From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 6988DA057B for ; Tue, 14 Apr 2020 19:26:10 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 4D12B1D17D; Tue, 14 Apr 2020 19:26:10 +0200 (CEST) Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by dpdk.org (Postfix) with ESMTP id 1E7811D176; Tue, 14 Apr 2020 19:26:06 +0200 (CEST) IronPort-SDR: RHwa+mAYQrrWIi31uvJnzpCJwr5uVsN8z9CC67uJKO0CSSjFPkSO89XjDn210QM8ef4P3uUyQz gD5uClPQAM1g== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga007.jf.intel.com ([10.7.209.58]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Apr 2020 10:26:04 -0700 IronPort-SDR: hr1qZTWMbRFeP0BXB8MeKrH9pRf+7MH/arD/JhWRZCqihz71GLtEyEU4ybPELL0Wz1ci0U1ofN BuBC/dnjjbWA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.72,383,1580803200"; d="scan'208";a="242057422" Received: from silpixa00399593.ir.intel.com (HELO silpixa00399593.ger.corp.intel.com) ([10.237.223.21]) by orsmga007.jf.intel.com with ESMTP; 14 Apr 2020 10:26:04 -0700 From: Pablo de Lara To: declan.doherty@intel.com Cc: roy.fan.zhang@intel.com, dev@dpdk.org, akhil.goyal@intel.com, Pablo de Lara , stable@dpdk.org Date: Tue, 14 Apr 2020 18:25:55 +0100 Message-Id: <1586885155-163682-1-git-send-email-pablo.de.lara.guarch@intel.com> X-Mailer: git-send-email 2.7.5 Subject: [dpdk-stable] [PATCH] crypto/openssl: fix out-of-place encryption X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org Sender: "stable" When authenticating after encrypting, if the operation is out-of-place, the destination buffer is the one that will get authenticated. If the cipher offset is higher than the authentication offset, it means that part of the text to authenticate will be plaintext, so this needs to get copied to the destination buffer, or the result will be incorrect. Fixes: d61f70b4c918 ("crypto/libcrypto: add driver for OpenSSL library") Cc: stable@dpdk.org Signed-off-by: Pablo de Lara --- drivers/crypto/openssl/rte_openssl_pmd.c | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c index 199097b..c295dd2 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd.c +++ b/drivers/crypto/openssl/rte_openssl_pmd.c @@ -2037,6 +2037,26 @@ process_asym_op(struct openssl_qp *qp, struct rte_crypto_op *op, return retval; } +static void +copy_plaintext(struct rte_mbuf *m_src, struct rte_mbuf *m_dst, + struct rte_crypto_op *op) +{ + uint8_t *p_src, *p_dst; + + p_src = rte_pktmbuf_mtod(m_src, uint8_t *); + p_dst = rte_pktmbuf_mtod(m_dst, uint8_t *); + + /** + * Copy the content between cipher offset and auth offset + * for generating correct digest. + */ + if (op->sym->cipher.data.offset > op->sym->auth.data.offset) + memcpy(p_dst + op->sym->auth.data.offset, + p_src + op->sym->auth.data.offset, + op->sym->cipher.data.offset - + op->sym->auth.data.offset); +} + /** Process crypto operation for mbuf */ static int process_op(struct openssl_qp *qp, struct rte_crypto_op *op, @@ -2059,6 +2079,9 @@ process_op(struct openssl_qp *qp, struct rte_crypto_op *op, break; case OPENSSL_CHAIN_CIPHER_AUTH: process_openssl_cipher_op(op, sess, msrc, mdst); + /* OOP */ + if (msrc != mdst) + copy_plaintext(msrc, mdst, op); process_openssl_auth_op(qp, op, sess, mdst, mdst); break; case OPENSSL_CHAIN_AUTH_CIPHER: -- 2.7.5