* [PATCH v2] crypto/ipsec_mb: fix usage of untrusted value [not found] <20220307124802.1371808-1-piotrx.bronowski@intel.com> @ 2022-03-07 15:32 ` Piotr Bronowski 2022-03-07 16:26 ` Zhang, Roy Fan 2022-03-09 15:08 ` [PATCH v3] crypto/ipsec_mb: fix coverity issue Piotr Bronowski 0 siblings, 2 replies; 9+ messages in thread From: Piotr Bronowski @ 2022-03-07 15:32 UTC (permalink / raw) To: dev Cc: roy.fan.zhang, thomas, gakhil, ferruh.yigit, declan.doherty, Piotr Bronowski, stable This patch removes coverity defect CID 375828: Untrusted value as argument (TAINTED_SCALAR) Coverity issue: CID 375828 Fixes: 918fd2f1466b ("crypto/ipsec_mb: move aesni_mb PMD") Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com> Cc: stable@dpdk.org --- v2: use a different logic to check digest length --- drivers/crypto/ipsec_mb/pmd_aesni_gcm.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_gcm.c b/drivers/crypto/ipsec_mb/pmd_aesni_gcm.c index e5ad629fe5..7cd20fc1cf 100644 --- a/drivers/crypto/ipsec_mb/pmd_aesni_gcm.c +++ b/drivers/crypto/ipsec_mb/pmd_aesni_gcm.c @@ -96,7 +96,9 @@ aesni_gcm_session_configure(IMB_MGR *mb_mgr, void *session, sess->iv.length = auth_xform->auth.iv.length; key_length = auth_xform->auth.key.length; key = auth_xform->auth.key.data; - sess->req_digest_length = auth_xform->auth.digest_length; + sess->req_digest_length = + RTE_MIN(auth_xform->auth.digest_length, + DIGEST_LENGTH_MAX); break; case IPSEC_MB_OP_AEAD_AUTHENTICATED_ENCRYPT: case IPSEC_MB_OP_AEAD_AUTHENTICATED_DECRYPT: @@ -116,7 +118,9 @@ aesni_gcm_session_configure(IMB_MGR *mb_mgr, void *session, key_length = aead_xform->aead.key.length; key = aead_xform->aead.key.data; sess->aad_length = aead_xform->aead.aad_length; - sess->req_digest_length = aead_xform->aead.digest_length; + sess->req_digest_length = + RTE_MIN(aead_xform->aead.digest_length, + DIGEST_LENGTH_MAX); break; default: IPSEC_MB_LOG( @@ -146,7 +150,7 @@ aesni_gcm_session_configure(IMB_MGR *mb_mgr, void *session, } /* Digest check */ - if (sess->req_digest_length > 16) { + if (sess->req_digest_length > DIGEST_LENGTH_MAX) { IPSEC_MB_LOG(ERR, "Invalid digest length"); ret = -EINVAL; goto error_exit; @@ -157,7 +161,7 @@ aesni_gcm_session_configure(IMB_MGR *mb_mgr, void *session, * the requested number of bytes. */ if (sess->req_digest_length < 4) - sess->gen_digest_length = 16; + sess->gen_digest_length = DIGEST_LENGTH_MAX; else sess->gen_digest_length = sess->req_digest_length; -- 2.30.2 -------------------------------------------------------------- Intel Research and Development Ireland Limited Registered in Ireland Registered Office: Collinstown Industrial Park, Leixlip, County Kildare Registered Number: 308263 This e-mail and any attachments may contain confidential material for the sole use of the intended recipient(s). Any review or distribution by others is strictly prohibited. If you are not the intended recipient, please contact the sender and delete all copies. ^ permalink raw reply [flat|nested] 9+ messages in thread
