RE: [PATCH v2] crypto/ipsec_mb: fix usage of untrusted value

Wed, 09 Mar 2022 06:40:21 -0800 

Hi Piotr,

>-----Original Message-----
>From: Zhang, Roy Fan <roy.fan.zh...@intel.com>
>Sent: Wednesday 9 March 2022 14:35
>To: Zhang, Roy Fan <roy.fan.zh...@intel.com>; Bronowski, PiotrX
><piotrx.bronow...@intel.com>; dev@dpdk.org
>Cc: tho...@monjalon.net; gak...@marvell.com; Yigit, Ferruh
><ferruh.yi...@intel.com>; Doherty, Declan <declan.dohe...@intel.com>;
>sta...@dpdk.org; Power, Ciara <ciara.po...@intel.com>
>Subject: RE: [PATCH v2] crypto/ipsec_mb: fix usage of untrusted value
>
>Hi Piotr,
>
>> -----Original Message-----
>> From: Zhang, Roy Fan <roy.fan.zh...@intel.com>
>> Sent: Monday, March 7, 2022 4:27 PM
>> To: Bronowski, PiotrX <piotrx.bronow...@intel.com>; dev@dpdk.org
>> Cc: tho...@monjalon.net; gak...@marvell.com; Yigit, Ferruh
>> <ferruh.yi...@intel.com>; Doherty, Declan <declan.dohe...@intel.com>;
>> sta...@dpdk.org
>> Subject: RE: [PATCH v2] crypto/ipsec_mb: fix usage of untrusted value
>>
>> > -----Original Message-----
>> > From: Bronowski, PiotrX <piotrx.bronow...@intel.com>
>> > Sent: Monday, March 7, 2022 3:33 PM
>> > To: dev@dpdk.org
>> > Cc: Zhang, Roy Fan <roy.fan.zh...@intel.com>; tho...@monjalon.net;
>> > gak...@marvell.com; Yigit, Ferruh <ferruh.yi...@intel.com>; Doherty,
>> Declan
>> > <declan.dohe...@intel.com>; Bronowski, PiotrX
>> > <piotrx.bronow...@intel.com>; sta...@dpdk.org
>> > Subject: [PATCH v2] crypto/ipsec_mb: fix usage of untrusted value
>> >
>> > This patch removes coverity defect CID 375828:
>> > Untrusted value as argument (TAINTED_SCALAR)
>> >
>> > Coverity issue: CID 375828
>> > Fixes: 918fd2f1466b ("crypto/ipsec_mb: move aesni_mb PMD")
>> >
>> > Signed-off-by: Piotr Bronowski <piotrx.bronow...@intel.com>
>> >
>> > Cc: sta...@dpdk.org
>> >
>> > ---
>> > v2: use a different logic to check digest length
>> > ---
>> Acked-by: Fan Zhang <roy.fan.zh...@intel.com>
>
>Sorry I missed a point in your change and thanks for Ciara pointing this out.
>You are changing the gen_digest_size to 64 which is wrong.
>Please send v3.
>Also instead of ack - Nack this patch.

[CP]

In the v3 I think Fixes line should also be updated to either:

Fixes: 746825e5c0ea ("crypto/ipsec_mb: move aesni_gcm PMD")
Or
Fixes: ceb863938708 ("crypto/aesni_gcm: support all truncated digest sizes")
Cc: pablo.de.lara.gua...@intel.com

(The second one seems to be where the code was introduced before being moved 
into the consolidated ipsec_mb PMD in 21.11)

Thanks,
Ciara

Reply via email to