* [PATCH v2] crypto/ipsec_mb: fix usage of untrusted value
[not found] <20220307124802.1371808-1-piotrx.bronowski@intel.com>
@ 2022-03-07 15:32 ` Piotr Bronowski
2022-03-07 16:26 ` Zhang, Roy Fan
2022-03-09 15:08 ` [PATCH v3] crypto/ipsec_mb: fix coverity issue Piotr Bronowski
0 siblings, 2 replies; 9+ messages in thread
From: Piotr Bronowski @ 2022-03-07 15:32 UTC (permalink / raw)
To: dev
Cc: roy.fan.zhang, thomas, gakhil, ferruh.yigit, declan.doherty,
Piotr Bronowski, stable
This patch removes coverity defect CID 375828:
Untrusted value as argument (TAINTED_SCALAR)
Coverity issue: CID 375828
Fixes: 918fd2f1466b ("crypto/ipsec_mb: move aesni_mb PMD")
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Cc: stable@dpdk.org
---
v2: use a different logic to check digest length
---
drivers/crypto/ipsec_mb/pmd_aesni_gcm.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_gcm.c b/drivers/crypto/ipsec_mb/pmd_aesni_gcm.c
index e5ad629fe5..7cd20fc1cf 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_gcm.c
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_gcm.c
@@ -96,7 +96,9 @@ aesni_gcm_session_configure(IMB_MGR *mb_mgr, void *session,
sess->iv.length = auth_xform->auth.iv.length;
key_length = auth_xform->auth.key.length;
key = auth_xform->auth.key.data;
- sess->req_digest_length = auth_xform->auth.digest_length;
+ sess->req_digest_length =
+ RTE_MIN(auth_xform->auth.digest_length,
+ DIGEST_LENGTH_MAX);
break;
case IPSEC_MB_OP_AEAD_AUTHENTICATED_ENCRYPT:
case IPSEC_MB_OP_AEAD_AUTHENTICATED_DECRYPT:
@@ -116,7 +118,9 @@ aesni_gcm_session_configure(IMB_MGR *mb_mgr, void *session,
key_length = aead_xform->aead.key.length;
key = aead_xform->aead.key.data;
sess->aad_length = aead_xform->aead.aad_length;
- sess->req_digest_length = aead_xform->aead.digest_length;
+ sess->req_digest_length =
+ RTE_MIN(aead_xform->aead.digest_length,
+ DIGEST_LENGTH_MAX);
break;
default:
IPSEC_MB_LOG(
@@ -146,7 +150,7 @@ aesni_gcm_session_configure(IMB_MGR *mb_mgr, void *session,
}
/* Digest check */
- if (sess->req_digest_length > 16) {
+ if (sess->req_digest_length > DIGEST_LENGTH_MAX) {
IPSEC_MB_LOG(ERR, "Invalid digest length");
ret = -EINVAL;
goto error_exit;
@@ -157,7 +161,7 @@ aesni_gcm_session_configure(IMB_MGR *mb_mgr, void *session,
* the requested number of bytes.
*/
if (sess->req_digest_length < 4)
- sess->gen_digest_length = 16;
+ sess->gen_digest_length = DIGEST_LENGTH_MAX;
else
sess->gen_digest_length = sess->req_digest_length;
--
2.30.2
--------------------------------------------------------------
Intel Research and Development Ireland Limited
Registered in Ireland
Registered Office: Collinstown Industrial Park, Leixlip, County Kildare
Registered Number: 308263
This e-mail and any attachments may contain confidential material for the sole
use of the intended recipient(s). Any review or distribution by others is
strictly prohibited. If you are not the intended recipient, please contact the
sender and delete all copies.
