From: Shani Peretz <shperetz@nvidia.com>
To: "dev@dpdk.org" <dev@dpdk.org>
Cc: "stephen@networkplumber.org" <stephen@networkplumber.org>,
"stable@dpdk.org" <stable@dpdk.org>, Kai Ji <kai.ji@intel.com>,
Declan Doherty <declan.doherty@intel.com>,
Marcin Kerlin <marcinx.kerlin@intel.com>,
Slawomir Mrozowicz <slawomirx.mrozowicz@intel.com>,
Michal Kobylinski <michalx.kobylinski@intel.com>,
Piotr Azarewicz <piotr.azarewicz@intel.com>
Subject: RE: [PATCH v2] app/crypto-perf: fix plaintext size exceeds buffer size
Date: Thu, 18 Sep 2025 08:15:55 +0000 [thread overview]
Message-ID: <MW4PR12MB74849C2F60EBA869ACF2AFA6BF16A@MW4PR12MB7484.namprd12.prod.outlook.com> (raw)
In-Reply-To: <20250825071450.25314-1-shperetz@nvidia.com>
> -----Original Message-----
> From: Shani Peretz <shperetz@nvidia.com>
> Sent: Monday, 25 August 2025 10:15
> To: dev@dpdk.org
> Cc: stephen@networkplumber.org; Shani Peretz <shperetz@nvidia.com>;
> stable@dpdk.org; Kai Ji <kai.ji@intel.com>; Declan Doherty
> <declan.doherty@intel.com>; Marcin Kerlin <marcinx.kerlin@intel.com>;
> Slawomir Mrozowicz <slawomirx.mrozowicz@intel.com>; Michal Kobylinski
> <michalx.kobylinski@intel.com>; Piotr Azarewicz <piotr.azarewicz@intel.com>
> Subject: [PATCH v2] app/crypto-perf: fix plaintext size exceeds buffer size
>
> When test vector plaintext exceeds buffer size, only the first max_buffer_size
> bytes are processed, causing incorrect digest verification (computed vs
> expected mismatch).
>
> This patch fixes this issue by checking that the plaintext size is larger than the
> buffer size and returns an error with a log.
>
> Fixes: f8be1786b1b8 ("app/crypto-perf: introduce performance test
> application")
> Cc: stable@dpdk.org
>
> Signed-off-by: Shani Peretz <shperetz@nvidia.com>
>
> ------------------
> v2: added sizes to the log
>
> ---
> .../cperf_test_vector_parsing.c | 47 +++++++++++--------
> 1 file changed, 27 insertions(+), 20 deletions(-)
>
> diff --git a/app/test-crypto-perf/cperf_test_vector_parsing.c b/app/test-
> crypto-perf/cperf_test_vector_parsing.c
> index 737d61d4af..5665fb425b 100644
> --- a/app/test-crypto-perf/cperf_test_vector_parsing.c
> +++ b/app/test-crypto-perf/cperf_test_vector_parsing.c
> @@ -308,12 +308,19 @@ parse_entry(char *entry, struct cperf_test_vector
> *vector,
> if (strstr(key_token, "plaintext")) {
> rte_free(vector->plaintext.data);
> vector->plaintext.data = data;
> +
> + if (opts->test == CPERF_TEST_TYPE_VERIFY && data_length >
> opts->max_buffer_size) {
> + printf("Global plaintext (%u) larger than buffer_sz
> (%u)\n",
> + data_length, opts->max_buffer_size);
> + return -1;
> + }
> +
> if (tc_found)
> vector->plaintext.length = data_length;
> else {
> if (opts->max_buffer_size > data_length) {
> - printf("Global plaintext shorter than "
> - "buffer_sz\n");
> + printf("Global plaintext (%u) shorter than "
> + "buffer_sz (%u)\n", data_length,
> opts->max_buffer_size);
> return -1;
> }
> vector->plaintext.length = opts->max_buffer_size;
> @@ -326,8 +333,8 @@ parse_entry(char *entry, struct cperf_test_vector
> *vector,
> vector->cipher_key.length = data_length;
> else {
> if (opts->cipher_key_sz > data_length) {
> - printf("Global cipher_key shorter than "
> - "cipher_key_sz\n");
> + printf("Global cipher_key (%u) shorter than "
> + "cipher_key_sz (%u)\n", data_length,
> opts->cipher_key_sz);
> return -1;
> }
> vector->cipher_key.length = opts->cipher_key_sz; @@
> -340,8 +347,8 @@ parse_entry(char *entry, struct cperf_test_vector *vector,
> vector->auth_key.length = data_length;
> else {
> if (opts->auth_key_sz > data_length) {
> - printf("Global auth_key shorter than "
> - "auth_key_sz\n");
> + printf("Global auth_key (%u) shorter than "
> + "auth_key_sz (%u)\n", data_length,
> opts->auth_key_sz);
> return -1;
