From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) by dpdk.org (Postfix) with ESMTP id 8398E2D13 for ; Thu, 1 Feb 2018 10:48:25 +0100 (CET) Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id 3D7F5209CA; Thu, 1 Feb 2018 04:48:25 -0500 (EST) Received: from frontend2 ([10.202.2.161]) by compute1.internal (MEProxy); Thu, 01 Feb 2018 04:48:25 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fridaylinux.org; h=cc:date:from:in-reply-to:message-id:references:subject:to :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=umlXaXeW2AM/qTK40 yJstAUSTATUTglsSEQZcbiJLfY=; b=YWkFYHToXH9Xeq8L/76bVv7MFvhT/gHLo vsotC/MWsfOfU99tsDktT5dqoyfLQPH45RAa0YMKWhuBwIo2t4BKz8q3OhRfK14u FShsNqzpUszxsP/u6NrI4HCjdOyO+maRXjUt7mgmdzwXCfQZqP6qm725DgQX+zLa adX4wIF3Y8RlXAOGlpeCiCMdGC3SFbGCaexPLOJhttMBA6UoJGrQ2AD4ZOMRwMzg XdBslT8dFxrLwCOUJiATYIRKZ6kMB+XBqUsLRUmVWdF0/BX/dDoybLJMFGFPyAG9 +jhj5Sj4onsfgCmg+If3Xaml3BFRQUQKHZyIMCxgTriTrti0MOznQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:date:from:in-reply-to:message-id :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; bh=umlXaXeW2AM/qTK40yJstAUSTATUTglsSEQZcbiJLfY=; b=UonlRCok BaYT1em4BsF/lTOqFwLXSaD55vpU6NL06GvuyVoibCChxqiDrsNamlwBJy7AkCK/ 8LSgoSqL/cm/63suQTXEmgsT+Vt/+a/Qvik3gLad20H/KHvJ2k9ZRS6RKRAdqGLj Lq4mNUG3KuN8y4+zfpT/jTCf7+2zv0cZmLIjxwq70KhPZI2Y8mlKVBhE7PcjdAPi 5Fiu442jbhlHIvJUZLwEmqusVDUiRYrLeOdi4rO6GgzPCX78O/Yk6/BVHuh6LZri +y7z32a3EgmJLl5v/Ls3O/ubvAeq2tcZRs5aPScQcA45ukQV/8OdayHQe4huzbmF Y9AG3D+U456AQw== X-ME-Sender: Received: from yliu-mob.mtl.com (unknown [115.150.27.200]) by mail.messagingengine.com (Postfix) with ESMTPA id 1E3E3240B6; Thu, 1 Feb 2018 04:48:22 -0500 (EST) From: Yuanhan Liu To: Tomasz Jozwiak Cc: Fiona Trahe , dpdk stable Date: Thu, 1 Feb 2018 17:47:23 +0800 Message-Id: <1517478479-12417-9-git-send-email-yliu@fridaylinux.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1517478479-12417-1-git-send-email-yliu@fridaylinux.org> References: <1517478479-12417-1-git-send-email-yliu@fridaylinux.org> Subject: [dpdk-stable] patch 'crypto/qat: fix out-of-bounds access' has been queued to LTS release 17.11.1 X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Feb 2018 09:48:25 -0000 Hi, FYI, your patch has been queued to LTS release 17.11.1 Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet. It will be pushed if I get no objections before 02/03/18. So please shout if anyone has objections. Thanks. --yliu --- >>From 5e78a44894532a96dd0ba0a428547bdf2ac476d9 Mon Sep 17 00:00:00 2001 From: Tomasz Jozwiak Date: Mon, 22 Jan 2018 17:28:03 +0100 Subject: [PATCH] crypto/qat: fix out-of-bounds access [ upstream commit 8aa8ee9d2d87ba1a0560cfdbe936c3fd7c5dc12b ] This commit fixes - bpi_cipher_encrypt to prevent before 'array subscript is above array bounds' error - bpi_cipher_decrypt to prevent before 'array subscript is above array bounds' error Fixes: d18ab45f7654 ("crypto/qat: support DOCSIS BPI mode") Signed-off-by: Tomasz Jozwiak Acked-by: Fiona Trahe --- drivers/crypto/qat/qat_crypto.c | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/drivers/crypto/qat/qat_crypto.c b/drivers/crypto/qat/qat_crypto.c index a572967..f85c2c8 100644 --- a/drivers/crypto/qat/qat_crypto.c +++ b/drivers/crypto/qat/qat_crypto.c @@ -69,6 +69,10 @@ #include "adf_transport_access_macros.h" #define BYTE_LENGTH 8 +/* bpi is only used for partial blocks of DES and AES + * so AES block len can be assumed as max len for iv, src and dst + */ +#define BPI_MAX_ENCR_IV_LEN ICP_QAT_HW_AES_BLK_SZ static int qat_is_cipher_alg_supported(enum rte_crypto_cipher_algorithm algo, @@ -121,16 +125,16 @@ bpi_cipher_encrypt(uint8_t *src, uint8_t *dst, { EVP_CIPHER_CTX *ctx = (EVP_CIPHER_CTX *)bpi_ctx; int encrypted_ivlen; - uint8_t encrypted_iv[16]; - int i; + uint8_t encrypted_iv[BPI_MAX_ENCR_IV_LEN]; + uint8_t *encr = encrypted_iv; /* ECB method: encrypt the IV, then XOR this with plaintext */ if (EVP_EncryptUpdate(ctx, encrypted_iv, &encrypted_ivlen, iv, ivlen) <= 0) goto cipher_encrypt_err; - for (i = 0; i < srclen; i++) - *(dst+i) = *(src+i)^(encrypted_iv[i]); + for (; srclen != 0; --srclen, ++dst, ++src, ++encr) + *dst = *src ^ *encr; return 0; @@ -150,16 +154,16 @@ bpi_cipher_decrypt(uint8_t *src, uint8_t *dst, { EVP_CIPHER_CTX *ctx = (EVP_CIPHER_CTX *)bpi_ctx; int encrypted_ivlen; - uint8_t encrypted_iv[16]; - int i; + uint8_t encrypted_iv[BPI_MAX_ENCR_IV_LEN]; + uint8_t *encr = encrypted_iv; /* ECB method: encrypt (not decrypt!) the IV, then XOR with plaintext */ if (EVP_EncryptUpdate(ctx, encrypted_iv, &encrypted_ivlen, iv, ivlen) <= 0) goto cipher_decrypt_err; - for (i = 0; i < srclen; i++) - *(dst+i) = *(src+i)^(encrypted_iv[i]); + for (; srclen != 0; --srclen, ++dst, ++src, ++encr) + *dst = *src ^ *encr; return 0; -- 2.7.4