patch 'crypto/openssl: fix 3DES-CTR with big endian CPUs' has been queued to stable release 21.11.9

Kevin Traynor ktraynor at redhat.com
Wed Nov 27 18:18:22 CET 2024

Previous message (by thread): patch 'net/mvneta: fix possible out-of-bounds write' has been queued to stable release 21.11.9
Next message (by thread): patch 'net/mlx5: fix memory leak in metering' has been queued to stable release 21.11.9
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

FYI, your patch has been queued to stable release 21.11.9

Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 12/02/24. So please
shout if anyone has objections.

Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.

Queued patches are on a temporary branch at:
https://github.com/kevintraynor/dpdk-stable

This queued commit can be viewed at:
https://github.com/kevintraynor/dpdk-stable/commit/9f3dc338f2f4e357e422431bc778992d94d60ace

Thanks.

Kevin

---
>From 9f3dc338f2f4e357e422431bc778992d94d60ace Mon Sep 17 00:00:00 2001
From: David Marchand <david.marchand at redhat.com>
Date: Fri, 25 Oct 2024 09:04:21 +0200
Subject: [PATCH] crypto/openssl: fix 3DES-CTR with big endian CPUs
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

[ upstream commit 97afd07ca79c7270480a65febd7f616a4c0b07ca ]

Caught by code review.

Don't byte swap unconditionally (assuming that CPU is little endian is
wrong). Instead, convert from big endian to cpu and vice versa.

Besides, avoid unaligned accesses and remove the ctr_inc helper that is
not used anywhere else.

Fixes: d61f70b4c918 ("crypto/libcrypto: add driver for OpenSSL library")

Signed-off-by: David Marchand <david.marchand at redhat.com>
Acked-by: Morten Brørup <mb at smartsharesystems.com>
Acked-by: Hemant Agrawal <hemant.agrawal at nxp.com>
---
 drivers/crypto/openssl/rte_openssl_pmd.c | 28 ++++++++----------------
 1 file changed, 9 insertions(+), 19 deletions(-)

diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index a321258980..a75fb094ee 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -5,4 +5,5 @@
 #define OPENSSL_API_COMPAT 0x10100000L
 
+#include <rte_byteorder.h>
 #include <rte_common.h>
 #include <rte_hexdump.h>
@@ -44,20 +45,4 @@ static void HMAC_CTX_free(HMAC_CTX *ctx)
 static int cryptodev_openssl_remove(struct rte_vdev_device *vdev);
 
-/*----------------------------------------------------------------------------*/
-
-/**
- * Increment counter by 1
- * Counter is 64 bit array, big-endian
- */
-static void
-ctr_inc(uint8_t *ctr)
-{
-	uint64_t *ctr64 = (uint64_t *)ctr;
-
-	*ctr64 = __builtin_bswap64(*ctr64);
-	(*ctr64)++;
-	*ctr64 = __builtin_bswap64(*ctr64);
-}
-
 /*
  *------------------------------------------------------------------------------
@@ -1013,5 +998,6 @@ process_openssl_cipher_des3ctr(struct rte_mbuf *mbuf_src, uint8_t *dst,
 		int offset, uint8_t *iv, int srclen, EVP_CIPHER_CTX *ctx)
 {
-	uint8_t ebuf[8], ctr[8];
+	uint8_t ebuf[8];
+	uint64_t ctr;
 	int unused, n;
 	struct rte_mbuf *m;
@@ -1029,13 +1015,17 @@ process_openssl_cipher_des3ctr(struct rte_mbuf *mbuf_src, uint8_t *dst,
 	l = rte_pktmbuf_data_len(m) - offset;
 
-	memcpy(ctr, iv, 8);
+	memcpy(&ctr, iv, 8);
 
 	for (n = 0; n < srclen; n++) {
 		if (n % 8 == 0) {
+			uint64_t cpu_ctr;
+
 			if (EVP_EncryptUpdate(ctx,
 					(unsigned char *)&ebuf, &unused,
 					(const unsigned char *)&ctr, 8) <= 0)
 				goto process_cipher_des3ctr_err;
-			ctr_inc(ctr);
+			cpu_ctr = rte_be_to_cpu_64(ctr);
+			cpu_ctr++;
+			ctr = rte_cpu_to_be_64(cpu_ctr);
 		}
 		dst[n] = *(src++) ^ ebuf[n % 8];
-- 
2.47.0

---
  Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- -	2024-11-27 17:17:40.617307151 +0000
+++ 0075-crypto-openssl-fix-3DES-CTR-with-big-endian-CPUs.patch	2024-11-27 17:17:38.273269622 +0000
@@ -1 +1 @@
-From 97afd07ca79c7270480a65febd7f616a4c0b07ca Mon Sep 17 00:00:00 2001
+From 9f3dc338f2f4e357e422431bc778992d94d60ace Mon Sep 17 00:00:00 2001
@@ -8,0 +9,2 @@
+[ upstream commit 97afd07ca79c7270480a65febd7f616a4c0b07ca ]
+
@@ -18 +19,0 @@
-Cc: stable at dpdk.org
@@ -28 +29 @@
-index 9657b70c7a..0616383921 100644
+index a321258980..a75fb094ee 100644
@@ -31,2 +32,2 @@
-@@ -3,4 +3,5 @@
-  */
+@@ -5,4 +5,5 @@
+ #define OPENSSL_API_COMPAT 0x10100000L
@@ -37 +38 @@
-@@ -100,20 +101,4 @@ digest_name_get(enum rte_crypto_auth_algorithm algo)
+@@ -44,20 +45,4 @@ static void HMAC_CTX_free(HMAC_CTX *ctx)
@@ -58 +59 @@
-@@ -1193,5 +1178,6 @@ process_openssl_cipher_des3ctr(struct rte_mbuf *mbuf_src, uint8_t *dst,
+@@ -1013,5 +998,6 @@ process_openssl_cipher_des3ctr(struct rte_mbuf *mbuf_src, uint8_t *dst,
@@ -66 +67 @@
-@@ -1209,13 +1195,17 @@ process_openssl_cipher_des3ctr(struct rte_mbuf *mbuf_src, uint8_t *dst,
+@@ -1029,13 +1015,17 @@ process_openssl_cipher_des3ctr(struct rte_mbuf *mbuf_src, uint8_t *dst,

Previous message (by thread): patch 'net/mvneta: fix possible out-of-bounds write' has been queued to stable release 21.11.9
Next message (by thread): patch 'net/mlx5: fix memory leak in metering' has been queued to stable release 21.11.9
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the stable mailing list