^ permalink raw reply [flat|nested] 9+ messages in thread
* RE: [PATCH v2] crypto/ipsec_mb: fix usage of untrusted value
2022-03-07 15:32 ` [PATCH v2] crypto/ipsec_mb: fix usage of untrusted value Piotr Bronowski
@ 2022-03-07 16:26 ` Zhang, Roy Fan
2022-03-09 13:19 ` Ji, Kai
2022-03-09 14:34 ` Zhang, Roy Fan
2022-03-09 15:08 ` [PATCH v3] crypto/ipsec_mb: fix coverity issue Piotr Bronowski
1 sibling, 2 replies; 9+ messages in thread
From: Zhang, Roy Fan @ 2022-03-07 16:26 UTC (permalink / raw)
To: Bronowski, PiotrX, dev
Cc: thomas, gakhil, Yigit, Ferruh, Doherty, Declan, stable
> -----Original Message-----
> From: Bronowski, PiotrX <piotrx.bronowski@intel.com>
> Sent: Monday, March 7, 2022 3:33 PM
> To: dev@dpdk.org
> Cc: Zhang, Roy Fan <roy.fan.zhang@intel.com>; thomas@monjalon.net;
> gakhil@marvell.com; Yigit, Ferruh <ferruh.yigit@intel.com>; Doherty, Declan
> <declan.doherty@intel.com>; Bronowski, PiotrX
> <piotrx.bronowski@intel.com>; stable@dpdk.org
> Subject: [PATCH v2] crypto/ipsec_mb: fix usage of untrusted value
>
> This patch removes coverity defect CID 375828:
> Untrusted value as argument (TAINTED_SCALAR)
>
> Coverity issue: CID 375828
> Fixes: 918fd2f1466b ("crypto/ipsec_mb: move aesni_mb PMD")
>
> Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
>
> Cc: stable@dpdk.org
>
> ---
> v2: use a different logic to check digest length
> ---
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
^ permalink raw reply [flat|nested] 9+ messages in thread
* RE: [PATCH v2] crypto/ipsec_mb: fix usage of untrusted value
2022-03-07 16:26 ` Zhang, Roy Fan
@ 2022-03-09 13:19 ` Ji, Kai
2022-03-09 14:34 ` Zhang, Roy Fan
1 sibling, 0 replies; 9+ messages in thread
From: Ji, Kai @ 2022-03-09 13:19 UTC (permalink / raw)
To: Zhang, Roy Fan, Bronowski, PiotrX, dev
Cc: thomas, gakhil, Yigit, Ferruh, Doherty, Declan, stable
> > -----Original Message-----
> > From: Bronowski, PiotrX <piotrx.bronowski@intel.com>
> > Sent: Monday, March 7, 2022 3:33 PM
> > To: dev@dpdk.org
> > Cc: Zhang, Roy Fan <roy.fan.zhang@intel.com>; thomas@monjalon.net;
> > gakhil@marvell.com; Yigit, Ferruh <ferruh.yigit@intel.com>; Doherty,
> > Declan <declan.doherty@intel.com>; Bronowski, PiotrX
> > <piotrx.bronowski@intel.com>; stable@dpdk.org
> > Subject: [PATCH v2] crypto/ipsec_mb: fix usage of untrusted value
> >
> > This patch removes coverity defect CID 375828:
> > Untrusted value as argument (TAINTED_SCALAR)
> >
> > Coverity issue: CID 375828
> > Fixes: 918fd2f1466b ("crypto/ipsec_mb: move aesni_mb PMD")
> >
> > Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
> >
> > Cc: stable@dpdk.org
> >
> > ---
> > v2: use a different logic to check digest length
> > ---
> Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Kai Ji <kai.ji@intel.com>
^ permalink raw reply [flat|nested] 9+ messages in thread
* RE: [PATCH v2] crypto/ipsec_mb: fix usage of untrusted value
2022-03-07 16:26 ` Zhang, Roy Fan
2022-03-09 13:19 ` Ji, Kai
@ 2022-03-09 14:34 ` Zhang, Roy Fan
2022-03-09 14:40 ` Power, Ciara
1 sibling, 1 reply; 9+ messages in thread
From: Zhang, Roy Fan @ 2022-03-09 14:34 UTC (permalink / raw)