* RE: [PATCH v2] crypto/ipsec_mb: fix usage of untrusted value 2022-03-07 15:32 ` [PATCH v2] crypto/ipsec_mb: fix usage of untrusted value Piotr Bronowski @ 2022-03-07 16:26 ` Zhang, Roy Fan 2022-03-09 13:19 ` Ji, Kai 2022-03-09 14:34 ` Zhang, Roy Fan 2022-03-09 15:08 ` [PATCH v3] crypto/ipsec_mb: fix coverity issue Piotr Bronowski 1 sibling, 2 replies; 9+ messages in thread From: Zhang, Roy Fan @ 2022-03-07 16:26 UTC (permalink / raw) To: Bronowski, PiotrX, dev Cc: thomas, gakhil, Yigit, Ferruh, Doherty, Declan, stable > -----Original Message----- > From: Bronowski, PiotrX <piotrx.bronowski@intel.com> > Sent: Monday, March 7, 2022 3:33 PM > To: dev@dpdk.org > Cc: Zhang, Roy Fan <roy.fan.zhang@intel.com>; thomas@monjalon.net; > gakhil@marvell.com; Yigit, Ferruh <ferruh.yigit@intel.com>; Doherty, Declan > <declan.doherty@intel.com>; Bronowski, PiotrX > <piotrx.bronowski@intel.com>; stable@dpdk.org > Subject: [PATCH v2] crypto/ipsec_mb: fix usage of untrusted value > > This patch removes coverity defect CID 375828: > Untrusted value as argument (TAINTED_SCALAR) > > Coverity issue: CID 375828 > Fixes: 918fd2f1466b ("crypto/ipsec_mb: move aesni_mb PMD") > > Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com> > > Cc: stable@dpdk.org > > --- > v2: use a different logic to check digest length > --- Acked-by: Fan Zhang <roy.fan.zhang@intel.com> ^ permalink raw reply [flat|nested] 9+ messages in thread
* RE: [PATCH v2] crypto/ipsec_mb: fix usage of untrusted value 2022-03-07 16:26 ` Zhang, Roy Fan @ 2022-03-09 13:19 ` Ji, Kai 2022-03-09 14:34 ` Zhang, Roy Fan 1 sibling, 0 replies; 9+ messages in thread From: Ji, Kai @ 2022-03-09 13:19 UTC (permalink / raw) To: Zhang, Roy Fan, Bronowski, PiotrX, dev Cc: thomas, gakhil, Yigit, Ferruh, Doherty, Declan, stable > > -----Original Message----- > > From: Bronowski, PiotrX <piotrx.bronowski@intel.com> > > Sent: Monday, March 7, 2022 3:33 PM > > To: dev@dpdk.org > > Cc: Zhang, Roy Fan <roy.fan.zhang@intel.com>; thomas@monjalon.net; > > gakhil@marvell.com; Yigit, Ferruh <ferruh.yigit@intel.com>; Doherty, > > Declan <declan.doherty@intel.com>; Bronowski, PiotrX > > <piotrx.bronowski@intel.com>; stable@dpdk.org > > Subject: [PATCH v2] crypto/ipsec_mb: fix usage of untrusted value > > > > This patch removes coverity defect CID 375828: > > Untrusted value as argument (TAINTED_SCALAR) > > > > Coverity issue: CID 375828 > > Fixes: 918fd2f1466b ("crypto/ipsec_mb: move aesni_mb PMD") > > > > Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com> > > > > Cc: stable@dpdk.org > > > > --- > > v2: use a different logic to check digest length > > --- > Acked-by: Fan Zhang <roy.fan.zhang@intel.com> Acked-by: Kai Ji <kai.ji@intel.com> ^ permalink raw reply [flat|nested] 9+ messages in thread
