[dpdk-stable] patch 'crypto/aesni_mb: fix GCM digest size check' has been queued to stable release 19.11.6
luca.boccassi at gmail.com
luca.boccassi at gmail.com
Wed Oct 28 11:45:13 CET 2020
Hi,
FYI, your patch has been queued to stable release 19.11.6
Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 10/30/20. So please
shout if anyone has objections.
Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.
Thanks.
Luca Boccassi
---
>From a281d0d527cbe4c3ca81f4ce099756d98171a281 Mon Sep 17 00:00:00 2001
From: Pablo de Lara <pablo.de.lara.guarch at intel.com>
Date: Fri, 9 Oct 2020 12:05:20 +0000
Subject: [PATCH] crypto/aesni_mb: fix GCM digest size check
[ upstream commit e45847d8fd0cd9c46ea13a6b5b87087cfb8ae393 ]
GCM digest sizes should be between 1 and 16 bytes.
Fixes: 7b2d4706c90e ("crypto/aesni_mb: support newer library version only")
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch at intel.com>
---
.../crypto/aesni_mb/aesni_mb_pmd_private.h | 4 ++--
drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 22 +++++++++----------
.../crypto/aesni_mb/rte_aesni_mb_pmd_ops.c | 8 +++----
3 files changed, 16 insertions(+), 18 deletions(-)
diff --git a/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h b/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h
index b3cb2f1cf9..03da3dc999 100644
--- a/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h
+++ b/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h
@@ -74,7 +74,7 @@ static const unsigned auth_truncated_digest_byte_lengths[] = {
[AES_CMAC] = 12,
[AES_CCM] = 8,
[NULL_HASH] = 0,
- [AES_GMAC] = 16,
+ [AES_GMAC] = 12,
[PLAIN_SHA1] = 20,
[PLAIN_SHA_224] = 28,
[PLAIN_SHA_256] = 32,
@@ -105,7 +105,7 @@ static const unsigned auth_digest_byte_lengths[] = {
[AES_XCBC] = 16,
[AES_CMAC] = 16,
[AES_CCM] = 16,
- [AES_GMAC] = 12,
+ [AES_GMAC] = 16,
[NULL_HASH] = 0,
[PLAIN_SHA1] = 20,
[PLAIN_SHA_224] = 28,
diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
index 8850934f1f..d2fa0664e3 100644
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
@@ -203,19 +203,11 @@ aesni_mb_set_session_auth_parameters(const MB_MGR *mb_mgr,
sess->cipher.direction = DECRYPT;
sess->auth.algo = AES_GMAC;
- /*
- * Multi-buffer lib supports 8, 12 and 16 bytes of digest.
- * If size requested is different, generate the full digest
- * (16 bytes) in a temporary location and then memcpy
- * the requested number of bytes.
- */
- if (sess->auth.req_digest_len != 16 &&
- sess->auth.req_digest_len != 12 &&
- sess->auth.req_digest_len != 8) {
- sess->auth.gen_digest_len = 16;
- } else {
- sess->auth.gen_digest_len = sess->auth.req_digest_len;
+ if (sess->auth.req_digest_len > get_digest_byte_length(AES_GMAC)) {
+ AESNI_MB_LOG(ERR, "Invalid digest size\n");
+ return -EINVAL;
}
+ sess->auth.gen_digest_len = sess->auth.req_digest_len;
sess->iv.length = xform->auth.iv.length;
sess->iv.offset = xform->auth.iv.offset;
@@ -597,6 +589,12 @@ aesni_mb_set_session_aead_parameters(const MB_MGR *mb_mgr,
return -EINVAL;
}
+ /* GCM digest size must be between 1 and 16 */
+ if (sess->auth.req_digest_len == 0 ||
+ sess->auth.req_digest_len > 16) {
+ AESNI_MB_LOG(ERR, "Invalid digest size\n");
+ return -EINVAL;
+ }
break;
default:
diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
index d8609ad114..da614768b4 100644
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
@@ -449,9 +449,9 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = {
.increment = 8
},
.digest_size = {
- .min = 8,
+ .min = 1,
.max = 16,
- .increment = 4
+ .increment = 1
},
.aad_size = {
.min = 0,
@@ -479,9 +479,9 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = {
.increment = 8
},
.digest_size = {
- .min = 8,
+ .min = 1,
.max = 16,
- .increment = 4
+ .increment = 1
},
.iv_size = {
.min = 12,
--
2.20.1
---
Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- - 2020-10-28 10:35:16.519016455 +0000
+++ 0154-crypto-aesni_mb-fix-GCM-digest-size-check.patch 2020-10-28 10:35:11.752833674 +0000
@@ -1,12 +1,13 @@
-From e45847d8fd0cd9c46ea13a6b5b87087cfb8ae393 Mon Sep 17 00:00:00 2001
+From a281d0d527cbe4c3ca81f4ce099756d98171a281 Mon Sep 17 00:00:00 2001
From: Pablo de Lara <pablo.de.lara.guarch at intel.com>
Date: Fri, 9 Oct 2020 12:05:20 +0000
Subject: [PATCH] crypto/aesni_mb: fix GCM digest size check
+[ upstream commit e45847d8fd0cd9c46ea13a6b5b87087cfb8ae393 ]
+
GCM digest sizes should be between 1 and 16 bytes.
