From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id B61BDA0093 for ; Tue, 19 May 2020 15:00:45 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id AF7231D625; Tue, 19 May 2020 15:00:45 +0200 (CEST) Received: from mail-wm1-f67.google.com (mail-wm1-f67.google.com [209.85.128.67]) by dpdk.org (Postfix) with ESMTP id 190C51D627 for ; Tue, 19 May 2020 15:00:44 +0200 (CEST) Received: by mail-wm1-f67.google.com with SMTP id z72so3464017wmc.2 for ; Tue, 19 May 2020 06:00:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=O/vscs3V959Tq6nNE9c+mUTF7TVny12EuK5VjukdkzA=; b=W3bhRgySvdhm36EXfCUH4d+FsfrJp9FHCYddkJ059DKphlxaLIt/O2oeI9R8FT9vu2 rSUF4zBChoOj3DOBqWHnVFqPwrOLHGJfxjMv45uOf9PFPdfbEpeGy9lsIC4aEHoWjZQT I8HcpSeHfxvH56B6viC7F0NSkYX65DrDtwCtqzxR6RadBnXjB82bSdhI3BFArrqHNLvx x+LAnkr7FPtmJTS9/6DmgAexmuES8noFQ4lNzOEh2yUDnhTytM1ogpzpm4v+2O164BFH n3tP/+yX2Sbaab8bB3WUY79z+XidSS/2vzJFd+Aez6CkLGVsZw+FWrKdCi2cbU0iQRmh 256Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=O/vscs3V959Tq6nNE9c+mUTF7TVny12EuK5VjukdkzA=; b=RkjunfDVUodKB80K5GtO12AXRKCCSzvy4Gb2U8UfZpb2OUhtz480wEueo1RD5p1fTc F8FQnAeislPFWHpfbkLplEuw0Tpns2M2sDq5Z/DGzh2NRLGuCB+St23dnlPysQhRoNk2 8vP3UToLu/36xelJwHZNCQ4MFFNupbBfnPWzapKKe+1jnvcXkEM/XPW2CR45pUgCgRYf nwmaX1AoELRoeTKAPLfKLE1Xfw2MmpLHTjw7JPdfNZsYXXZjBpdZhQ+JAKfC3uap56bY std5vp31FbpfDxvAiqkGst829KSElhR39a2FzLjK1UDM0ppsV08nbfNBkDjWyU2xSZr5 Sp7g== X-Gm-Message-State: AOAM531urquQNXzsD6wgGt2pqCFgJ8nadpUCTFaYVvZ5enqMfltrn/r7 26HtfQuz52R9KJH9HzT41LE= X-Google-Smtp-Source: ABdhPJw9FfctVl1QiTdVYXrBF+WxN9Y3+wv043wsf9ezQGl1Y13azhCxTQYTfUap9wJwauFJskIfXA== X-Received: by 2002:a7b:c086:: with SMTP id r6mr5210161wmh.29.1589893243826; Tue, 19 May 2020 06:00:43 -0700 (PDT) Received: from localhost ([88.98.246.218]) by smtp.gmail.com with ESMTPSA id 77sm21859540wrc.6.2020.05.19.06.00.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 19 May 2020 06:00:43 -0700 (PDT) From: luca.boccassi@gmail.com To: Pablo de Lara Cc: Akhil Goyal , dpdk stable Date: Tue, 19 May 2020 13:54:29 +0100 Message-Id: <20200519125804.104349-79-luca.boccassi@gmail.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200519125804.104349-1-luca.boccassi@gmail.com> References: <20200519125804.104349-1-luca.boccassi@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Subject: [dpdk-stable] patch 'crypto/openssl: fix out-of-place encryption' has been queued to stable release 19.11.3 X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org Sender: "stable" Hi, FYI, your patch has been queued to stable release 19.11.3 Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet. It will be pushed if I get no objections before 05/21/20. So please shout if anyone has objections. Also note that after the patch there's a diff of the upstream commit vs the patch applied to the branch. This will indicate if there was any rebasing needed to apply to the stable branch. If there were code changes for rebasing (ie: not only metadata diffs), please double check that the rebase was correctly