To: Zhang, Roy Fan, Bronowski, PiotrX, dev
Cc: thomas, gakhil, Yigit, Ferruh, Doherty, Declan, stable, Power, Ciara
Hi Piotr,
> -----Original Message-----
> From: Zhang, Roy Fan <roy.fan.zhang@intel.com>
> Sent: Monday, March 7, 2022 4:27 PM
> To: Bronowski, PiotrX <piotrx.bronowski@intel.com>; dev@dpdk.org
> Cc: thomas@monjalon.net; gakhil@marvell.com; Yigit, Ferruh
> <ferruh.yigit@intel.com>; Doherty, Declan <declan.doherty@intel.com>;
> stable@dpdk.org
> Subject: RE: [PATCH v2] crypto/ipsec_mb: fix usage of untrusted value
>
> > -----Original Message-----
> > From: Bronowski, PiotrX <piotrx.bronowski@intel.com>
> > Sent: Monday, March 7, 2022 3:33 PM
> > To: dev@dpdk.org
> > Cc: Zhang, Roy Fan <roy.fan.zhang@intel.com>; thomas@monjalon.net;
> > gakhil@marvell.com; Yigit, Ferruh <ferruh.yigit@intel.com>; Doherty,
> Declan
> > <declan.doherty@intel.com>; Bronowski, PiotrX
> > <piotrx.bronowski@intel.com>; stable@dpdk.org
> > Subject: [PATCH v2] crypto/ipsec_mb: fix usage of untrusted value
> >
> > This patch removes coverity defect CID 375828:
> > Untrusted value as argument (TAINTED_SCALAR)
> >
> > Coverity issue: CID 375828
> > Fixes: 918fd2f1466b ("crypto/ipsec_mb: move aesni_mb PMD")
> >
> > Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
> >
> > Cc: stable@dpdk.org
> >
> > ---
> > v2: use a different logic to check digest length
> > ---
> Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Sorry I missed a point in your change and thanks for Ciara pointing this out.
You are changing the gen_digest_size to 64 which is wrong.
Please send v3.
Also instead of ack - Nack this patch.
^ permalink raw reply [flat|nested] 9+ messages in thread
* RE: [PATCH v2] crypto/ipsec_mb: fix usage of untrusted value
2022-03-09 14:34 ` Zhang, Roy Fan
@ 2022-03-09 14:40 ` Power, Ciara
0 siblings, 0 replies; 9+ messages in thread
From: Power, Ciara @ 2022-03-09 14:40 UTC (permalink / raw)
To: Zhang, Roy Fan, Bronowski, PiotrX, dev
Cc: thomas, gakhil, Yigit, Ferruh, Doherty, Declan, stable
Hi Piotr,
>-----Original Message-----
>From: Zhang, Roy Fan <roy.fan.zhang@intel.com>
>Sent: Wednesday 9 March 2022 14:35
>To: Zhang, Roy Fan <roy.fan.zhang@intel.com>; Bronowski, PiotrX
><piotrx.bronowski@intel.com>; dev@dpdk.org
>Cc: thomas@monjalon.net; gakhil@marvell.com; Yigit, Ferruh
><ferruh.yigit@intel.com>; Doherty, Declan <declan.doherty@intel.com>;
>stable@dpdk.org; Power, Ciara <ciara.power@intel.com>
>Subject: RE: [PATCH v2] crypto/ipsec_mb: fix usage of untrusted value
>
>Hi Piotr,
>
>> -----Original Message-----
>> From: Zhang, Roy Fan <roy.fan.zhang@intel.com>
>> Sent: Monday, March 7, 2022 4:27 PM
>> To: Bronowski, PiotrX <piotrx.bronowski@intel.com>; dev@dpdk.org
>> Cc: thomas@monjalon.net; gakhil@marvell.com; Yigit, Ferruh
>> <ferruh.yigit@intel.com>; Doherty, Declan <declan.doherty@intel.com>;
>> stable@dpdk.org
>> Subject: RE: [PATCH v2] crypto/ipsec_mb: fix usage of untrusted value
>>
>> > -----Original Message-----
>> > From: Bronowski, PiotrX <piotrx.bronowski@intel.com>
>> > Sent: Monday, March 7, 2022 3:33 PM