Fixes: 7b2d4706c90e ("crypto/aesni_mb: support newer library version only")
-Cc: stable at dpdk.org
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch at intel.com>
---
@@ -16,32 +17,32 @@
3 files changed, 16 insertions(+), 18 deletions(-)
diff --git a/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h b/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h
-index 9693bf9854..7481e1d5e9 100644
+index b3cb2f1cf9..03da3dc999 100644
--- a/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h
+++ b/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h
-@@ -85,7 +85,7 @@ static const unsigned auth_truncated_digest_byte_lengths[] = {
- [AES_CMAC] = 12,
- [AES_CCM] = 8,
- [NULL_HASH] = 0,
-- [AES_GMAC] = 16,
-+ [AES_GMAC] = 12,
- [PLAIN_SHA1] = 20,
- [PLAIN_SHA_224] = 28,
- [PLAIN_SHA_256] = 32,
-@@ -121,7 +121,7 @@ static const unsigned auth_digest_byte_lengths[] = {
- [AES_XCBC] = 16,
- [AES_CMAC] = 16,
- [AES_CCM] = 16,
-- [AES_GMAC] = 12,
-+ [AES_GMAC] = 16,
- [NULL_HASH] = 0,
- [PLAIN_SHA1] = 20,
- [PLAIN_SHA_224] = 28,
+@@ -74,7 +74,7 @@ static const unsigned auth_truncated_digest_byte_lengths[] = {
+ [AES_CMAC] = 12,
+ [AES_CCM] = 8,
+ [NULL_HASH] = 0,
+- [AES_GMAC] = 16,
++ [AES_GMAC] = 12,
+ [PLAIN_SHA1] = 20,
+ [PLAIN_SHA_224] = 28,
+ [PLAIN_SHA_256] = 32,
+@@ -105,7 +105,7 @@ static const unsigned auth_digest_byte_lengths[] = {
+ [AES_XCBC] = 16,
+ [AES_CMAC] = 16,
+ [AES_CCM] = 16,
+- [AES_GMAC] = 12,
++ [AES_GMAC] = 16,
+ [NULL_HASH] = 0,
+ [PLAIN_SHA1] = 20,
+ [PLAIN_SHA_224] = 28,
diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
-index ba2882d276..7dbe40e025 100644
+index 8850934f1f..d2fa0664e3 100644
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
-@@ -213,19 +213,11 @@ aesni_mb_set_session_auth_parameters(const MB_MGR *mb_mgr,
+@@ -203,19 +203,11 @@ aesni_mb_set_session_auth_parameters(const MB_MGR *mb_mgr,
sess->cipher.direction = DECRYPT;
sess->auth.algo = AES_GMAC;
@@ -65,7 +66,7 @@
sess->iv.length = xform->auth.iv.length;
sess->iv.offset = xform->auth.iv.offset;
-@@ -721,6 +713,12 @@ aesni_mb_set_session_aead_parameters(const MB_MGR *mb_mgr,
+@@ -597,6 +589,12 @@ aesni_mb_set_session_aead_parameters(const MB_MGR *mb_mgr,
return -EINVAL;
}
@@ -79,10 +80,10 @@
default:
diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
-index e54205f1b8..46b8517a9f 100644
+index d8609ad114..da614768b4 100644
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
-@@ -455,9 +455,9 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = {
+@@ -449,9 +449,9 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = {
.increment = 8
},
.digest_size = {
@@ -94,7 +95,7 @@
},
.aad_size = {
.min = 0,
-@@ -485,9 +485,9 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = {
+@@ -479,9 +479,9 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = {
.increment = 8
},
.digest_size = {
More information about the stable
mailing list