From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <stable-bounces@dpdk.org>
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 62988A0C41
	for <public@inbox.dpdk.org>; Tue, 30 Nov 2021 17:36:52 +0100 (CET)
Received: from [217.70.189.124] (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id 5CA5641170;
	Tue, 30 Nov 2021 17:36:52 +0100 (CET)
Received: from smtp-relay-internal-0.canonical.com
 (smtp-relay-internal-0.canonical.com [185.125.188.122])
 by mails.dpdk.org (Postfix) with ESMTP id 9837D41177
 for <stable@dpdk.org>; Tue, 30 Nov 2021 17:36:50 +0100 (CET)
Received: from mail-ed1-f71.google.com (mail-ed1-f71.google.com
 [209.85.208.71])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
 (No client certificate requested)
 by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id 72D5D3F1B2
 for <stable@dpdk.org>; Tue, 30 Nov 2021 16:36:50 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com;
 s=20210705; t=1638290210;
 bh=gbKQW3mbhW6I0pBW1unAGEo+Qc4+esh+FwtUnTWSyLA=;
 h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:
 MIME-Version;
 b=LpEb98Qx2+KZtNzAArUL86CuevQ0ojQ0HgAMPZ5NRYMq2nlnCy/ZV9YwNdszmxoop
 tv2998JczaO/F8P2QMTi9OnHJUQ62e+fr467nW6jFhxYXs17GWSvL3alrFOVB/fJfN
 0rXBGQa45GUhWiXPgStNpw8F3MIsy22nTewFwDV3xGowhKzdOLztmVED0smJenhFSX
 p+K2r7H6Q4af/1kc6mQRM/TIkWzHmAsRXaynVO8Kj32QZ2GuElyvu28JcDJLOlw7n3
 vMRrLxNrBZKpAnaIMURVJMBHWc6pI9NzIMqmTWdrYUpGZFJ0L5drP2t++tdo2cVba3
 sxWPHCpaIFp0Q==
Received: by mail-ed1-f71.google.com with SMTP id
 v10-20020aa7d9ca000000b003e7bed57968so17400269eds.23
 for <stable@dpdk.org>; Tue, 30 Nov 2021 08:36:50 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references:mime-version:content-transfer-encoding;
 bh=gbKQW3mbhW6I0pBW1unAGEo+Qc4+esh+FwtUnTWSyLA=;
 b=X7qWMhjb5fPlPIN3ik3ic/WUWcy+pCeFOT6zXRM+iryKOpRy1glU1B4VwHEW77xMmw
 20D2GljLJqpuURCF91iAHDtYm8wXIP02rKrontdpDvyzdGsAYVZ87XSmWeOFxrGhZhcN
 jLVcHcayJPi0atQbiHw2dz4JjikoLK3hjSdAO3y7lInDzIIyhrDs8OYIJSBv2PZgc5O1
 VCH+GiTaykk6q85XEYObAvacLV0EVBzCn/sDmpidfk6IijPgiHKrrHDMMvtvXzSFg0TR
 lG/AdCmrqOC9WwPfOAobOE1B33pAC+B4rgdzApZHyFphtmCX4CvKCKFfYvN1gl5AOyx0
 9gbA==
X-Gm-Message-State: AOAM532mNL3WirLsqTA6W9rmfbKCS/9fSEk2GulJ75b2ctfBXB4QJaCy
 xhqLbY6NJ0ozaSpeZNQbJC14jzMrYYYo9Swj0PnwaI/0rUfpOnLd6gnNe8MohVUK8VpxMGCXRoa
 jawEw2bvIdU200pw9UgeW5slz
X-Received: by 2002:aa7:cc09:: with SMTP id q9mr108417edt.102.1638290209566;
 Tue, 30 Nov 2021 08:36:49 -0800 (PST)
X-Google-Smtp-Source: ABdhPJyJrAQAlctTx91U84qLMfUhOx5MHMogMEZ8pJ6RA2LmG19sPUDIiA9nzrsO9BJBybr7OtEg0A==
X-Received: by 2002:aa7:cc09:: with SMTP id q9mr108389edt.102.1638290209412;
 Tue, 30 Nov 2021 08:36:49 -0800 (PST)
Received: from localhost.localdomain ([2001:67c:1560:8007::aac:c4ad])
 by smtp.gmail.com with ESMTPSA id sg39sm9057251ejc.66.2021.11.30.08.36.48
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 30 Nov 2021 08:36:48 -0800 (PST)
From: christian.ehrhardt@canonical.com
To: Ciara Power <ciara.power@intel.com>
Cc: Fan Zhang <roy.fan.zhang@intel.com>,
	dpdk stable <stable@dpdk.org>
Subject: patch 'crypto/openssl: fix CCM processing 0 length source' has been
 queued to stable release 19.11.11
Date: Tue, 30 Nov 2021 17:33:36 +0100
Message-Id: <20211130163605.2460997-12-christian.ehrhardt@canonical.com>
X-Mailer: git-send-email 2.34.0
In-Reply-To: <20211130163605.2460997-1-christian.ehrhardt@canonical.com>
References: <20211130163605.2460997-1-christian.ehrhardt@canonical.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-BeenThere: stable@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: patches for DPDK stable branches <stable.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/stable>,
 <mailto:stable-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/stable/>
List-Post: <mailto:stable@dpdk.org>
List-Help: <mailto:stable-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/stable>,
 <mailto:stable-request@dpdk.org?subject=subscribe>
Errors-To: stable-bounces@dpdk.org