>> > To: dev@dpdk.org
>> > Cc: Zhang, Roy Fan <roy.fan.zhang@intel.com>; thomas@monjalon.net;
>> > gakhil@marvell.com; Yigit, Ferruh <ferruh.yigit@intel.com>; Doherty,
>> Declan
>> > <declan.doherty@intel.com>; Bronowski, PiotrX
>> > <piotrx.bronowski@intel.com>; stable@dpdk.org
>> > Subject: [PATCH v2] crypto/ipsec_mb: fix usage of untrusted value
>> >
>> > This patch removes coverity defect CID 375828:
>> > Untrusted value as argument (TAINTED_SCALAR)
>> >
>> > Coverity issue: CID 375828
>> > Fixes: 918fd2f1466b ("crypto/ipsec_mb: move aesni_mb PMD")
>> >
>> > Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
>> >
>> > Cc: stable@dpdk.org
>> >
>> > ---
>> > v2: use a different logic to check digest length
>> > ---
>> Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
>
>Sorry I missed a point in your change and thanks for Ciara pointing this out.
>You are changing the gen_digest_size to 64 which is wrong.
>Please send v3.
>Also instead of ack - Nack this patch.
[CP]
In the v3 I think Fixes line should also be updated to either:
Fixes: 746825e5c0ea ("crypto/ipsec_mb: move aesni_gcm PMD")
Or
Fixes: ceb863938708 ("crypto/aesni_gcm: support all truncated digest sizes")
Cc: pablo.de.lara.guarch@intel.com
(The second one seems to be where the code was introduced before being moved into the consolidated ipsec_mb PMD in 21.11)
Thanks,
Ciara
^ permalink raw reply [flat|nested] 9+ messages in thread
* [PATCH v3] crypto/ipsec_mb: fix coverity issue
2022-03-07 15:32 ` [PATCH v2] crypto/ipsec_mb: fix usage of untrusted value Piotr Bronowski
2022-03-07 16:26 ` Zhang, Roy Fan
@ 2022-03-09 15:08 ` Piotr Bronowski
2022-03-09 18:02 ` [PATCH v4] " Piotr Bronowski
1 sibling, 1 reply; 9+ messages in thread
From: Piotr Bronowski @ 2022-03-09 15:08 UTC (permalink / raw)
To: dev
Cc: roy.fan.zhang, thomas, gakhil, ferruh.yigit, declan.doherty,
Piotr Bronowski, stable
This patch removes coverity defect CID 375828:
Untrusted value as argument (TAINTED_SCALAR)
Coverity issue: CID 375828
Fixes: 918fd2f1466b ("crypto/ipsec_mb: move aesni_mb PMD")
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Cc: stable@dpdk.org
---
v3: use a different logic to check digest length
---
drivers/crypto/ipsec_mb/pmd_aesni_gcm.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_gcm.c b/drivers/crypto/ipsec_mb/pmd_aesni_gcm.c
index e5ad629fe5..2c033c6f28 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_gcm.c
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_gcm.c
@@ -96,7 +96,9 @@ aesni_gcm_session_configure(IMB_MGR *mb_mgr, void *session,
sess->iv.length = auth_xform->auth.iv.length;
key_length = auth_xform->auth.key.length;
key = auth_xform->auth.key.data;
- sess->req_digest_length = auth_xform->auth.digest_length;
+ sess->req_digest_length =
+ RTE_MIN(auth_xform->auth.digest_length,
+ DIGEST_LENGTH_MAX);
break;
case IPSEC_MB_OP_AEAD_AUTHENTICATED_ENCRYPT:
case IPSEC_MB_OP_AEAD_AUTHENTICATED_DECRYPT:
@@ -116,7 +118,9 @@ aesni_gcm_session_configure(IMB_MGR *mb_mgr, void *session,
key_length = aead_xform->aead.key.length;
key = aead_xform->aead.key.data;
