[dpdk-stable] [PATCH] crypto/openssl: fix out-of-place encryption

Pablo de Lara pablo.de.lara.guarch at intel.com
Tue Apr 14 19:25:55 CEST 2020

Previous message: [dpdk-stable] [PATCH v5 1/2] eal: add uuid dependent header files explicitly
Next message: [dpdk-stable] [dpdk-dev] [PATCH] crypto/openssl: fix out-of-place encryption
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

When authenticating after encrypting, if the operation
is out-of-place, the destination buffer is the one
that will get authenticated.
If the cipher offset is higher than the authentication
offset, it means that part of the text to authenticate
will be plaintext, so this needs to get copied to the
destination buffer, or the result will be incorrect.

Fixes: d61f70b4c918 ("crypto/libcrypto: add driver for OpenSSL library")
Cc: stable at dpdk.org

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch at intel.com>
---
 drivers/crypto/openssl/rte_openssl_pmd.c | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index 199097b..c295dd2 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -2037,6 +2037,26 @@ process_asym_op(struct openssl_qp *qp, struct rte_crypto_op *op,
 	return retval;
 }
 
+static void
+copy_plaintext(struct rte_mbuf *m_src, struct rte_mbuf *m_dst,
+		struct rte_crypto_op *op)
+{
+	uint8_t *p_src, *p_dst;
+
+	p_src = rte_pktmbuf_mtod(m_src, uint8_t *);
+	p_dst = rte_pktmbuf_mtod(m_dst, uint8_t *);
+
+	/**
+	 * Copy the content between cipher offset and auth offset
+	 * for generating correct digest.
+	 */
+	if (op->sym->cipher.data.offset > op->sym->auth.data.offset)
+		memcpy(p_dst + op->sym->auth.data.offset,
+				p_src + op->sym->auth.data.offset,
+				op->sym->cipher.data.offset -
+				op->sym->auth.data.offset);
+}
+
 /** Process crypto operation for mbuf */
 static int
 process_op(struct openssl_qp *qp, struct rte_crypto_op *op,
@@ -2059,6 +2079,9 @@ process_op(struct openssl_qp *qp, struct rte_crypto_op *op,
 		break;
 	case OPENSSL_CHAIN_CIPHER_AUTH:
 		process_openssl_cipher_op(op, sess, msrc, mdst);
+		/* OOP */
+		if (msrc != mdst)
+			copy_plaintext(msrc, mdst, op);
 		process_openssl_auth_op(qp, op, sess, mdst, mdst);
 		break;
 	case OPENSSL_CHAIN_AUTH_CIPHER:
-- 
2.7.5

Previous message: [dpdk-stable] [PATCH v5 1/2] eal: add uuid dependent header files explicitly
Next message: [dpdk-stable] [dpdk-dev] [PATCH] crypto/openssl: fix out-of-place encryption
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the stable mailing list