From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <stable-bounces@dpdk.org>
Received: from dpdk.org (dpdk.org [92.243.14.124])
	by inbox.dpdk.org (Postfix) with ESMTP id A4EB0A04DD
	for <public@inbox.dpdk.org>; Wed, 28 Oct 2020 11:54:21 +0100 (CET)
Received: from [92.243.14.124] (localhost [127.0.0.1])
	by dpdk.org (Postfix) with ESMTP id 93951CA37;
	Wed, 28 Oct 2020 11:54:20 +0100 (CET)
Received: from mail-wm1-f41.google.com (mail-wm1-f41.google.com
 [209.85.128.41]) by dpdk.org (Postfix) with ESMTP id D9966CA34
 for <stable@dpdk.org>; Wed, 28 Oct 2020 11:54:17 +0100 (CET)
Received: by mail-wm1-f41.google.com with SMTP id l20so3009530wme.0
 for <stable@dpdk.org>; Wed, 28 Oct 2020 03:54:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:to:cc:subject:date:message-id:in-reply-to:references
 :mime-version:content-transfer-encoding;
 bh=utWA3TijjSk/HUN26+xivdJsBvRyRnb9NIBGg5+AkHg=;
 b=CWfm7KBNHNLLWCg4BwI5y2tzC959UQDXIByGg06GV4xerVytES1ty3/xlhR7ocfIqj
 4VFtTwLi+4ey2RWNSDCXI5hyiMp/fvV3HecOUEo6cGsjasvowq4nWH0dXADlWaKbEFAI
 B/RfzLz+3aMHee31rHg4e9hlmGyD7iM1KnIfHxgtq6ey1tZVA+YRDvUSP39FN8gswzj2
 GRkuE6R1QyEDB1qiMJWR6YxudrTOa4GGA6aL6L0iTHQXiHMARvfw3ZVEZxYXfocYgGT3
 J6LUZSZQnpsBk0ZaKdHkcs4Gw8KszhkYPYEkGxDlhjesRyw8/201yyQpORgQiWbrQ7xV
 4DkA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references:mime-version:content-transfer-encoding;
 bh=utWA3TijjSk/HUN26+xivdJsBvRyRnb9NIBGg5+AkHg=;
 b=J5mejOaqxrO3v5X76eMi8huYdcHXU5frXrDxl55vTWeT2Y6nENPwnr0BRe0BEar/md
 NwhdU1NXtFSE1xe+MEH7L1VcXsed+Yxay+R7l0SOHQb35ycl6KK5v3Wv+QR6mN1okaHt
 We6QJmZUw/ICyIVUHGA71Iho7lyA3Z4fc4UbKSS34Vl4Du1x6cVMUP9d3QybZZwcGl0L
 nQqJBbVk+uBUj11Ek6D188AaCl3U+vBzrUKFAPr1E8MSeJNLc+XeiVL5PSCF1JxsPG0P
 zKj4hedQBXbg1vneUESQCQwJ/YzyrZXTlJexP/m+wJZJsONd+nbkvxolJlmDhLVXujVT
 fhiQ==
X-Gm-Message-State: AOAM532VH2kZMxpHIHXwSS0sb7VUZPEoc+iPlJnnZUvuLqpmjXSewkOd
 iSLQrFcNCrLBpbS+ymOMEnk=
X-Google-Smtp-Source: ABdhPJwu1HUguoqeLiM8kKcnnB+Hba6m84yf/bxE9xXJ+1OqfGK4s5iqKQhJ8YNjrP54ojnrCZo7qg==
X-Received: by 2002:a7b:c7c9:: with SMTP id z9mr7873281wmk.91.1603882457637;
 Wed, 28 Oct 2020 03:54:17 -0700 (PDT)
Received: from localhost ([88.98.246.218])
 by smtp.gmail.com with ESMTPSA id t7sm6218950wrx.42.2020.10.28.03.54.16
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Wed, 28 Oct 2020 03:54:16 -0700 (PDT)
From: luca.boccassi@gmail.com
To: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Cc: dpdk stable <stable@dpdk.org>
Date: Wed, 28 Oct 2020 10:45:13 +0000
Message-Id: <20201028104606.3504127-154-luca.boccassi@gmail.com>
X-Mailer: git-send-email 2.20.1
In-Reply-To: <20201028104606.3504127-1-luca.boccassi@gmail.com>
References: <20201028104606.3504127-1-luca.boccassi@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Subject: [dpdk-stable] patch 'crypto/aesni_mb: fix GCM digest size check'
	has been queued to stable release 19.11.6
X-BeenThere: stable@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: patches for DPDK stable branches <stable.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/stable>,
 <mailto:stable-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/stable/>
List-Post: <mailto:stable@dpdk.org>
List-Help: <mailto:stable-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/stable>,
 <mailto:stable-request@dpdk.org?subject=subscribe>
Errors-To: stable-bounces@dpdk.org
Sender: "stable" <stable-bounces@dpdk.org>

Hi,

FYI, your patch has been queued to stable release 19.11.6

Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 10/30/20. So please
shout if anyone has objections.

Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.

Thanks.

Luca Boccassi

---
>From a281d0d527cbe4c3ca81f4ce099756d98171a281 Mon Sep 17 00:00:00 2001
From: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Date: Fri, 9 Oct 2020 12:05:20 +0000
Subject: [PATCH] crypto/aesni_mb: fix GCM digest size check

[ upstream commit e45847d8fd0cd9c46ea13a6b5b87087cfb8ae393 ]

GCM digest sizes should be between 1 and 16 bytes.

Fixes: 7b2d4706c90e ("crypto/aesni_mb: support newer library version only")

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 .../crypto/aesni_mb/aesni_mb_pmd_private.h    |  4 ++--
 drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c    | 22 +++++++++----------
 .../crypto/aesni_mb/rte_aesni_mb_pmd_ops.c    |  8 +++----
 3 files changed, 16 insertions(+), 18 deletions(-)

diff --git a/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h b/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h
index b3cb2f1cf9..03da3dc999 100644
--- a/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h
+++ b/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h
@@ -74,7 +74,7 @@ static const unsigned auth_truncated_digest_byte_lengths[] = {
 		[AES_CMAC]	= 12,
 		[AES_CCM]	= 8,
 		[NULL_HASH]	= 0,
-		[AES_GMAC]	= 16,
+		[AES_GMAC]	= 12,
 		[PLAIN_SHA1]	= 20,
 		[PLAIN_SHA_224]	= 28,
 		[PLAIN_SHA_256]	= 32,
@@ -105,7 +105,7 @@ static const unsigned auth_digest_byte_lengths[] = {
 		[AES_XCBC]	= 16,
 		[AES_CMAC]	= 16,
 		[AES_CCM]	= 16,
-		[AES_GMAC]	= 12,
+		[AES_GMAC]	= 16,
 		[NULL_HASH]	= 0,
 		[PLAIN_SHA1]	= 20,
 		[PLAIN_SHA_224]	= 28,
diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
index 8850934f1f..d2fa0664e3 100644
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
@@ -203,19 +203,11 @@ aesni_mb_set_session_auth_parameters(const MB_MGR *mb_mgr,
 			sess->cipher.direction = DECRYPT;
 
 		sess->auth.algo = AES_GMAC;
-		/*
-		 * Multi-buffer lib supports 8, 12 and 16 bytes of digest.
-		 * If size requested is different, generate the full digest
-		 * (16 bytes) in a temporary location and then memcpy
-		 * the requested number of bytes.
-		 */
-		if (sess->auth.req_digest_len != 16 &&
-				sess->auth.req_digest_len != 12 &&
-				sess->auth.req_digest_len != 8) {
-			sess->auth.gen_digest_len = 16;
-		} else {
-			sess->auth.gen_digest_len = sess->auth.req_digest_len;
+		if (sess->auth.req_digest_len > get_digest_byte_length(AES_GMAC)) {
+			AESNI_MB_LOG(ERR, "Invalid digest size\n");
+			return -EINVAL;
 		}
+		sess->auth.gen_digest_len = sess->auth.req_digest_len;
 		sess->iv.length = xform->auth.iv.length;
 		sess->iv.offset = xform->auth.iv.offset;
 
@@ -597,6 +589,12 @@ aesni_mb_set_session_aead_parameters(const MB_MGR *mb_mgr,
 			return -EINVAL;
 		}
 
+		/* GCM digest size must be between 1 and 16 */
+		if (sess->auth.req_digest_len == 0 ||
+				sess->auth.req_digest_len > 16) {
+			AESNI_MB_LOG(ERR, "Invalid digest size\n");
+			return -EINVAL;
+		}
 		break;
 
 	default:
diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
index d8609ad114..da614768b4 100644
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
@@ -449,9 +449,9 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = {
 					.increment = 8
 				},
 				.digest_size = {
-					.min = 8,
+					.min = 1,
 					.max = 16,
-					.increment = 4
+					.increment = 1
 				},
 				.aad_size = {
 					.min = 0,
@@ -479,9 +479,9 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = {
 					.increment = 8
 				},
 				.digest_size = {
-					.min = 8,
+					.min = 1,
 					.max = 16,
-					.increment = 4
+					.increment = 1
 				},
 				.iv_size = {
 					.min = 12,
-- 
2.20.1