sess->aad_length = aead_xform->aead.aad_length;
- sess->req_digest_length = aead_xform->aead.digest_length;
+ sess->req_digest_length =
+ RTE_MIN(aead_xform->aead.digest_length,
+ DIGEST_LENGTH_MAX);
break;
default:
IPSEC_MB_LOG(
--
2.30.2
--------------------------------------------------------------
Intel Research and Development Ireland Limited
Registered in Ireland
Registered Office: Collinstown Industrial Park, Leixlip, County Kildare
Registered Number: 308263
This e-mail and any attachments may contain confidential material for the sole
use of the intended recipient(s). Any review or distribution by others is
strictly prohibited. If you are not the intended recipient, please contact the
sender and delete all copies.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [PATCH v4] crypto/ipsec_mb: fix coverity issue
2022-03-09 15:08 ` [PATCH v3] crypto/ipsec_mb: fix coverity issue Piotr Bronowski
@ 2022-03-09 18:02 ` Piotr Bronowski
2022-03-10 9:17 ` Power, Ciara
0 siblings, 1 reply; 9+ messages in thread
From: Piotr Bronowski @ 2022-03-09 18:02 UTC (permalink / raw)
To: dev
Cc: roy.fan.zhang, thomas, gakhil, ferruh.yigit, declan.doherty,
Piotr Bronowski, stable
This patch removes coverity defect CID 375828:
Untrusted value as argument (TAINTED_SCALAR)
Coverity issue: CID 375828
Fixes: ceb863938708 ("crypto/aesni_gcm: support all truncated digest sizes")
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Cc: stable@dpdk.org
---
v4: commit message corrected
---
drivers/crypto/ipsec_mb/pmd_aesni_gcm.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_gcm.c b/drivers/crypto/ipsec_mb/pmd_aesni_gcm.c
index e5ad629fe5..2c033c6f28 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_gcm.c
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_gcm.c
@@ -96,7 +96,9 @@ aesni_gcm_session_configure(IMB_MGR *mb_mgr, void *session,
sess->iv.length = auth_xform->auth.iv.length;
key_length = auth_xform->auth.key.length;
key = auth_xform->auth.key.data;
- sess->req_digest_length = auth_xform->auth.digest_length;
+ sess->req_digest_length =
+ RTE_MIN(auth_xform->auth.digest_length,
+ DIGEST_LENGTH_MAX);
break;
case IPSEC_MB_OP_AEAD_AUTHENTICATED_ENCRYPT:
case IPSEC_MB_OP_AEAD_AUTHENTICATED_DECRYPT:
@@ -116,7 +118,9 @@ aesni_gcm_session_configure(IMB_MGR *mb_mgr, void *session,
key_length = aead_xform->aead.key.length;
key = aead_xform->aead.key.data;
sess->aad_length = aead_xform->aead.aad_length;
- sess->req_digest_length = aead_xform->aead.digest_length;
+ sess->req_digest_length =
+ RTE_MIN(aead_xform->aead.digest_length,
+ DIGEST_LENGTH_MAX);
break;
default:
IPSEC_MB_LOG(
--
2.30.2
--------------------------------------------------------------
Intel Research and Development Ireland Limited
Registered in Ireland
Registered Office: Collinstown Industrial Park, Leixlip, County Kildare
Registered Number: 308263
This e-mail and any attachments may contain confidential material for the sole
use of the intended recipient(s). Any review or distribution by others is
strictly prohibited. If you are not the intended recipient, please contact the
sender and delete all copies.
