patch 'crypto/openssl: fix CCM processing 0 length source' has been queued to stable release 19.11.11

[christian.ehrhardt at canonical.com]

Hi,

FYI, your patch has been queued to stable release 19.11.11

Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before December 10th 2021. So please
shout if anyone has objections.

Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.

Queued patches are on a temporary branch at:
https://github.com/cpaelzer/dpdk-stable-queue

This queued commit can be viewed at:
https://github.com/cpaelzer/dpdk-stable-queue/commit/b7bcb4e6a9e3004cdf882989c0d52b4244088205

Thanks.

Christian Ehrhardt <christian.ehrhardt at canonical.com>

---
>From b7bcb4e6a9e3004cdf882989c0d52b4244088205 Mon Sep 17 00:00:00 2001
From: Ciara Power <ciara.power at intel.com>
Date: Mon, 23 Aug 2021 12:47:14 +0000
Subject: [PATCH] crypto/openssl: fix CCM processing 0 length source

[ upstream commit 589f5e033d0d8489e0d4bf2f54332febf483f764 ]

When given a source length 0 for CCM, the encryption and decryption
functions did not call the EVP_ENCRYPTUPDATE/EVP_DECRYPTUPDATE functions
with a src and dst, causing some FIPS validation failures for testcases
with PLen=0:

process_openssl_auth_encryption_ccm() line 1131:
Process openssl auth encryption ccm failed

Fixes: 1a4998dc4d94 ("crypto/openssl: support AES-CCM")

Signed-off-by: Ciara Power <ciara.power at intel.com>
Acked-by: Fan Zhang <roy.fan.zhang at intel.com>
---
 drivers/crypto/openssl/rte_openssl_pmd.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index c294f60b7d..3e0afd71a1 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -1115,7 +1115,7 @@ process_openssl_auth_encryption_ccm(struct rte_mbuf *mbuf_src, int offset,
 		if (EVP_EncryptUpdate(ctx, NULL, &len, aad + 18, aadlen) <= 0)
 			goto process_auth_encryption_ccm_err;
 
-	if (srclen > 0)
+	if (srclen >= 0)
 		if (process_openssl_encryption_update(mbuf_src, offset, &dst,
 				srclen, ctx, 0))
 			goto process_auth_encryption_ccm_err;
@@ -1198,7 +1198,7 @@ process_openssl_auth_decryption_ccm(struct rte_mbuf *mbuf_src, int offset,
 		if (EVP_DecryptUpdate(ctx, NULL, &len, aad + 18, aadlen) <= 0)
 			goto process_auth_decryption_ccm_err;
 
-	if (srclen > 0)
+	if (srclen >= 0)
 		if (process_openssl_decryption_update(mbuf_src, offset, &dst,
 				srclen, ctx, 0))
 			return -EFAULT;
-- 
2.34.0

---
  Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- -	2021-11-30 16:50:06.834443970 +0100
+++ 0012-crypto-openssl-fix-CCM-processing-0-length-source.patch	2021-11-30 16:50:05.518871534 +0100
@@ -1 +1 @@
-From 589f5e033d0d8489e0d4bf2f54332febf483f764 Mon Sep 17 00:00:00 2001
+From b7bcb4e6a9e3004cdf882989c0d52b4244088205 Mon Sep 17 00:00:00 2001
@@ -5,0 +6,2 @@
+[ upstream commit 589f5e033d0d8489e0d4bf2f54332febf483f764 ]
+
@@ -15 +16,0 @@
-Cc: stable at dpdk.org
@@ -24 +25 @@
-index 47004337d5..37b969b916 100644
+index c294f60b7d..3e0afd71a1 100644
@@ -27 +28 @@
-@@ -1114,7 +1114,7 @@ process_openssl_auth_encryption_ccm(struct rte_mbuf *mbuf_src, int offset,
+@@ -1115,7 +1115,7 @@ process_openssl_auth_encryption_ccm(struct rte_mbuf *mbuf_src, int offset,
@@ -36 +37 @@
-@@ -1197,7 +1197,7 @@ process_openssl_auth_decryption_ccm(struct rte_mbuf *mbuf_src, int offset,
+@@ -1198,7 +1198,7 @@ process_openssl_auth_decryption_ccm(struct rte_mbuf *mbuf_src, int offset,