* RE: [PATCH v2] crypto/ipsec_mb: fix usage of untrusted value 2022-03-07 16:26 ` Zhang, Roy Fan 2022-03-09 13:19 ` Ji, Kai @ 2022-03-09 14:34 ` Zhang, Roy Fan 2022-03-09 14:40 ` Power, Ciara 1 sibling, 1 reply; 9+ messages in thread From: Zhang, Roy Fan @ 2022-03-09 14:34 UTC (permalink / raw) To: Zhang, Roy Fan, Bronowski, PiotrX, dev Cc: thomas, gakhil, Yigit, Ferruh, Doherty, Declan, stable, Power, Ciara Hi Piotr, > -----Original Message----- > From: Zhang, Roy Fan <roy.fan.zhang@intel.com> > Sent: Monday, March 7, 2022 4:27 PM > To: Bronowski, PiotrX <piotrx.bronowski@intel.com>; dev@dpdk.org > Cc: thomas@monjalon.net; gakhil@marvell.com; Yigit, Ferruh > <ferruh.yigit@intel.com>; Doherty, Declan <declan.doherty@intel.com>; > stable@dpdk.org > Subject: RE: [PATCH v2] crypto/ipsec_mb: fix usage of untrusted value > > > -----Original Message----- > > From: Bronowski, PiotrX <piotrx.bronowski@intel.com> > > Sent: Monday, March 7, 2022 3:33 PM > > To: dev@dpdk.org > > Cc: Zhang, Roy Fan <roy.fan.zhang@intel.com>; thomas@monjalon.net; > > gakhil@marvell.com; Yigit, Ferruh <ferruh.yigit@intel.com>; Doherty, > Declan > > <declan.doherty@intel.com>; Bronowski, PiotrX > > <piotrx.bronowski@intel.com>; stable@dpdk.org > > Subject: [PATCH v2] crypto/ipsec_mb: fix usage of untrusted value > > > > This patch removes coverity defect CID 375828: > > Untrusted value as argument (TAINTED_SCALAR) > > > > Coverity issue: CID 375828 > > Fixes: 918fd2f1466b ("crypto/ipsec_mb: move aesni_mb PMD") > > > > Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com> > > > > Cc: stable@dpdk.org > > > > --- > > v2: use a different logic to check digest length > > --- > Acked-by: Fan Zhang <roy.fan.zhang@intel.com> Sorry I missed a point in your change and thanks for Ciara pointing this out. You are changing the gen_digest_size to 64 which is wrong. Please send v3. Also instead of ack - Nack this patch. ^ permalink raw reply [flat|nested] 9+ messages in thread
* RE: [PATCH v2] crypto/ipsec_mb: fix usage of untrusted value 2022-03-09 14:34 ` Zhang, Roy Fan @ 2022-03-09 14:40 ` Power, Ciara 0 siblings, 0 replies; 9+ messages in thread From: Power, Ciara @ 2022-03-09 14:40 UTC (permalink / raw) To: Zhang, Roy Fan, Bronowski, PiotrX, dev Cc: thomas, gakhil, Yigit, Ferruh, Doherty, Declan, stable Hi Piotr, >-----Original Message----- >From: Zhang, Roy Fan <roy.fan.zhang@intel.com> >Sent: Wednesday 9 March 2022 14:35 >To: Zhang, Roy Fan <roy.fan.zhang@intel.com>; Bronowski, PiotrX ><piotrx.bronowski@intel.com>; dev@dpdk.org >Cc: thomas@monjalon.net; gakhil@marvell.com; Yigit, Ferruh ><ferruh.yigit@intel.com>; Doherty, Declan <declan.doherty@intel.com>; >stable@dpdk.org; Power, Ciara <ciara.power@intel.com> >Subject: RE: [PATCH v2] crypto/ipsec_mb: fix usage of untrusted value > >Hi Piotr, > >> -----Original Message----- >> From: Zhang, Roy Fan <roy.fan.zhang@intel.com> >> Sent: Monday, March 7, 2022 4:27 PM >> To: Bronowski, PiotrX <piotrx.bronowski@intel.com>; dev@dpdk.org >> Cc: thomas@monjalon.net; gakhil@marvell.com; Yigit, Ferruh >> <ferruh.yigit@intel.com>; Doherty, Declan <declan.doherty@intel.com>; >> stable@dpdk.org >> Subject: RE: [PATCH v2] crypto/ipsec_mb: fix usage of untrusted value >> >> > -----Original Message----- >> > From: Bronowski, PiotrX <piotrx.bronowski@intel.com> >> > Sent: Monday, March 7, 2022 