From: Kevin Traynor <ktraynor@redhat.com>
To: Piotr Bronowski <piotrx.bronowski@intel.com>
Cc: Ciara Power <ciara.power@intel.com>, dpdk stable <stable@dpdk.org>
Subject: patch 'crypto/ipsec_mb: fix GCM requested digest length' has been queued to stable release 21.11.1
Date: Wed, 16 Mar 2022 15:15:11 +0000 [thread overview]
Message-ID: <20220316151524.1242199-10-ktraynor@redhat.com> (raw)
In-Reply-To: <20220316151524.1242199-1-ktraynor@redhat.com>
Hi,
FYI, your patch has been queued to stable release 21.11.1
Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 03/21/22. So please
shout if anyone has objections.
Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.
Queued patches are on a temporary branch at:
https://github.com/kevintraynor/dpdk-stable
This queued commit can be viewed at:
https://github.com/kevintraynor/dpdk-stable/commit/75c570058bc84363756d2a7a36e9650b73520381
Thanks.
Kevin
---
From 75c570058bc84363756d2a7a36e9650b73520381 Mon Sep 17 00:00:00 2001
From: Piotr Bronowski <piotrx.bronowski@intel.com>
Date: Wed, 9 Mar 2022 18:02:00 +0000
Subject: [PATCH] crypto/ipsec_mb: fix GCM requested digest length
[ upstream commit 2c6b3438d6caa096fca1b2f078f3ca18ce737ded ]
This patch removes coverity defect CID 375828:
Untrusted value as argument (TAINTED_SCALAR)
Coverity issue: 375828
Fixes: ceb863938708 ("crypto/aesni_gcm: support all truncated digest sizes")
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Acked-by: Ciara Power <ciara.power@intel.com>
---
drivers/crypto/ipsec_mb/pmd_aesni_gcm.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_gcm.c b/drivers/crypto/ipsec_mb/pmd_aesni_gcm.c
index e5ad629fe5..2c033c6f28 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_gcm.c
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_gcm.c
@@ -97,5 +97,7 @@ aesni_gcm_session_configure(IMB_MGR *mb_mgr, void *session,
key_length = auth_xform->auth.key.length;
key = auth_xform->auth.key.data;
- sess->req_digest_length = auth_xform->auth.digest_length;
+ sess->req_digest_length =
+ RTE_MIN(auth_xform->auth.digest_length,
+ DIGEST_LENGTH_MAX);
break;
case IPSEC_MB_OP_AEAD_AUTHENTICATED_ENCRYPT:
@@ -117,5 +119,7 @@ aesni_gcm_session_configure(IMB_MGR *mb_mgr, void *session,
key = aead_xform->aead.key.data;
sess->aad_length = aead_xform->aead.aad_length;
- sess->req_digest_length = aead_xform->aead.digest_length;
+ sess->req_digest_length =
+ RTE_MIN(aead_xform->aead.digest_length,
+ DIGEST_LENGTH_MAX);
break;
default:
--
2.34.1
---
Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- - 2022-03-16 15:14:12.391934910 +0000
+++ 0010-crypto-ipsec_mb-fix-GCM-requested-digest-length.patch 2022-03-16 15:14:12.108847604 +0000
@@ -1 +1 @@
-From 2c6b3438d6caa096fca1b2f078f3ca18ce737ded Mon Sep 17 00:00:00 2001
+From 75c570058bc84363756d2a7a36e9650b73520381 Mon Sep 17 00:00:00 2001
@@ -5,0 +6,2 @@
+[ upstream commit 2c6b3438d6caa096fca1b2f078f3ca18ce737ded ]
+
@@ -11 +12,0 @@
-Cc: stable@dpdk.org
next prev parent reply other threads:[~2022-03-16 15:15 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-16 15:15 patch 'net/mlx5: fix VLAN push action validation' " Kevin Traynor
2022-03-16 15:15 ` patch 'net/mlx5: fix sample flow action on trusted device' " Kevin Traynor
2022-03-16 15:15 ` patch 'net/mlx5: forbid multiple ASO actions in a single rule' " Kevin Traynor
2022-03-16 15:15 ` patch 'net/mlx5: fix implicit tag insertion with sample action' " Kevin Traynor
2022-03-16 15:15 ` patch 'doc: fix modify field action description for mlx5' " Kevin Traynor
2022-03-16 15:15 ` patch 'net/qede: fix Tx completion' " Kevin Traynor
2022-03-16 15:15 ` patch 'net/qede: fix Rx bulk' " Kevin Traynor
2022-03-16 15:15 ` patch 'net/qede: fix maximum Rx packet length' " Kevin Traynor
2022-03-16 15:15 ` patch 'net/af_xdp: fix custom program loading with multiple queues' " Kevin Traynor
2022-03-16 15:15 ` Kevin Traynor [this message]
2022-03-16 15:15 ` patch 'bpf: fix build with some libpcap version on FreeBSD' " Kevin Traynor
2022-03-16 15:15 ` patch 'app/regex: fix number of matches' " Kevin Traynor
2022-03-16 15:15 ` patch 'app/testpmd: fix show RSS RETA on Windows' " Kevin Traynor
2022-03-16 15:15 ` patch 'app/testpmd: fix GTP header parsing in checksum engine' " Kevin Traynor
2022-03-16 15:15 ` patch 'app/testpmd: fix flow rule with flex input link' " Kevin Traynor
2022-03-16 15:15 ` patch 'examples/l3fwd: fix buffer overflow in Tx' " Kevin Traynor
2022-03-16 15:15 ` patch 'eal/freebsd: add missing C++ include guards' " Kevin Traynor
2022-03-16 15:15 ` patch 'compressdev: fix missing space in log macro' " Kevin Traynor
2022-03-16 15:15 ` patch 'cryptodev: fix clang C++ include' " Kevin Traynor
2022-03-16 15:15 ` patch 'eventdev: " Kevin Traynor
2022-03-16 15:15 ` patch 'build: suppress rte_crypto_asym_op abi check' " Kevin Traynor
2022-03-16 15:15 ` patch 'net/mlx5: fix port matching in sample flow rule' " Kevin Traynor
2022-03-16 15:15 ` patch 'net/mlx5: fix CPU socket ID for Rx queue creation' " Kevin Traynor
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220316151524.1242199-10-ktraynor@redhat.com \
--to=ktraynor@redhat.com \
--cc=ciara.power@intel.com \
--cc=piotrx.bronowski@intel.com \
--cc=stable@dpdk.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).