[dpdk-stable] patch 'crypto/openssl: fix out-of-place encryption' has been queued to stable release 19.11.3

[luca.boccassi at gmail.com]

Hi,

FYI, your patch has been queued to stable release 19.11.3

Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 05/21/20. So please
shout if anyone has objections.

Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.

Thanks.

Luca Boccassi

---
>From 48bb740ce1a4c3d0adf26241e3156295775428cb Mon Sep 17 00:00:00 2001
From: Pablo de Lara <pablo.de.lara.guarch at intel.com>
Date: Tue, 14 Apr 2020 18:25:55 +0100
Subject: [PATCH] crypto/openssl: fix out-of-place encryption

[ upstream commit 1fa538faeb962ec7f54a1cdf8cba5271de15e17d ]

When authenticating after encrypting, if the operation
is out-of-place, the destination buffer is the one
that will get authenticated.
If the cipher offset is higher than the authentication
offset, it means that part of the text to authenticate
will be plaintext, so this needs to get copied to the
destination buffer, or the result will be incorrect.

Fixes: d61f70b4c918 ("crypto/libcrypto: add driver for OpenSSL library")

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch at intel.com>
Acked-by: Akhil Goyal <akhil.goyal at nxp.com>
---
 drivers/crypto/openssl/rte_openssl_pmd.c | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index b820f6171d..c294f60b7d 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -2038,6 +2038,26 @@ process_asym_op(struct openssl_qp *qp, struct rte_crypto_op *op,
 	return retval;
 }
 
+static void
+copy_plaintext(struct rte_mbuf *m_src, struct rte_mbuf *m_dst,
+		struct rte_crypto_op *op)
+{
+	uint8_t *p_src, *p_dst;
+
+	p_src = rte_pktmbuf_mtod(m_src, uint8_t *);
+	p_dst = rte_pktmbuf_mtod(m_dst, uint8_t *);
+
+	/**
+	 * Copy the content between cipher offset and auth offset
+	 * for generating correct digest.
+	 */
+	if (op->sym->cipher.data.offset > op->sym->auth.data.offset)
+		memcpy(p_dst + op->sym->auth.data.offset,
+				p_src + op->sym->auth.data.offset,
+				op->sym->cipher.data.offset -
+				op->sym->auth.data.offset);
+}
+
 /** Process crypto operation for mbuf */
 static int
 process_op(struct openssl_qp *qp, struct rte_crypto_op *op,
@@ -2060,6 +2080,9 @@ process_op(struct openssl_qp *qp, struct rte_crypto_op *op,
 		break;
 	case OPENSSL_CHAIN_CIPHER_AUTH:
 		process_openssl_cipher_op(op, sess, msrc, mdst);
+		/* OOP */
+		if (msrc != mdst)
+			copy_plaintext(msrc, mdst, op);
 		process_openssl_auth_op(qp, op, sess, mdst, mdst);
 		break;
 	case OPENSSL_CHAIN_AUTH_CIPHER:
-- 
2.20.1

---
  Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- -	2020-05-19 13:56:22.022519621 +0100
+++ 0079-crypto-openssl-fix-out-of-place-encryption.patch	2020-05-19 13:56:18.311503476 +0100
@@ -1,8 +1,10 @@
-From 1fa538faeb962ec7f54a1cdf8cba5271de15e17d Mon Sep 17 00:00:00 2001
+From 48bb740ce1a4c3d0adf26241e3156295775428cb Mon Sep 17 00:00:00 2001
 From: Pablo de Lara <pablo.de.lara.guarch at intel.com>
 Date: Tue, 14 Apr 2020 18:25:55 +0100
 Subject: [PATCH] crypto/openssl: fix out-of-place encryption
 
+[ upstream commit 1fa538faeb962ec7f54a1cdf8cba5271de15e17d ]
+
 When authenticating after encrypting, if the operation
 is out-of-place, the destination buffer is the one
 that will get authenticated.
@@ -12,7 +14,6 @@
 destination buffer, or the result will be incorrect.
 
 Fixes: d61f70b4c918 ("crypto/libcrypto: add driver for OpenSSL library")
-Cc: stable at dpdk.org
 
 Signed-off-by: Pablo de Lara <pablo.de.lara.guarch at intel.com>
 Acked-by: Akhil Goyal <akhil.goyal at nxp.com>