^ permalink raw reply [flat|nested] 9+ messages in thread
* RE: [PATCH v4] crypto/ipsec_mb: fix coverity issue
2022-03-09 18:02 ` [PATCH v4] " Piotr Bronowski
@ 2022-03-10 9:17 ` Power, Ciara
2022-03-14 10:32 ` Thomas Monjalon
0 siblings, 1 reply; 9+ messages in thread
From: Power, Ciara @ 2022-03-10 9:17 UTC (permalink / raw)
To: Bronowski, PiotrX, dev
Cc: Zhang, Roy Fan, thomas, gakhil, Yigit, Ferruh, Doherty, Declan,
Bronowski, PiotrX, stable
>-----Original Message-----
>From: Piotr Bronowski <piotrx.bronowski@intel.com>
>Sent: Wednesday 9 March 2022 18:02
>To: dev@dpdk.org
>Cc: Zhang, Roy Fan <roy.fan.zhang@intel.com>; thomas@monjalon.net;
>gakhil@marvell.com; Yigit, Ferruh <ferruh.yigit@intel.com>; Doherty, Declan
><declan.doherty@intel.com>; Bronowski, PiotrX
><piotrx.bronowski@intel.com>; stable@dpdk.org
>Subject: [PATCH v4] crypto/ipsec_mb: fix coverity issue
>
>This patch removes coverity defect CID 375828:
>Untrusted value as argument (TAINTED_SCALAR)
>
>Coverity issue: CID 375828
>
>Fixes: ceb863938708 ("crypto/aesni_gcm: support all truncated digest sizes")
>
>Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
>
>Cc: stable@dpdk.org
>
>---
>v4: commit message corrected
>---
> drivers/crypto/ipsec_mb/pmd_aesni_gcm.c | 8 ++++++--
> 1 file changed, 6 insertions(+), 2 deletions(-)
>
<snip>
Acked-by: Ciara Power <ciara.power@intel.com>
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH v4] crypto/ipsec_mb: fix coverity issue
2022-03-10 9:17 ` Power, Ciara
@ 2022-03-14 10:32 ` Thomas Monjalon
0 siblings, 0 replies; 9+ messages in thread
From: Thomas Monjalon @ 2022-03-14 10:32 UTC (permalink / raw)
To: Bronowski, PiotrX
Cc: dev, stable, Zhang, Roy Fan, gakhil, Yigit, Ferruh, Doherty,
Declan, Power, Ciara
> >This patch removes coverity defect CID 375828:
> >Untrusted value as argument (TAINTED_SCALAR)
It lacks an explanation of the cause.
> >Coverity issue: CID 375828
You should not write CID above.
> >
> >Fixes: ceb863938708 ("crypto/aesni_gcm: support all truncated digest sizes")
> >
> >Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
> >
> >Cc: stable@dpdk.org
This Cc should be just below the "Fixes".
> Acked-by: Ciara Power <ciara.power@intel.com>
Fixed formatting, writing a better title, and applied.
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2022-03-14 10:32 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <20220307124802.1371808-1-piotrx.bronowski@intel.com>
2022-03-07 15:32 ` [PATCH v2] crypto/ipsec_mb: fix usage of untrusted value Piotr Bronowski
2022-03-07 16:26 ` Zhang, Roy Fan
2022-03-09 13:19 ` Ji, Kai
2022-03-09 14:34 ` Zhang, Roy Fan
2022-03-09 14:40 ` Power, Ciara
2022-03-09 15:08 ` [PATCH v3] crypto/ipsec_mb: fix coverity issue Piotr Bronowski
2022-03-09 18:02 ` [PATCH v4] " Piotr Bronowski
2022-03-10 9:17 ` Power, Ciara
2022-03-14 10:32 ` Thomas Monjalon
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).