From: Kevin Traynor <ktraynor@redhat.com>
To: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Cc: Fiona Trahe <fiona.trahe@intel.com>, dpdk stable <stable@dpdk.org>
Subject: [dpdk-stable] patch 'crypto/openssl: fix usage of non constant time memcmp' has been queued to LTS release 18.11.3
Date: Tue, 27 Aug 2019 10:30:01 +0100 [thread overview]
Message-ID: <20190827093032.20423-24-ktraynor@redhat.com> (raw)
In-Reply-To: <20190827093032.20423-1-ktraynor@redhat.com>
Hi,
FYI, your patch has been queued to LTS release 18.11.3
Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 09/03/19. So please
shout if anyone has objections.
Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.
Queued patches are on a temporary branch at:
https://github.com/kevintraynor/dpdk-stable-queue
This queued commit can be viewed at:
https://github.com/kevintraynor/dpdk-stable-queue/commit/76659ab156f8e758946c80184b6db2b3460953e0
Thanks.
Kevin Traynor
---
From 76659ab156f8e758946c80184b6db2b3460953e0 Mon Sep 17 00:00:00 2001
From: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Date: Fri, 31 May 2019 08:59:28 +0200
Subject: [PATCH] crypto/openssl: fix usage of non constant time memcmp
[ upstream commit a3f9fededfca6758abb751d67b11cda660a3399a ]
ANSI C memcmp is not constant time function per spec so it should
be avoided in cryptography usage.
Fixes: d61f70b4c918 ("crypto/libcrypto: add driver for OpenSSL library")
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
---
drivers/crypto/openssl/rte_openssl_pmd.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index 5b27bb919..d072d8084 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -1529,5 +1529,5 @@ process_openssl_auth_op(struct openssl_qp *qp, struct rte_crypto_op *op,
if (sess->auth.operation == RTE_CRYPTO_AUTH_OP_VERIFY) {
- if (memcmp(dst, op->sym->auth.digest.data,
+ if (CRYPTO_memcmp(dst, op->sym->auth.digest.data,
sess->auth.digest_length) != 0) {
op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
@@ -1921,5 +1921,5 @@ process_openssl_rsa_op(struct rte_crypto_op *cop,
"length of message %zd\n",
ret, op->rsa.message.length);
- if ((ret <= 0) || (memcmp(tmp, op->rsa.message.data,
+ if ((ret <= 0) || (CRYPTO_memcmp(tmp, op->rsa.message.data,
op->rsa.message.length))) {
OPENSSL_LOG(ERR, "RSA sign Verification failed");
--
2.20.1
---
Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- - 2019-08-27 09:40:12.226239776 +0100
+++ 0024-crypto-openssl-fix-usage-of-non-constant-time-memcmp.patch 2019-08-27 09:40:10.907144704 +0100
@@ -1 +1 @@
-From a3f9fededfca6758abb751d67b11cda660a3399a Mon Sep 17 00:00:00 2001
+From 76659ab156f8e758946c80184b6db2b3460953e0 Mon Sep 17 00:00:00 2001
@@ -5,0 +6,2 @@
+[ upstream commit a3f9fededfca6758abb751d67b11cda660a3399a ]
+
@@ -10 +11,0 @@
-Cc: stable@dpdk.org
@@ -19 +20 @@
-index 6504959e6..73ce3833c 100644
+index 5b27bb919..d072d8084 100644
@@ -22 +23 @@
-@@ -1530,5 +1530,5 @@ process_openssl_auth_op(struct openssl_qp *qp, struct rte_crypto_op *op,
+@@ -1529,5 +1529,5 @@ process_openssl_auth_op(struct openssl_qp *qp, struct rte_crypto_op *op,
@@ -29 +30 @@
-@@ -1915,5 +1915,5 @@ process_openssl_rsa_op(struct rte_crypto_op *cop,
+@@ -1921,5 +1921,5 @@ process_openssl_rsa_op(struct rte_crypto_op *cop,
next prev parent reply other threads:[~2019-08-27 9:31 UTC|newest]
Thread overview: 56+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-08-27 9:29 [dpdk-stable] patch 'test/hash: fix data reset on new run' " Kevin Traynor
2019-08-27 9:29 ` [dpdk-stable] patch 'mem: fix typo in API description' " Kevin Traynor
2019-08-27 9:29 ` [dpdk-stable] patch 'kni: abort when IOVA is not PA' " Kevin Traynor
2019-08-27 9:29 ` [dpdk-stable] patch 'doc: fix build with latest meson' " Kevin Traynor
2019-08-27 9:29 ` [dpdk-stable] patch 'ethdev: avoid error on PCI unplug of closed port' " Kevin Traynor
2019-08-27 9:29 ` [dpdk-stable] patch 'net/sfc: ensure that device is closed on removal' " Kevin Traynor
2019-08-27 9:29 ` [dpdk-stable] patch 'net: define IPv4 IHL and VHL' " Kevin Traynor
2019-08-27 9:29 ` [dpdk-stable] patch 'app/testpmd: fix MPLS IPv4 encapsulation fields' " Kevin Traynor
2019-08-27 9:29 ` [dpdk-stable] patch 'net/netvsc: fix definition of offload values' " Kevin Traynor
2019-08-27 9:29 ` [dpdk-stable] patch 'net/i40e: fix crash when TxQ/RxQ set to 0 in VF' " Kevin Traynor
2019-08-27 9:29 ` [dpdk-stable] patch 'net/mlx5: fix crash on null operation' " Kevin Traynor