done. Thanks. Luca Boccassi --- >From 48bb740ce1a4c3d0adf26241e3156295775428cb Mon Sep 17 00:00:00 2001 From: Pablo de Lara Date: Tue, 14 Apr 2020 18:25:55 +0100 Subject: [PATCH] crypto/openssl: fix out-of-place encryption [ upstream commit 1fa538faeb962ec7f54a1cdf8cba5271de15e17d ] When authenticating after encrypting, if the operation is out-of-place, the destination buffer is the one that will get authenticated. If the cipher offset is higher than the authentication offset, it means that part of the text to authenticate will be plaintext, so this needs to get copied to the destination buffer, or the result will be incorrect. Fixes: d61f70b4c918 ("crypto/libcrypto: add driver for OpenSSL library") Signed-off-by: Pablo de Lara Acked-by: Akhil Goyal --- drivers/crypto/openssl/rte_openssl_pmd.c | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c index b820f6171d..c294f60b7d 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd.c +++ b/drivers/crypto/openssl/rte_openssl_pmd.c @@ -2038,6 +2038,26 @@ process_asym_op(struct openssl_qp *qp, struct rte_crypto_op *op, return retval; } +static void +copy_plaintext(struct rte_mbuf *m_src, struct rte_mbuf *m_dst, + struct rte_crypto_op *op) +{ + uint8_t *p_src, *p_dst; + + p_src = rte_pktmbuf_mtod(m_src, uint8_t *); + p_dst = rte_pktmbuf_mtod(m_dst, uint8_t *); + + /** + * Copy the content between cipher offset and auth offset + * for generating correct digest. + */ + if (op->sym->cipher.data.offset > op->sym->auth.data.offset) + memcpy(p_dst + op->sym->auth.data.offset, + p_src + op->sym->auth.data.offset, + op->sym->cipher.data.offset - + op->sym->auth.data.offset); +} + /** Process crypto operation for mbuf */ static int process_op(struct openssl_qp *qp, struct rte_crypto_op *op, @@ -2060,6 +2080,9 @@ process_op(struct openssl_qp *qp, struct rte_crypto_op *op, break; case OPENSSL_CHAIN_CIPHER_AUTH: process_openssl_cipher_op(op, sess, msrc, mdst); + /* OOP */ + if (msrc != mdst) + copy_plaintext(msrc, mdst, op); process_openssl_auth_op(qp, op, sess, mdst, mdst); break; case OPENSSL_CHAIN_AUTH_CIPHER: -- 2.20.1 --- Diff of the applied patch vs upstream commit (please double-check if non-empty: --- --- - 2020-05-19 13:56:22.022519621 +0100 +++ 0079-crypto-openssl-fix-out-of-place-encryption.patch 2020-05-19 13:56:18.311503476 +0100 @@ -1,8 +1,10 @@ -From 1fa538faeb962ec7f54a1cdf8cba5271de15e17d Mon Sep 17 00:00:00 2001 +From 48bb740ce1a4c3d0adf26241e3156295775428cb Mon Sep 17 00:00:00 2001 From: Pablo de Lara Date: Tue, 14 Apr 2020 18:25:55 +0100 Subject: [PATCH] crypto/openssl: fix out-of-place encryption +[ upstream commit 1fa538faeb962ec7f54a1cdf8cba5271de15e17d ] + When authenticating after encrypting, if the operation is out-of-place, the destination buffer is the one that will get authenticated. @@ -12,7 +14,6 @@ destination buffer, or the result will be incorrect. Fixes: d61f70b4c918 ("crypto/libcrypto: add driver for OpenSSL library") -Cc: stable@dpdk.org Signed-off-by: Pablo de Lara Acked-by: Akhil Goyal