> }
> vector->auth_key.length = opts->auth_key_sz; @@ -
> 354,8 +361,8 @@ parse_entry(char *entry, struct cperf_test_vector *vector,
> vector->aead_key.length = data_length;
> else {
> if (opts->aead_key_sz > data_length) {
> - printf("Global aead_key shorter than "
> - "aead_key_sz\n");
> + printf("Global aead_key (%u) shorter than "
> + "aead_key_sz (%u)\n", data_length,
> opts->aead_key_sz);
> return -1;
> }
> vector->aead_key.length = opts->aead_key_sz; @@ -
> 368,8 +375,8 @@ parse_entry(char *entry, struct cperf_test_vector *vector,
> vector->cipher_iv.length = data_length;
> else {
> if (opts->cipher_iv_sz > data_length) {
> - printf("Global cipher iv shorter than "
> - "cipher_iv_sz\n");
> + printf("Global cipher iv (%u) shorter than "
> + "cipher_iv_sz (%u)\n", data_length,
> opts->cipher_iv_sz);
> return -1;
> }
> vector->cipher_iv.length = opts->cipher_iv_sz; @@ -
> 382,8 +389,8 @@ parse_entry(char *entry, struct cperf_test_vector *vector,
> vector->auth_iv.length = data_length;
> else {
> if (opts->auth_iv_sz > data_length) {
> - printf("Global auth iv shorter than "
> - "auth_iv_sz\n");
> + printf("Global auth iv (%u) shorter than "
> + "auth_iv_sz (%u)\n", data_length,
> opts->auth_iv_sz);
> return -1;
> }
> vector->auth_iv.length = opts->auth_iv_sz; @@ -
> 396,8 +403,8 @@ parse_entry(char *entry, struct cperf_test_vector *vector,
> vector->aead_iv.length = data_length;
> else {
> if (opts->aead_iv_sz > data_length) {
> - printf("Global aead iv shorter than "
> - "aead_iv_sz\n");
> + printf("Global aead iv (%u) shorter than "
> + "aead_iv_sz (%u)\n", data_length,
> opts->aead_iv_sz);
> return -1;
> }
> vector->aead_iv.length = opts->aead_iv_sz; @@ -
> 410,8 +417,8 @@ parse_entry(char *entry, struct cperf_test_vector *vector,
> vector->ciphertext.length = data_length;
> else {
> if (opts->max_buffer_size > data_length) {
> - printf("Global ciphertext shorter than "
> - "buffer_sz\n");
> + printf("Global ciphertext (%u) shorter than "
> + "buffer_sz (%u)\n", data_length,
> opts->max_buffer_size);
> return -1;
> }
> vector->ciphertext.length = opts->max_buffer_size;
> @@ -425,8 +432,8 @@ parse_entry(char *entry, struct cperf_test_vector
> *vector,
> vector->aad.length = data_length;
> else {
> if (opts->aead_aad_sz > data_length) {
> - printf("Global aad shorter than "
> - "aead_aad_sz\n");
> + printf("Global aad (%u) shorter than "
> + "aead_aad_sz (%u)\n", data_length,
> opts->aead_aad_sz);
> return -1;
> }
> vector->aad.length = opts->aead_aad_sz; @@ -441,8
> +448,8 @@ parse_entry(char *entry, struct cperf_test_vector *vector,
> vector->digest.length = data_length;
> else {
> if (opts->digest_sz > data_length) {
> - printf("Global digest shorter than "
> - "digest_sz\n");
> + printf("Global digest (%u) shorter than "
> + "digest_sz (%u)\n", data_length,
> opts->digest_sz);
> return -1;
> }
> vector->digest.length = opts->digest_sz;
> --
> 2.34.1
There was an ack by:
Acked-by: Kai Ji <kai.ji@intel.com>
next prev parent reply other threads:[~2025-09-18 8:15 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-08-05 6:38 [PATCH] " Shani Peretz
2025-08-05 15:49 ` Stephen Hemminger
2025-08-25 7:14 ` [PATCH v2] " Shani Peretz
2025-09-18 8:15 ` Shani Peretz [this message]
2025-09-03 15:45 ` [PATCH] " Ji, Kai
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=MW4PR12MB74849C2F60EBA869ACF2AFA6BF16A@MW4PR12MB7484.namprd12.prod.outlook.com \
--to=shperetz@nvidia.com \
--cc=declan.doherty@intel.com \
--cc=dev@dpdk.org \
--cc=kai.ji@intel.com \
--cc=marcinx.kerlin@intel.com \
--cc=michalx.kobylinski@intel.com \
--cc=piotr.azarewicz@intel.com \
--cc=slawomirx.mrozowicz@intel.com \
--cc=stable@dpdk.org \
--cc=stephen@networkplumber.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).