Hi,

FYI, your patch has been queued to stable release 19.11.11

Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before December 10th 2021. So please
shout if anyone has objections.

Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.

Queued patches are on a temporary branch at:
https://github.com/cpaelzer/dpdk-stable-queue

This queued commit can be viewed at:
https://github.com/cpaelzer/dpdk-stable-queue/commit/b7bcb4e6a9e3004cdf882989c0d52b4244088205

Thanks.

Christian Ehrhardt <christian.ehrhardt@canonical.com>

---
>From b7bcb4e6a9e3004cdf882989c0d52b4244088205 Mon Sep 17 00:00:00 2001
From: Ciara Power <ciara.power@intel.com>
Date: Mon, 23 Aug 2021 12:47:14 +0000
Subject: [PATCH] crypto/openssl: fix CCM processing 0 length source

[ upstream commit 589f5e033d0d8489e0d4bf2f54332febf483f764 ]

When given a source length 0 for CCM, the encryption and decryption
functions did not call the EVP_ENCRYPTUPDATE/EVP_DECRYPTUPDATE functions
with a src and dst, causing some FIPS validation failures for testcases
with PLen=0:

process_openssl_auth_encryption_ccm() line 1131:
Process openssl auth encryption ccm failed

Fixes: 1a4998dc4d94 ("crypto/openssl: support AES-CCM")

Signed-off-by: Ciara Power <ciara.power@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
---
 drivers/crypto/openssl/rte_openssl_pmd.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index c294f60b7d..3e0afd71a1 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -1115,7 +1115,7 @@ process_openssl_auth_encryption_ccm(struct rte_mbuf *mbuf_src, int offset,
 		if (EVP_EncryptUpdate(ctx, NULL, &len, aad + 18, aadlen) <= 0)
 			goto process_auth_encryption_ccm_err;
 
-	if (srclen > 0)
+	if (srclen >= 0)
 		if (process_openssl_encryption_update(mbuf_src, offset, &dst,
 				srclen, ctx, 0))
 			goto process_auth_encryption_ccm_err;
@@ -1198,7 +1198,7 @@ process_openssl_auth_decryption_ccm(struct rte_mbuf *mbuf_src, int offset,
 		if (EVP_DecryptUpdate(ctx, NULL, &len, aad + 18, aadlen) <= 0)
 			goto process_auth_decryption_ccm_err;
 
-	if (srclen > 0)
+	if (srclen >= 0)
 		if (process_openssl_decryption_update(mbuf_src, offset, &dst,
 				srclen, ctx, 0))
 			return -EFAULT;
-- 
2.34.0

---
  Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- -	2021-11-30 16:50:06.834443970 +0100
+++ 0012-crypto-openssl-fix-CCM-processing-0-length-source.patch	2021-11-30 16:50:05.518871534 +0100
@@ -1 +1 @@
-From 589f5e033d0d8489e0d4bf2f54332febf483f764 Mon Sep 17 00:00:00 2001
+From b7bcb4e6a9e3004cdf882989c0d52b4244088205 Mon Sep 17 00:00:00 2001
@@ -5,0 +6,2 @@
+[ upstream commit 589f5e033d0d8489e0d4bf2f54332febf483f764 ]
+
@@ -15 +16,0 @@
-Cc: stable@dpdk.org
@@ -24 +25 @@
-index 47004337d5..37b969b916 100644
+index c294f60b7d..3e0afd71a1 100644
@@ -27 +28 @@
-@@ -1114,7 +1114,7 @@ process_openssl_auth_encryption_ccm(struct rte_mbuf *mbuf_src, int offset,
+@@ -1115,7 +1115,7 @@ process_openssl_auth_encryption_ccm(struct rte_mbuf *mbuf_src, int offset,
@@ -36 +37 @@
-@@ -1197,7 +1197,7 @@ process_openssl_auth_decryption_ccm(struct rte_mbuf *mbuf_src, int offset,
+@@ -1198,7 +1198,7 @@ process_openssl_auth_decryption_ccm(struct rte_mbuf *mbuf_src, int offset,