[PATCH v2] crypto/ipsec_mb: fix usage of untrusted value

Power, Ciara ciara.power at intel.com
Wed Mar 9 15:40:07 CET 2022

Previous message (by thread): [PATCH v2] crypto/ipsec_mb: fix usage of untrusted value
Next message (by thread): [PATCH v3] crypto/ipsec_mb: fix coverity issue
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Piotr,

>-----Original Message-----
>From: Zhang, Roy Fan <roy.fan.zhang at intel.com>
>Sent: Wednesday 9 March 2022 14:35
>To: Zhang, Roy Fan <roy.fan.zhang at intel.com>; Bronowski, PiotrX
><piotrx.bronowski at intel.com>; dev at dpdk.org
>Cc: thomas at monjalon.net; gakhil at marvell.com; Yigit, Ferruh
><ferruh.yigit at intel.com>; Doherty, Declan <declan.doherty at intel.com>;
>stable at dpdk.org; Power, Ciara <ciara.power at intel.com>
>Subject: RE: [PATCH v2] crypto/ipsec_mb: fix usage of untrusted value
>
>Hi Piotr,
>
>> -----Original Message-----
>> From: Zhang, Roy Fan <roy.fan.zhang at intel.com>
>> Sent: Monday, March 7, 2022 4:27 PM
>> To: Bronowski, PiotrX <piotrx.bronowski at intel.com>; dev at dpdk.org
>> Cc: thomas at monjalon.net; gakhil at marvell.com; Yigit, Ferruh
>> <ferruh.yigit at intel.com>; Doherty, Declan <declan.doherty at intel.com>;
>> stable at dpdk.org
>> Subject: RE: [PATCH v2] crypto/ipsec_mb: fix usage of untrusted value
>>
>> > -----Original Message-----
>> > From: Bronowski, PiotrX <piotrx.bronowski at intel.com>
>> > Sent: Monday, March 7, 2022 3:33 PM
>> > To: dev at dpdk.org
>> > Cc: Zhang, Roy Fan <roy.fan.zhang at intel.com>; thomas at monjalon.net;
>> > gakhil at marvell.com; Yigit, Ferruh <ferruh.yigit at intel.com>; Doherty,
>> Declan
>> > <declan.doherty at intel.com>; Bronowski, PiotrX
>> > <piotrx.bronowski at intel.com>; stable at dpdk.org
>> > Subject: [PATCH v2] crypto/ipsec_mb: fix usage of untrusted value
>> >
>> > This patch removes coverity defect CID 375828:
>> > Untrusted value as argument (TAINTED_SCALAR)
>> >
>> > Coverity issue: CID 375828
>> > Fixes: 918fd2f1466b ("crypto/ipsec_mb: move aesni_mb PMD")
>> >
>> > Signed-off-by: Piotr Bronowski <piotrx.bronowski at intel.com>
>> >
>> > Cc: stable at dpdk.org
>> >
>> > ---
>> > v2: use a different logic to check digest length
>> > ---
>> Acked-by: Fan Zhang <roy.fan.zhang at intel.com>
>
>Sorry I missed a point in your change and thanks for Ciara pointing this out.
>You are changing the gen_digest_size to 64 which is wrong.
>Please send v3.
>Also instead of ack - Nack this patch.

[CP]

In the v3 I think Fixes line should also be updated to either:

Fixes: 746825e5c0ea ("crypto/ipsec_mb: move aesni_gcm PMD")
Or
Fixes: ceb863938708 ("crypto/aesni_gcm: support all truncated digest sizes")
Cc: pablo.de.lara.guarch at intel.com

(The second one seems to be where the code was introduced before being moved into the consolidated ipsec_mb PMD in 21.11)

Thanks,
Ciara

Previous message (by thread): [PATCH v2] crypto/ipsec_mb: fix usage of untrusted value
Next message (by thread): [PATCH v3] crypto/ipsec_mb: fix coverity issue
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the stable mailing list