2019-08-27 9:29 ` [dpdk-stable] patch 'net/mlx5: fix condition for link update fallback' " Kevin Traynor
2019-08-27 9:29 ` [dpdk-stable] patch 'net/mlx5: check memory allocation in flow creation' " Kevin Traynor
2019-08-27 9:29 ` [dpdk-stable] patch 'app/testpmd: fix parsing RSS queue rule' " Kevin Traynor
2019-08-27 9:29 ` [dpdk-stable] patch 'app/testpmd: fix queue offload configuration' " Kevin Traynor
2019-08-27 9:29 ` [dpdk-stable] patch 'compress/isal: fix use after free' " Kevin Traynor
2019-08-27 9:29 ` [dpdk-stable] patch 'doc: cleanup test removal in armv8 and openssl guides' " Kevin Traynor
2019-08-27 9:29 ` [dpdk-stable] patch 'crypto/mvsam: fix typo in comment' " Kevin Traynor
2019-08-27 9:29 ` [dpdk-stable] patch 'doc: fix triplicated typo in prog guides' " Kevin Traynor
2019-08-27 9:29 ` [dpdk-stable] patch 'doc: fix grammar " Kevin Traynor
2019-08-27 9:29 ` [dpdk-stable] patch 'drivers: fix typo in NXP comments' " Kevin Traynor
2019-08-27 9:29 ` [dpdk-stable] patch 'crypto/qat: set message field to zero in sym SGL case' " Kevin Traynor
2019-08-27 9:30 ` [dpdk-stable] patch 'app/crypto-perf: fix CSV format' " Kevin Traynor
2019-08-27 9:30 ` Kevin Traynor [this message]
2019-08-27 9:30 ` [dpdk-stable] patch 'doc: clarify data plane error handling in compressdev' " Kevin Traynor
2019-08-27 9:30 ` [dpdk-stable] patch 'crypto/virtio: check PCI config read' " Kevin Traynor
2019-08-27 9:30 ` [dpdk-stable] patch 'app/crypto-perf: fix display once detection' " Kevin Traynor
2019-08-27 9:30 ` [dpdk-stable] patch 'app/crypto-perf: check lcore job failure' " Kevin Traynor
2019-08-27 9:30 ` [dpdk-stable] patch 'net/ixgbe: fix IP type for crypto session' " Kevin Traynor
2019-08-27 9:30 ` [dpdk-stable] patch 'eal: fix typo in comments' " Kevin Traynor
2019-08-27 9:30 ` [dpdk-stable] patch 'examples/ipsec-secgw: fix error sign' " Kevin Traynor
2019-08-27 9:30 ` [dpdk-stable] patch 'eventdev: " Kevin Traynor
2019-08-27 9:30 ` [dpdk-stable] patch 'event/sw: " Kevin Traynor
2019-08-27 9:30 ` [dpdk-stable] patch 'event/opdl: " Kevin Traynor
2019-08-27 9:30 ` [dpdk-stable] patch 'hash: use ordered loads only if signature matches' " Kevin Traynor
2019-08-27 9:30 ` [dpdk-stable] patch 'doc: fix a grammar mistake in rawdev guide' " Kevin Traynor
2019-08-27 9:30 ` [dpdk-stable] patch 'doc: fix link about bifurcated model in Linux " Kevin Traynor
2019-08-27 9:30 ` [dpdk-stable] patch 'net/i40e: fix unexpected skip FDIR setup' " Kevin Traynor
2019-08-27 9:30 ` [dpdk-stable] patch 'net/fm10k: fix descriptor filling in vector Tx' " Kevin Traynor
2019-08-27 9:30 ` [dpdk-stable] patch 'doc: fix PDF build' " Kevin Traynor
2019-08-27 9:30 ` [dpdk-stable] patch 'flow_classify: fix out-of-bounds access' " Kevin Traynor
2019-08-27 13:52 ` Iremonger, Bernard
2019-08-27 9:30 ` [dpdk-stable] patch 'examples/power: fix FreeBSD meson lib dependency' " Kevin Traynor
2019-08-27 9:30 ` [dpdk-stable] patch 'eal/freebsd: fix config creation' " Kevin Traynor
2019-08-27 9:30 ` [dpdk-stable] patch 'kni: fix copy_from_user failure handling' " Kevin Traynor
2019-08-27 9:30 ` [dpdk-stable] patch 'kni: fix style' " Kevin Traynor
2019-08-27 9:30 ` [dpdk-stable] patch 'kni: fix kernel crash with multi-segments' " Kevin Traynor
2019-08-27 9:30 ` [dpdk-stable] patch 'examples/power: fix strcpy buffer overrun' " Kevin Traynor
2019-08-27 9:30 ` [dpdk-stable] patch 'test/distributor: fix flush with worker shutdown' " Kevin Traynor
2019-08-27 9:30 ` [dpdk-stable] patch 'distributor: fix check of workers number' " Kevin Traynor
2019-08-27 9:30 ` [dpdk-stable] patch 'examples: fix use of ethdev internal device array' " Kevin Traynor
2019-08-27 9:30 ` [dpdk-stable] patch 'examples/ipsec-secgw: fix use of ethdev internal struct' " Kevin Traynor
2019-08-27 9:30 ` [dpdk-stable] patch 'examples/ip_frag: fix use of ethdev internal device array' " Kevin Traynor
2019-08-27 9:30 ` [dpdk-stable] patch 'examples/ip_frag: fix unknown ethernet type' " Kevin Traynor
2019-08-27 9:30 ` [dpdk-stable] patch 'examples/tep_term: remove duplicate definitions' " Kevin Traynor
2019-08-27 9:30 ` [dpdk-stable] patch 'examples/performance-thread: init timer subsystem' " Kevin Traynor
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190827093032.20423-24-ktraynor@redhat.com \
--to=ktraynor@redhat.com \
--cc=arkadiuszx.kusztal@intel.com \
--cc=fiona.trahe@intel.com \
--cc=stable@dpdk.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).