patch 'crypto/openssl: skip workaround at compilation time' has been queued to stable release 22.11.3

Xueming Li xuemingl at nvidia.com
Thu Aug 10 01:47:31 CEST 2023

Previous message (by thread): patch 'crypto/openssl: fix memory leak in auth processing' has been queued to stable release 22.11.3
Next message (by thread): patch 'test/security: fix event inline IPsec reassembly tests' has been queued to stable release 22.11.3
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

FYI, your patch has been queued to stable release 22.11.3

Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 08/11/23. So please
shout if anyone has objections.

Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.

Queued patches are on a temporary branch at:
https://git.dpdk.org/dpdk-stable/log/?h=22.11-staging

This queued commit can be viewed at:
https://git.dpdk.org/dpdk-stable/commit/?h=22.11-staging&id=643423f0b7e4189c9814ade46234ec1d7b39227f

Thanks.

Xueming Li <xuemingl at nvidia.com>

---
>From 643423f0b7e4189c9814ade46234ec1d7b39227f Mon Sep 17 00:00:00 2001
From: Didier Pallard <didier.pallard at 6wind.com>
Date: Tue, 18 Apr 2023 16:56:19 +0200
Subject: [PATCH] crypto/openssl: skip workaround at compilation time
Cc: Xueming Li <xuemingl at nvidia.com>

[ upstream commit 5b94ac1965620e945a3b8fcff84fab4fcb2ef801 ]

This workaround was needed before version 1.0.1f.
Do not build it for versions >= 1.1.

Fixes: d61f70b4c918 ("crypto/libcrypto: add driver for OpenSSL library")

Signed-off-by: Didier Pallard <didier.pallard at 6wind.com>
Acked-by: Kai Ji <kai.ji at intel.com>
---
 drivers/crypto/openssl/rte_openssl_pmd.c | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index 175b651000..6825b0469e 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -1195,8 +1195,11 @@ process_openssl_auth_encryption_gcm(struct rte_mbuf *mbuf_src, int offset,
 		int srclen, uint8_t *aad, int aadlen, uint8_t *iv,
 		uint8_t *dst, uint8_t *tag, EVP_CIPHER_CTX *ctx)
 {
-	int len = 0, unused = 0;
+	int len = 0;
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+	int unused = 0;
 	uint8_t empty[] = {};
+#endif
 
 	if (EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv) <= 0)
 		goto process_auth_encryption_gcm_err;
@@ -1210,9 +1213,11 @@ process_openssl_auth_encryption_gcm(struct rte_mbuf *mbuf_src, int offset,
 				srclen, ctx, 0))
 			goto process_auth_encryption_gcm_err;
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 	/* Workaround open ssl bug in version less then 1.0.1f */
 	if (EVP_EncryptUpdate(ctx, empty, &unused, empty, 0) <= 0)
 		goto process_auth_encryption_gcm_err;
+#endif
 
 	if (EVP_EncryptFinal_ex(ctx, dst, &len) <= 0)
 		goto process_auth_encryption_gcm_err;
@@ -1274,8 +1279,11 @@ process_openssl_auth_decryption_gcm(struct rte_mbuf *mbuf_src, int offset,
 		int srclen, uint8_t *aad, int aadlen, uint8_t *iv,
 		uint8_t *dst, uint8_t *tag, EVP_CIPHER_CTX *ctx)
 {
-	int len = 0, unused = 0;
+	int len = 0;
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+	int unused = 0;
 	uint8_t empty[] = {};
+#endif
 
 	if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, 16, tag) <= 0)
 		goto process_auth_decryption_gcm_err;
@@ -1292,9 +1300,11 @@ process_openssl_auth_decryption_gcm(struct rte_mbuf *mbuf_src, int offset,
 				srclen, ctx, 0))
 			goto process_auth_decryption_gcm_err;
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 	/* Workaround open ssl bug in version less then 1.0.1f */
 	if (EVP_DecryptUpdate(ctx, empty, &unused, empty, 0) <= 0)
 		goto process_auth_decryption_gcm_err;
+#endif
 
 	if (EVP_DecryptFinal_ex(ctx, dst, &len) <= 0)
 		return -EFAULT;
-- 
2.25.1

---
  Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- -	2023-08-09 21:51:18.537043700 +0800
+++ 0009-crypto-openssl-skip-workaround-at-compilation-time.patch	2023-08-09 21:51:18.114352000 +0800
@@ -1 +1 @@
-From 5b94ac1965620e945a3b8fcff84fab4fcb2ef801 Mon Sep 17 00:00:00 2001
+From 643423f0b7e4189c9814ade46234ec1d7b39227f Mon Sep 17 00:00:00 2001
@@ -4,0 +5,3 @@
+Cc: Xueming Li <xuemingl at nvidia.com>
+
+[ upstream commit 5b94ac1965620e945a3b8fcff84fab4fcb2ef801 ]
@@ -10 +12,0 @@
-Cc: stable at dpdk.org
@@ -19 +21 @@
-index 9b83811d67..4569c5e62f 100644
+index 175b651000..6825b0469e 100644
@@ -22 +24 @@
-@@ -1196,8 +1196,11 @@ process_openssl_auth_encryption_gcm(struct rte_mbuf *mbuf_src, int offset,
+@@ -1195,8 +1195,11 @@ process_openssl_auth_encryption_gcm(struct rte_mbuf *mbuf_src, int offset,
@@ -35 +37 @@
-@@ -1211,9 +1214,11 @@ process_openssl_auth_encryption_gcm(struct rte_mbuf *mbuf_src, int offset,
+@@ -1210,9 +1213,11 @@ process_openssl_auth_encryption_gcm(struct rte_mbuf *mbuf_src, int offset,
@@ -47 +49 @@
-@@ -1275,8 +1280,11 @@ process_openssl_auth_decryption_gcm(struct rte_mbuf *mbuf_src, int offset,
+@@ -1274,8 +1279,11 @@ process_openssl_auth_decryption_gcm(struct rte_mbuf *mbuf_src, int offset,
@@ -60 +62 @@
-@@ -1293,9 +1301,11 @@ process_openssl_auth_decryption_gcm(struct rte_mbuf *mbuf_src, int offset,
+@@ -1292,9 +1300,11 @@ process_openssl_auth_decryption_gcm(struct rte_mbuf *mbuf_src, int offset,

Previous message (by thread): patch 'crypto/openssl: fix memory leak in auth processing' has been queued to stable release 22.11.3
Next message (by thread): patch 'test/security: fix event inline IPsec reassembly tests' has been queued to stable release 22.11.3
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the stable mailing list