3:33 PM >> > To: dev@dpdk.org >> > Cc: Zhang, Roy Fan <roy.fan.zhang@intel.com>; thomas@monjalon.net; >> > gakhil@marvell.com; Yigit, Ferruh <ferruh.yigit@intel.com>; Doherty, >> Declan >> > <declan.doherty@intel.com>; Bronowski, PiotrX >> > <piotrx.bronowski@intel.com>; stable@dpdk.org >> > Subject: [PATCH v2] crypto/ipsec_mb: fix usage of untrusted value >> > >> > This patch removes coverity defect CID 375828: >> > Untrusted value as argument (TAINTED_SCALAR) >> > >> > Coverity issue: CID 375828 >> > Fixes: 918fd2f1466b ("crypto/ipsec_mb: move aesni_mb PMD") >> > >> > Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com> >> > >> > Cc: stable@dpdk.org >> > >> > --- >> > v2: use a different logic to check digest length >> > --- >> Acked-by: Fan Zhang <roy.fan.zhang@intel.com> > >Sorry I missed a point in your change and thanks for Ciara pointing this out. >You are changing the gen_digest_size to 64 which is wrong. >Please send v3. >Also instead of ack - Nack this patch. [CP] In the v3 I think Fixes line should also be updated to either: Fixes: 746825e5c0ea ("crypto/ipsec_mb: move aesni_gcm PMD") Or Fixes: ceb863938708 ("crypto/aesni_gcm: support all truncated digest sizes") Cc: pablo.de.lara.guarch@intel.com (The second one seems to be where the code was introduced before being moved into the consolidated ipsec_mb PMD in 21.11) Thanks, Ciara ^ permalink raw reply [flat|nested] 9+ messages in thread
* [PATCH v3] crypto/ipsec_mb: fix coverity issue 2022-03-07 15:32 ` [PATCH v2] crypto/ipsec_mb: fix usage of untrusted value Piotr Bronowski 2022-03-07 16:26 ` Zhang, Roy Fan @ 2022-03-09 15:08 ` Piotr Bronowski 2022-03-09 18:02 ` [PATCH v4] " Piotr Bronowski 1 sibling, 1 reply; 9+ messages in thread From: Piotr Bronowski @ 2022-03-09 15:08 UTC (permalink / raw) To: dev Cc: roy.fan.zhang, thomas, gakhil, ferruh.yigit, declan.doherty, Piotr Bronowski, stable This patch removes coverity defect CID 375828: Untrusted value as argument (TAINTED_SCALAR) Coverity issue: CID 375828 Fixes: 918fd2f1466b ("crypto/ipsec_mb: move aesni_mb PMD") Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com> Cc: stable@dpdk.org --- v3: use a different logic to check digest length --- drivers/crypto/ipsec_mb/pmd_aesni_gcm.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_gcm.c b/drivers/crypto/ipsec_mb/pmd_aesni_gcm.c index e5ad629fe5..2c033c6f28 100644 --- a/drivers/crypto/ipsec_mb/pmd_aesni_gcm.c +++ b/drivers/crypto/ipsec_mb/pmd_aesni_gcm.c @@ -96,7 +96,9 @@ aesni_gcm_session_configure(IMB_MGR *mb_mgr, void *session, sess->iv.length = auth_xform->auth.iv.length; key_length = auth_xform->auth.key.length; key = auth_xform->auth.key.data; - sess->req_digest_length = auth_xform->auth.digest_length; + sess->req_digest_length = + RTE_MIN(auth_xform->auth.digest_length, + DIGEST_LENGTH_MAX); break; case IPSEC_MB_OP_AEAD_AUTHENTICATED_ENCRYPT: case IPSEC_MB_OP_AEAD_AUTHENTICATED_DECRYPT: @@ -116,7 +118,9 @@ aesni_gcm_session_configure(IMB_MGR *mb_mgr, void *session, key_length = aead_xform->aead.key.length; key = aead_xform->aead.key.data; sess->aad_length = aead_xform->aead.aad_length; - sess->req_digest_length = aead_xform->aead.digest_length; + sess->req_digest_length = + RTE_MIN(aead_xform->aead.digest_length, + DIGEST_LENGTH_MAX); break; default: IPSEC_MB_LOG( -- 2.30.2 -------------------------------------------------------------- Intel Research and Development Ireland Limited Registered in Ireland Registered Office: Collinstown Industrial Park, Leixlip, County Kildare Registered Number: 308263 This e-mail and any attachments may contain confidential material for the sole use of the intended recipient(s). Any review or distribution by others is strictly prohibited. If you are not the intended recipient, please contact the sender and delete all copies. ^ permalink raw reply [flat|nested] 9+ messages in thread
* [PATCH v4] crypto/ipsec_mb: fix coverity issue 2022-03-09 15:08 ` [PATCH v3] crypto/ipsec_mb: fix coverity issue Piotr Bronowski @ 2022-03-09 18:02 ` Piotr Bronowski 2022-03-10 9:17 ` Power, Ciara 0 siblings, 1 reply; 9+ messages in thread From: Piotr Bronowski @ 2022-03-09 18:02 UTC (permalink / raw) To: dev Cc: roy.fan.zhang, thomas, gakhil, ferruh.yigit, declan.doherty, Piotr Bronowski, stable This patch removes coverity defect CID 375828: Untrusted value as argument (TAINTED_SCALAR) Coverity issue: CID 375828 Fixes: ceb863938708 ("crypto/aesni_gcm: support all truncated digest sizes") Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com> Cc: stable@dpdk.org --- v4: commit message corrected --- drivers/crypto/ipsec_mb/pmd_aesni_gcm.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_gcm.c b/drivers/crypto/ipsec_mb/pmd_aesni_gcm.c index e5ad629fe5..2c033c6f28 100644 --- a/drivers/crypto/ipsec_mb/pmd_aesni_gcm.c +++ b/drivers/crypto/ipsec_mb/pmd_aesni_gcm.c @@ -96,7 +96,9 @@ aesni_gcm_session_configure(IMB_MGR *mb_mgr, void *session, sess->iv.length = auth_xform->auth.iv.length; key_length = auth_xform->auth.key.length; key = auth_xform->auth.key.data; - sess->req_digest_length = auth_xform->auth.digest_length; + sess->req_digest_length = + RTE_MIN(auth_xform->auth.digest_length, + DIGEST_LENGTH_MAX); break; case IPSEC_MB_OP_AEAD_AUTHENTICATED_ENCRYPT: case IPSEC_MB_OP_AEAD_AUTHENTICATED_DECRYPT: @@ -116,7 +118,9 @@ aesni_gcm_session_configure(IMB_MGR *mb_mgr, void *session, key_length = aead_xform->aead.key.length; key = aead_xform->aead.key.data; sess->aad_length = aead_xform->aead.aad_length; - sess->req_digest_length = aead_xform->aead.digest_length; + sess->req_digest_length = + RTE_MIN(aead_xform->aead.digest_length, + DIGEST_LENGTH_MAX); break; default: IPSEC_MB_LOG( -- 2.30.2 -------------------------------------------------------------- Intel Research and Development Ireland Limited Registered in Ireland Registered Office: Collinstown Industrial Park, Leixlip, County Kildare Registered Number: 308263 This e-mail and any attachments may contain confidential material for the sole use of the intended recipient(s). Any review or distribution by others is strictly prohibited. If you are not the intended recipient, please contact the sender and delete all copies. ^ permalink raw reply [flat|nested] 9+ messages in thread
