[dpdk-stable] patch 'crypto/openssl: fix CCM processing 0 length source' has been queued to stable release 20.11.4

[Xueming Li]

Hi,

FYI, your patch has been queued to stable release 20.11.4

Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 11/12/21. So please
shout if anyone has objections.

Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.

Queued patches are on a temporary branch at:
https://github.com/steevenlee/dpdk

This queued commit can be viewed at:
https://github.com/steevenlee/dpdk/commit/52ed92cfb6b9933746264d9bb696bfdbf4dc230c

Thanks.

Xueming Li <xuemingl at nvidia.com>

---
>From 52ed92cfb6b9933746264d9bb696bfdbf4dc230c Mon Sep 17 00:00:00 2001
From: Ciara Power <ciara.power at intel.com>
Date: Mon, 23 Aug 2021 12:47:14 +0000
Subject: [PATCH] crypto/openssl: fix CCM processing 0 length source
Cc: Xueming Li <xuemingl at nvidia.com>

[ upstream commit 589f5e033d0d8489e0d4bf2f54332febf483f764 ]

When given a source length 0 for CCM, the encryption and decryption
functions did not call the EVP_ENCRYPTUPDATE/EVP_DECRYPTUPDATE functions
with a src and dst, causing some FIPS validation failures for testcases
with PLen=0:

process_openssl_auth_encryption_ccm() line 1131:
Process openssl auth encryption ccm failed

Fixes: 1a4998dc4d94 ("crypto/openssl: support AES-CCM")

Signed-off-by: Ciara Power <ciara.power at intel.com>
Acked-by: Fan Zhang <roy.fan.zhang at intel.com>
---
 drivers/crypto/openssl/rte_openssl_pmd.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index 7d3959f550..ca4265d2be 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -1114,7 +1114,7 @@ process_openssl_auth_encryption_ccm(struct rte_mbuf *mbuf_src, int offset,
 		if (EVP_EncryptUpdate(ctx, NULL, &len, aad + 18, aadlen) <= 0)
 			goto process_auth_encryption_ccm_err;
 
-	if (srclen > 0)
+	if (srclen >= 0)
 		if (process_openssl_encryption_update(mbuf_src, offset, &dst,
 				srclen, ctx, 0))
 			goto process_auth_encryption_ccm_err;
@@ -1197,7 +1197,7 @@ process_openssl_auth_decryption_ccm(struct rte_mbuf *mbuf_src, int offset,
 		if (EVP_DecryptUpdate(ctx, NULL, &len, aad + 18, aadlen) <= 0)
 			goto process_auth_decryption_ccm_err;
 
-	if (srclen > 0)
+	if (srclen >= 0)
 		if (process_openssl_decryption_update(mbuf_src, offset, &dst,
 				srclen, ctx, 0))
 			return -EFAULT;
-- 
2.33.0

---
  Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- -	2021-11-10 14:17:02.928050624 +0800
+++ 0018-crypto-openssl-fix-CCM-processing-0-length-source.patch	2021-11-10 14:17:01.754080379 +0800
@@ -1 +1 @@
-From 589f5e033d0d8489e0d4bf2f54332febf483f764 Mon Sep 17 00:00:00 2001
+From 52ed92cfb6b9933746264d9bb696bfdbf4dc230c Mon Sep 17 00:00:00 2001
@@ -4,0 +5,3 @@
+Cc: Xueming Li <xuemingl at nvidia.com>
+
+[ upstream commit 589f5e033d0d8489e0d4bf2f54332febf483f764 ]
@@ -15 +17,0 @@
-Cc: stable at dpdk.org
@@ -24 +26 @@
-index 47004337d5..37b969b916 100644
+index 7d3959f550..ca4265d2be 100644