Ciara Power <ciara.power@intel.com>
> ---
> drivers/crypto/openssl/rte_openssl_pmd.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c
> b/drivers/crypto/openssl/rte_openssl_pmd.c
> index 47004337d5..37b969b916 100644
> --- a/drivers/crypto/openssl/rte_openssl_pmd.c
> +++ b/drivers/crypto/openssl/rte_openssl_pmd.c
> @@ -1114,7 +1114,7 @@ process_openssl_auth_encryption_ccm(struct
> rte_mbuf *mbuf_src, int offset,
> if (EVP_EncryptUpdate(ctx, NULL, &len, aad + 18, aadlen) <=
> 0)
> goto process_auth_encryption_ccm_err;
>
> - if (srclen > 0)
> + if (srclen >= 0)
> if (process_openssl_encryption_update(mbuf_src, offset,
> &dst,
> srclen, ctx, 0))
> goto process_auth_encryption_ccm_err;
> @@ -1197,7 +1197,7 @@ process_openssl_auth_decryption_ccm(struct
> rte_mbuf *mbuf_src, int offset,
> if (EVP_DecryptUpdate(ctx, NULL, &len, aad + 18, aadlen) <=
> 0)
> goto process_auth_decryption_ccm_err;
>
> - if (srclen > 0)
> + if (srclen >= 0)
> if (process_openssl_decryption_update(mbuf_src, offset,
> &dst,
> srclen, ctx, 0))
> return -EFAULT;
> --
> 2.25.1
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
next prev parent reply other threads:[~2021-08-24 9:53 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-23 12:47 Ciara Power
2021-08-24 9:53 ` Zhang, Roy Fan [this message]
2021-09-06 19:56 ` Akhil Goyal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=BL0PR11MB30434AA078CEC77A21451512B8C59@BL0PR11MB3043.namprd11.prod.outlook.com \
--to=roy.fan.zhang@intel.com \
--cc=ciara.power@intel.com \
--cc=declan.doherty@intel.com \
--cc=dev@dpdk.org \
--cc=pablo.de.lara.guarch@intel.com \
--cc=stable@dpdk.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).