From patchwork Tue Sep 11 11:00:06 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 146431 Delivered-To: patch@linaro.org Received: by 2002:a2e:1648:0:0:0:0:0 with SMTP id 8-v6csp3500254ljw; Tue, 11 Sep 2018 04:00:49 -0700 (PDT) X-Google-Smtp-Source: ANB0VdbM560lFQHhqmKBAVNEHkDPRIjVS4uF/N6+l1bGOE4uzg94TuhW+raE8+cALufjTlAXoqr+ X-Received: by 2002:ac8:1739:: with SMTP id w54-v6mr19597702qtj.294.1536663649768; Tue, 11 Sep 2018 04:00:49 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1536663649; cv=none; d=google.com; s=arc-20160816; b=dIHC+/cY+ccBl/8NJse5Cd4iYiUfjF4vHGiCBHH+3tMbs6ErdhOQxbIZoYMHW+pMbF W8BQ9uI47PsXAXmZxLyrbwPA+dY7A49NEvcQukqogyWcdkdMqfJZLnuRDELEmtW/ovW5 gjumpoYwsDNHEIhp7NWgZVJqNkU2HBJqnqQ/HV4PQAus18Li9QqVgzMVJO9KisKj4NuD v0qzbXW6qpPQtCaGtBv8thtryjWJn4lTW+kS1FnxQWevgbdqK2hbO8BKTAyKmDkNcE8U W9uXm3BWwDH1TFKV+gR/QDRnQmaDAcH3ZlTOEsRXa40YupqzV0MIMs21dwx11vQ64lI3 9r1w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to; bh=6DNnLMSdB88RtqtPOd+gX5ZVppGkZ4IkGjRl9Sc1NAc=; b=g3o2lLAyJK8K7BBkMN6Tblmu9WdoaXpcz9Qa50wYzqaFnSFU/vEwiDMD3M6yiJ4G29 dRwXRNGGv/B0e/3//9bGshwJYlkW1vbDcCyCC4Q+iRsN2NWh4wDALpeJeiNS6N2d0898 9K/SpUKhsKn5PIdm19S7hUADMOoMrBDUXFV4y8BcfOfIwGmpLOWxCVTIq2MX+BJEFCSe ep9UEPfAkH7GGjyaRQb4MXHiosHrQ6vDv+7lCnjeZBHaMadHbHeDXP9wvreu8jGC/9BS npNUeS6Qw4xY+kfCXNzWRp0WjYhFexS6y0T5TLIjTEnrgTGaI75JAMc+dRhvBl1nU5E8 sh3A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id 207-v6si1926826qkh.294.2018.09.11.04.00.49; Tue, 11 Sep 2018 04:00:49 -0700 (PDT) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 4266261C08; Tue, 11 Sep 2018 11:00:49 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-3.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, MAILING_LIST_MULTI, RCVD_IN_DNSWL_LOW autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 31C3D61BFE; Tue, 11 Sep 2018 11:00:18 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 6CAD661BFD; Tue, 11 Sep 2018 11:00:14 +0000 (UTC) Received: from forward104j.mail.yandex.net (forward104j.mail.yandex.net [5.45.198.247]) by lists.linaro.org (Postfix) with ESMTPS id 5876661BDD for ; Tue, 11 Sep 2018 11:00:12 +0000 (UTC) Received: from mxback4g.mail.yandex.net (mxback4g.mail.yandex.net [IPv6:2a02:6b8:0:1472:2741:0:8b7:165]) by forward104j.mail.yandex.net (Yandex) with ESMTP id D825B4663B for ; Tue, 11 Sep 2018 14:00:10 +0300 (MSK) Received: from smtp3o.mail.yandex.net (smtp3o.mail.yandex.net [2a02:6b8:0:1a2d::27]) by mxback4g.mail.yandex.net (nwsmtp/Yandex) with ESMTP id DlIAmdOZfY-0A940fLB; Tue, 11 Sep 2018 14:00:10 +0300 Received: by smtp3o.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id BmOEA77MgK-09RmErM7; Tue, 11 Sep 2018 14:00:09 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Tue, 11 Sep 2018 11:00:06 +0000 Message-Id: <1536663606-8007-2-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1536663606-8007-1-git-send-email-odpbot@yandex.ru> References: <1536663606-8007-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 697 Subject: [lng-odp] [PATCH v1 1/1] linux-gen: ipsec: fix sliding window shifts X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Dmitry Eremin-Solenikov If shift is greater than window bit-width, bit shift results in undefined behaviour. Rewrite code to excplicitly set the mask in such cases. Signed-off-by: Dmitry Eremin-Solenikov Fixes: https://bugs.linaro.org/show_bug.cgi?id=3999 --- /** Email created from pull request 697 (lumag:ipsec-seq) ** https://github.com/Linaro/odp/pull/697 ** Patch: https://github.com/Linaro/odp/pull/697.patch ** Base sha: 33fbc04b6373960ec3f84de4e7e7b34c49d71508 ** Merge commit sha: ec1eaa3b88c25979551791e3eb7f43ee6b10deed **/ platform/linux-generic/odp_ipsec_sad.c | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/platform/linux-generic/odp_ipsec_sad.c b/platform/linux-generic/odp_ipsec_sad.c index 11f37fd8f..3c19939e4 100644 --- a/platform/linux-generic/odp_ipsec_sad.c +++ b/platform/linux-generic/odp_ipsec_sad.c @@ -701,18 +701,17 @@ int _odp_ipsec_sa_replay_update(ipsec_sa_t *ipsec_sa, uint32_t seq, if (seq + IPSEC_ANTIREPLAY_WS <= max_seq) { status->error.antireplay = 1; return -1; - } - - if (seq > max_seq) { + } else if (seq >= max_seq + IPSEC_ANTIREPLAY_WS) { + mask = 1; + max_seq = seq; + } else if (seq > max_seq) { mask <<= seq - max_seq; mask |= 1; max_seq = seq; + } else if (mask & (1U << (max_seq - seq))) { + status->error.antireplay = 1; + return -1; } else { - if (mask & (1U << (max_seq - seq))) { - status->error.antireplay = 1; - return -1; - } - mask |= (1U << (max_seq - seq)); }