* RE: [PATCH v4] crypto/ipsec_mb: fix coverity issue 2022-03-09 18:02 ` [PATCH v4] " Piotr Bronowski @ 2022-03-10 9:17 ` Power, Ciara 2022-03-14 10:32 ` Thomas Monjalon 0 siblings, 1 reply; 9+ messages in thread From: Power, Ciara @ 2022-03-10 9:17 UTC (permalink / raw) To: Bronowski, PiotrX, dev Cc: Zhang, Roy Fan, thomas, gakhil, Yigit, Ferruh, Doherty, Declan, Bronowski, PiotrX, stable >-----Original Message----- >From: Piotr Bronowski <piotrx.bronowski@intel.com> >Sent: Wednesday 9 March 2022 18:02 >To: dev@dpdk.org >Cc: Zhang, Roy Fan <roy.fan.zhang@intel.com>; thomas@monjalon.net; >gakhil@marvell.com; Yigit, Ferruh <ferruh.yigit@intel.com>; Doherty, Declan ><declan.doherty@intel.com>; Bronowski, PiotrX ><piotrx.bronowski@intel.com>; stable@dpdk.org >Subject: [PATCH v4] crypto/ipsec_mb: fix coverity issue > >This patch removes coverity defect CID 375828: >Untrusted value as argument (TAINTED_SCALAR) > >Coverity issue: CID 375828 > >Fixes: ceb863938708 ("crypto/aesni_gcm: support all truncated digest sizes") > >Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com> > >Cc: stable@dpdk.org > >--- >v4: commit message corrected >--- > drivers/crypto/ipsec_mb/pmd_aesni_gcm.c | 8 ++++++-- > 1 file changed, 6 insertions(+), 2 deletions(-) > <snip> Acked-by: Ciara Power <ciara.power@intel.com> ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH v4] crypto/ipsec_mb: fix coverity issue 2022-03-10 9:17 ` Power, Ciara @ 2022-03-14 10:32 ` Thomas Monjalon 0 siblings, 0 replies; 9+ messages in thread From: Thomas Monjalon @ 2022-03-14 10:32 UTC (permalink / raw) To: Bronowski, PiotrX Cc: dev, stable, Zhang, Roy Fan, gakhil, Yigit, Ferruh, Doherty, Declan, Power, Ciara > >This patch removes coverity defect CID 375828: > >Untrusted value as argument (TAINTED_SCALAR) It lacks an explanation of the cause. > >Coverity issue: CID 375828 You should not write CID above. > > > >Fixes: ceb863938708 ("crypto/aesni_gcm: support all truncated digest sizes") > > > >Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com> > > > >Cc: stable@dpdk.org This Cc should be just below the "Fixes". > Acked-by: Ciara Power <ciara.power@intel.com> Fixed formatting, writing a better title, and applied. ^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2022-03-14 10:32 UTC | newest] Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- [not found] <20220307124802.1371808-1-piotrx.bronowski@intel.com> 2022-03-07 15:32 ` [PATCH v2] crypto/ipsec_mb: fix usage of untrusted value Piotr Bronowski 2022-03-07 16:26 ` Zhang, Roy Fan 2022-03-09 13:19 ` Ji, Kai 2022-03-09 14:34 ` Zhang, Roy Fan 2022-03-09 14:40 ` Power, Ciara 2022-03-09 15:08 ` [PATCH v3] crypto/ipsec_mb: fix coverity issue Piotr Bronowski 2022-03-09 18:02 ` [PATCH v4] " Piotr Bronowski 2022-03-10 9:17 ` Power, Ciara 2022-03-14 10:32 ` Thomas Monjalon
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).