From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 43F3BA0093 for ; Thu, 28 May 2020 18:25:16 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 17B741DC20; Thu, 28 May 2020 18:25:16 +0200 (CEST) Received: from us-smtp-delivery-1.mimecast.com (us-smtp-1.mimecast.com [207.211.31.81]) by dpdk.org (Postfix) with ESMTP id 0C2321DC2E for ; Thu, 28 May 2020 18:25:14 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1590683114; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=26PPoVJXx5IlUepXMCg5EDmuljgTQ90HYtKJUM81kfQ=; b=ez96zYjRKp238nE7DII/68qe8reYmP9awhpga3nepeESwksLK6lVgrnumzujZ7+ggANI28 2HgrwgRrPrW6fksMMiymxI+zL9dGaBv25IbtQYDuJXWb0z7BUpT7YixKrDIpMeXYZsrrmi ZeJNfG4pO7iWzTHBnQUh6Mzo27SMaa0= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-379-6xNe2xDJPH-QVUUXoPgraA-1; Thu, 28 May 2020 12:25:09 -0400 X-MC-Unique: 6xNe2xDJPH-QVUUXoPgraA-1 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 9BA0E1005512; Thu, 28 May 2020 16:25:08 +0000 (UTC) Received: from rh.redhat.com (unknown [10.33.36.235]) by smtp.corp.redhat.com (Postfix) with ESMTP id B2051610AB; Thu, 28 May 2020 16:25:07 +0000 (UTC) From: Kevin Traynor To: Pablo de Lara Cc: Akhil Goyal , dpdk stable Date: Thu, 28 May 2020 17:22:26 +0100 Message-Id: <20200528162322.7863-39-ktraynor@redhat.com> In-Reply-To: <20200528162322.7863-1-ktraynor@redhat.com> References: <20200528162322.7863-1-ktraynor@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 8bit Subject: [dpdk-stable] patch 'crypto/openssl: fix out-of-place encryption' has been queued to LTS release 18.11.9 X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org Sender: "stable" Hi, FYI, your patch has been queued to LTS release 18.11.9 Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet. It will be pushed if I get no objections before 06/03/20. So please shout if anyone has objections. Also note that after the patch there's a diff of the upstream commit vs the patch applied to the branch. This will indicate if there was any rebasing needed to apply to the stable branch. If there were code changes for rebasing (ie: not only metadata diffs), please double check that the rebase was correctly done. Queued patches are on a temporary branch at: https://github.com/kevintraynor/dpdk-stable-queue This queued commit can be viewed at: https://github.com/kevintraynor/dpdk-stable-queue/commit/f9127b70ba81b91bcb20aae28cef6b82a8597735 Thanks. Kevin. --- >From f9127b70ba81b91bcb20aae28cef6b82a8597735 Mon Sep 17 00:00:00 2001 From: Pablo de Lara Date: Tue, 14 Apr 2020 18:25:55 +0100 Subject: [PATCH] crypto/openssl: fix out-of-place encryption [ upstream commit 1fa538faeb962ec7f54a1cdf8cba5271de15e17d ] When authenticating after encrypting, if the operation is out-of-place, the destination buffer is the one that will get authenticated. If the cipher offset is higher than the authentication offset, it means that part of the text to authenticate will be plaintext, so this needs to get copied to the destination buffer, or the result will be incorrect. Fixes: d61f70b4c918 ("crypto/libcrypto: add driver for OpenSSL library") Signed-off-by: Pablo de Lara Acked-by: Akhil Goyal --- drivers/crypto/openssl/rte_openssl_pmd.c | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c index 7a922f5d2a..a73c92ffd3 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd.c +++ b/drivers/crypto/openssl/rte_openssl_pmd.c @@ -1999,4 +1999,24 @@ process_asym_op(struct openssl_qp *qp, struct rte_crypto_op *op, } +static void +copy_plaintext(struct rte_mbuf *m_src, struct rte_mbuf *m_dst, + struct rte_crypto_op *op) +{ + uint8_t *p_src, *p_dst; + + p_src = rte_pktmbuf_mtod(m_src, uint8_t *); + p_dst = rte_pktmbuf_mtod(m_dst, uint8_t *); + + /** + * Copy the content between cipher offset and auth offset + * for generating correct digest. + */ + if (op->sym->cipher.data.offset > op->sym->auth.data.offset) + memcpy(p_dst + op->sym->auth.data.offset, + p_src + op->sym->auth.data.offset, + op->sym->cipher.data.offset - + op->sym->auth.data.offset); +} + /** Process crypto operation for mbuf */ static int @@ -2021,4 +2041,7 @@ process_op(struct openssl_qp *qp, struct rte_crypto_op *op, case OPENSSL_CHAIN_CIPHER_AUTH: process_openssl_cipher_op(op, sess, msrc, mdst); + /* OOP */ + if (msrc != mdst) + copy_plaintext(msrc, mdst, op); process_openssl_auth_op(qp, op, sess, mdst, mdst); break; -- 2.21.3 --- Diff of the applied patch vs upstream commit (please double-check if non-empty: --- --- - 2020-05-28 17:13:01.168641197 +0100 +++ 0039-crypto-openssl-fix-out-of-place-encryption.patch 2020-05-28 17:12:59.108556242 +0100 @@ -1 +1 @@ -From 1fa538faeb962ec7f54a1cdf8cba5271de15e17d Mon Sep 17 00:00:00 2001 +From f9127b70ba81b91bcb20aae28cef6b82a8597735 Mon Sep 17 00:00:00 2001 @@ -5,0 +6,2 @@ +[ upstream commit 1fa538faeb962ec7f54a1cdf8cba5271de15e17d ] + @@ -15 +16,0 @@ -Cc: stable@dpdk.org @@ -24 +25 @@ -index b820f6171d..c294f60b7d 100644 +index 7a922f5d2a..a73c92ffd3 100644 @@ -27 +28 @@ -@@ -2039,4 +2039,24 @@ process_asym_op(struct openssl_qp *qp, struct rte_crypto_op *op, +@@ -1999,4 +1999,24 @@ process_asym_op(struct openssl_qp *qp, struct rte_crypto_op *op, @@ -52 +53 @@ -@@ -2061,4 +2081,7 @@ process_op(struct openssl_qp *qp, struct rte_crypto_op *op, +@@ -2021,4 +2041,7 @@ process_op(struct openssl_qp *qp, struct rte_crypto_op *op,