---
  Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- -	2020-10-28 10:35:16.519016455 +0000
+++ 0154-crypto-aesni_mb-fix-GCM-digest-size-check.patch	2020-10-28 10:35:11.752833674 +0000
@@ -1,12 +1,13 @@
-From e45847d8fd0cd9c46ea13a6b5b87087cfb8ae393 Mon Sep 17 00:00:00 2001
+From a281d0d527cbe4c3ca81f4ce099756d98171a281 Mon Sep 17 00:00:00 2001
 From: Pablo de Lara <pablo.de.lara.guarch@intel.com>
 Date: Fri, 9 Oct 2020 12:05:20 +0000
 Subject: [PATCH] crypto/aesni_mb: fix GCM digest size check
 
+[ upstream commit e45847d8fd0cd9c46ea13a6b5b87087cfb8ae393 ]
+
 GCM digest sizes should be between 1 and 16 bytes.
 
 Fixes: 7b2d4706c90e ("crypto/aesni_mb: support newer library version only")
-Cc: stable@dpdk.org
 
 Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
 ---
@@ -16,32 +17,32 @@
  3 files changed, 16 insertions(+), 18 deletions(-)
 
 diff --git a/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h b/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h
-index 9693bf9854..7481e1d5e9 100644
+index b3cb2f1cf9..03da3dc999 100644
 --- a/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h
 +++ b/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h
-@@ -85,7 +85,7 @@ static const unsigned auth_truncated_digest_byte_lengths[] = {
- 		[AES_CMAC]			= 12,
- 		[AES_CCM]			= 8,
- 		[NULL_HASH]			= 0,
--		[AES_GMAC]			= 16,
-+		[AES_GMAC]			= 12,
- 		[PLAIN_SHA1]			= 20,
- 		[PLAIN_SHA_224]			= 28,
- 		[PLAIN_SHA_256]			= 32,
-@@ -121,7 +121,7 @@ static const unsigned auth_digest_byte_lengths[] = {
- 		[AES_XCBC]			= 16,
- 		[AES_CMAC]			= 16,
- 		[AES_CCM]			= 16,
--		[AES_GMAC]			= 12,
-+		[AES_GMAC]			= 16,
- 		[NULL_HASH]			= 0,
- 		[PLAIN_SHA1]			= 20,
- 		[PLAIN_SHA_224]			= 28,
+@@ -74,7 +74,7 @@ static const unsigned auth_truncated_digest_byte_lengths[] = {
+ 		[AES_CMAC]	= 12,
+ 		[AES_CCM]	= 8,
+ 		[NULL_HASH]	= 0,
+-		[AES_GMAC]	= 16,
++		[AES_GMAC]	= 12,
+ 		[PLAIN_SHA1]	= 20,
+ 		[PLAIN_SHA_224]	= 28,
+ 		[PLAIN_SHA_256]	= 32,
+@@ -105,7 +105,7 @@ static const unsigned auth_digest_byte_lengths[] = {
+ 		[AES_XCBC]	= 16,
+ 		[AES_CMAC]	= 16,
+ 		[AES_CCM]	= 16,
+-		[AES_GMAC]	= 12,
++		[AES_GMAC]	= 16,
+ 		[NULL_HASH]	= 0,
+ 		[PLAIN_SHA1]	= 20,
+ 		[PLAIN_SHA_224]	= 28,
 diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
-index ba2882d276..7dbe40e025 100644
+index 8850934f1f..d2fa0664e3 100644
 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
 +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
-@@ -213,19 +213,11 @@ aesni_mb_set_session_auth_parameters(const MB_MGR *mb_mgr,
+@@ -203,19 +203,11 @@ aesni_mb_set_session_auth_parameters(const MB_MGR *mb_mgr,
  			sess->cipher.direction = DECRYPT;
  
  		sess->auth.algo = AES_GMAC;
@@ -65,7 +66,7 @@
  		sess->iv.length = xform->auth.iv.length;
  		sess->iv.offset = xform->auth.iv.offset;
  
-@@ -721,6 +713,12 @@ aesni_mb_set_session_aead_parameters(const MB_MGR *mb_mgr,
+@@ -597,6 +589,12 @@ aesni_mb_set_session_aead_parameters(const MB_MGR *mb_mgr,
  			return -EINVAL;
  		}
  
@@ -79,10 +80,10 @@
  
  	default:
 diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
-index e54205f1b8..46b8517a9f 100644
+index d8609ad114..da614768b4 100644
 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
 +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
-@@ -455,9 +455,9 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = {
+@@ -449,9 +449,9 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = {
  					.increment = 8
  				},
  				.digest_size = {
@@ -94,7 +95,7 @@
  				},
  				.aad_size = {
  					.min = 0,
-@@ -485,9 +485,9 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = {
+@@ -479,9 +479,9 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = {
  					.increment = 8
  				},
  				.digest_size = {