crypto/cnxk: fix coverity issues
Checks
Commit Message
Fix out-of-bound issues reported by coverity scan.
Coverity issue: 403164, 403165, 403166, 403167, 403169, 403170, 403171,
403172, 403173, 403174, 403176, 403178, 403179, 403180
Fixes: 5686b573e4b ("crypto/cnxk: support SM2")
Fixes: badc0c6f6d6 ("cryptodev: set private and public keys in EC session")
Cc: stable@dpdk.org
Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
---
drivers/common/cnxk/roc_ae.h | 16 +++++++++-------
drivers/crypto/cnxk/cnxk_ae.h | 24 +++++++++++++++++++-----
2 files changed, 28 insertions(+), 12 deletions(-)
Comments
> Fix out-of-bound issues reported by coverity scan.
>
> Coverity issue: 403164, 403165, 403166, 403167, 403169, 403170,
> 403171,
> 403172, 403173, 403174, 403176, 403178, 403179, 403180
> Fixes: 5686b573e4b ("crypto/cnxk: support SM2")
> Fixes: badc0c6f6d6 ("cryptodev: set private and public keys in EC session")
> Cc: stable@dpdk.org
>
> Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
Applied to dpdk-next-crypto
Title changed to "crypto/cnxk: fix out of bound access"
Thanks.
@@ -53,29 +53,31 @@ typedef enum {
ROC_AE_ERR_ECC_POINT_NOT_ON_CURVE = 0x11
} roc_ae_error_code;
+#define ROC_AE_EC_DATA_MAX 66
+
/* Prime and order fields of built-in elliptic curves */
struct roc_ae_ec_group {
struct {
/* P521 maximum length */
- uint8_t data[66];
+ uint8_t data[ROC_AE_EC_DATA_MAX];
unsigned int length;
} prime;
struct {
/* P521 maximum length */
- uint8_t data[66];
+ uint8_t data[ROC_AE_EC_DATA_MAX];
unsigned int length;
} order;
struct {
/* P521 maximum length */
- uint8_t data[66];
+ uint8_t data[ROC_AE_EC_DATA_MAX];
unsigned int length;
} consta;
struct {
/* P521 maximum length */
- uint8_t data[66];
+ uint8_t data[ROC_AE_EC_DATA_MAX];
unsigned int length;
} constb;
};
@@ -86,18 +88,18 @@ struct roc_ae_ec_ctx {
/* Private key */
struct {
- uint8_t data[66];
+ uint8_t data[ROC_AE_EC_DATA_MAX];
unsigned int length;
} pkey;
/* Public key */
struct {
struct {
- uint8_t data[66];
+ uint8_t data[ROC_AE_EC_DATA_MAX];
unsigned int length;
} x;
struct {
- uint8_t data[66];
+ uint8_t data[ROC_AE_EC_DATA_MAX];
unsigned int length;
} y;
} q;
@@ -205,16 +205,22 @@ cnxk_ae_fill_ec_params(struct cnxk_ae_sess *sess,
return 0;
ec->pkey.length = xform->ec.pkey.length;
- if (xform->ec.pkey.length)
- rte_memcpy(ec->pkey.data, xform->ec.pkey.data, xform->ec.pkey.length);
+ if (ec->pkey.length > ROC_AE_EC_DATA_MAX)
+ ec->pkey.length = ROC_AE_EC_DATA_MAX;
+ if (ec->pkey.length)
+ rte_memcpy(ec->pkey.data, xform->ec.pkey.data, ec->pkey.length);
ec->q.x.length = xform->ec.q.x.length;
- if (xform->ec.q.x.length)
- rte_memcpy(ec->q.x.data, xform->ec.q.x.data, xform->ec.q.x.length);
+ if (ec->q.x.length > ROC_AE_EC_DATA_MAX)
+ ec->q.x.length = ROC_AE_EC_DATA_MAX;
+ if (ec->q.x.length)
+ rte_memcpy(ec->q.x.data, xform->ec.q.x.data, ec->q.x.length);
ec->q.y.length = xform->ec.q.y.length;
+ if (ec->q.y.length > ROC_AE_EC_DATA_MAX)
+ ec->q.y.length = ROC_AE_EC_DATA_MAX;
if (xform->ec.q.y.length)
- rte_memcpy(ec->q.y.data, xform->ec.q.y.data, xform->ec.q.y.length);
+ rte_memcpy(ec->q.y.data, xform->ec.q.y.data, ec->q.y.length);
return 0;
}
@@ -735,7 +741,11 @@ cnxk_ae_sm2_sign_prep(struct rte_crypto_sm2_op_param *sm2,
uint8_t *dptr;
prime_len = ec_grp->prime.length;
+ if (prime_len > ROC_AE_EC_DATA_MAX)
+ prime_len = ROC_AE_EC_DATA_MAX;
order_len = ec_grp->order.length;
+ if (order_len > ROC_AE_EC_DATA_MAX)
+ order_len = ROC_AE_EC_DATA_MAX;
/* Truncate input length to curve prime length */
if (message_len > prime_len)
@@ -822,7 +832,11 @@ cnxk_ae_sm2_verify_prep(struct rte_crypto_sm2_op_param *sm2,
uint8_t *dptr;
prime_len = ec_grp->prime.length;
+ if (prime_len > ROC_AE_EC_DATA_MAX)
+ prime_len = ROC_AE_EC_DATA_MAX;
order_len = ec_grp->order.length;
+ if (order_len > ROC_AE_EC_DATA_MAX)
+ order_len = ROC_AE_EC_DATA_MAX;
/* Truncate input length to curve prime length */
if (message_len > prime_len)