From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id E0E7DA0613 for ; Tue, 27 Aug 2019 11:31:19 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id D7B6754AE; Tue, 27 Aug 2019 11:31:19 +0200 (CEST) Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by dpdk.org (Postfix) with ESMTP id A81541C0C6 for ; Tue, 27 Aug 2019 11:31:17 +0200 (CEST) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 27A1F3082132; Tue, 27 Aug 2019 09:31:17 +0000 (UTC) Received: from rh.redhat.com (ovpn-117-48.ams2.redhat.com [10.36.117.48]) by smtp.corp.redhat.com (Postfix) with ESMTP id 1C35A5C1B2; Tue, 27 Aug 2019 09:31:15 +0000 (UTC) From: Kevin Traynor To: Arek Kusztal Cc: Fiona Trahe , dpdk stable Date: Tue, 27 Aug 2019 10:30:01 +0100 Message-Id: <20190827093032.20423-24-ktraynor@redhat.com> In-Reply-To: <20190827093032.20423-1-ktraynor@redhat.com> References: <20190827093032.20423-1-ktraynor@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.42]); Tue, 27 Aug 2019 09:31:17 +0000 (UTC) Subject: [dpdk-stable] patch 'crypto/openssl: fix usage of non constant time memcmp' has been queued to LTS release 18.11.3 X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org Sender: "stable" Hi, FYI, your patch has been queued to LTS release 18.11.3 Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet. It will be pushed if I get no objections before 09/03/19. So please shout if anyone has objections. Also note that after the patch there's a diff of the upstream commit vs the patch applied to the branch. This will indicate if there was any rebasing needed to apply to the stable branch. If there were code changes for rebasing (ie: not only metadata diffs), please double check that the rebase was correctly done. Queued patches are on a temporary branch at: https://github.com/kevintraynor/dpdk-stable-queue This queued commit can be viewed at: https://github.com/kevintraynor/dpdk-stable-queue/commit/76659ab156f8e758946c80184b6db2b3460953e0 Thanks. Kevin Traynor --- >From 76659ab156f8e758946c80184b6db2b3460953e0 Mon Sep 17 00:00:00 2001 From: Arek Kusztal Date: Fri, 31 May 2019 08:59:28 +0200 Subject: [PATCH] crypto/openssl: fix usage of non constant time memcmp [ upstream commit a3f9fededfca6758abb751d67b11cda660a3399a ] ANSI C memcmp is not constant time function per spec so it should be avoided in cryptography usage. Fixes: d61f70b4c918 ("crypto/libcrypto: add driver for OpenSSL library") Signed-off-by: Arek Kusztal Acked-by: Fiona Trahe --- drivers/crypto/openssl/rte_openssl_pmd.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c index 5b27bb919..d072d8084 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd.c +++ b/drivers/crypto/openssl/rte_openssl_pmd.c @@ -1529,5 +1529,5 @@ process_openssl_auth_op(struct openssl_qp *qp, struct rte_crypto_op *op, if (sess->auth.operation == RTE_CRYPTO_AUTH_OP_VERIFY) { - if (memcmp(dst, op->sym->auth.digest.data, + if (CRYPTO_memcmp(dst, op->sym->auth.digest.data, sess->auth.digest_length) != 0) { op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED; @@ -1921,5 +1921,5 @@ process_openssl_rsa_op(struct rte_crypto_op *cop, "length of message %zd\n", ret, op->rsa.message.length); - if ((ret <= 0) || (memcmp(tmp, op->rsa.message.data, + if ((ret <= 0) || (CRYPTO_memcmp(tmp, op->rsa.message.data, op->rsa.message.length))) { OPENSSL_LOG(ERR, "RSA sign Verification failed"); -- 2.20.1 --- Diff of the applied patch vs upstream commit (please double-check if non-empty: --- --- - 2019-08-27 09:40:12.226239776 +0100 +++ 0024-crypto-openssl-fix-usage-of-non-constant-time-memcmp.patch 2019-08-27 09:40:10.907144704 +0100 @@ -1 +1 @@ -From a3f9fededfca6758abb751d67b11cda660a3399a Mon Sep 17 00:00:00 2001 +From 76659ab156f8e758946c80184b6db2b3460953e0 Mon Sep 17 00:00:00 2001 @@ -5,0 +6,2 @@ +[ upstream commit a3f9fededfca6758abb751d67b11cda660a3399a ] + @@ -10 +11,0 @@ -Cc: stable@dpdk.org @@ -19 +20 @@ -index 6504959e6..73ce3833c 100644 +index 5b27bb919..d072d8084 100644 @@ -22 +23 @@ -@@ -1530,5 +1530,5 @@ process_openssl_auth_op(struct openssl_qp *qp, struct rte_crypto_op *op, +@@ -1529,5 +1529,5 @@ process_openssl_auth_op(struct openssl_qp *qp, struct rte_crypto_op *op, @@ -29 +30 @@ -@@ -1915,5 +1915,5 @@ process_openssl_rsa_op(struct rte_crypto_op *cop, +@@ -1921,5 +1921,5 @@ process_openssl_rsa_op(struct rte_crypto_op *cop,