* [PATCH] crypto/cnxk: fix coverity issues
@ 2024-06-15 11:33 Gowrishankar Muthukrishnan
2024-06-26 7:46 ` [EXTERNAL] " Akhil Goyal
0 siblings, 1 reply; 2+ messages in thread
From: Gowrishankar Muthukrishnan @ 2024-06-15 11:33 UTC (permalink / raw)
To: dev, Nithin Dabilpuram, Kiran Kumar K, Sunil Kumar Kori,
Satha Rao, Ankur Dwivedi, Anoob Joseph, Tejasree Kondoj
Cc: Gowrishankar Muthukrishnan, stable
Fix out-of-bound issues reported by coverity scan.
Coverity issue: 403164, 403165, 403166, 403167, 403169, 403170, 403171,
403172, 403173, 403174, 403176, 403178, 403179, 403180
Fixes: 5686b573e4b ("crypto/cnxk: support SM2")
Fixes: badc0c6f6d6 ("cryptodev: set private and public keys in EC session")
Cc: stable@dpdk.org
Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
---
drivers/common/cnxk/roc_ae.h | 16 +++++++++-------
drivers/crypto/cnxk/cnxk_ae.h | 24 +++++++++++++++++++-----
2 files changed, 28 insertions(+), 12 deletions(-)
diff --git a/drivers/common/cnxk/roc_ae.h b/drivers/common/cnxk/roc_ae.h
index a9a08d9fb9..7886b9d107 100644
--- a/drivers/common/cnxk/roc_ae.h
+++ b/drivers/common/cnxk/roc_ae.h
@@ -53,29 +53,31 @@ typedef enum {
ROC_AE_ERR_ECC_POINT_NOT_ON_CURVE = 0x11
} roc_ae_error_code;
+#define ROC_AE_EC_DATA_MAX 66
+
/* Prime and order fields of built-in elliptic curves */
struct roc_ae_ec_group {
struct {
/* P521 maximum length */
- uint8_t data[66];
+ uint8_t data[ROC_AE_EC_DATA_MAX];
unsigned int length;
} prime;
struct {
/* P521 maximum length */
- uint8_t data[66];
+ uint8_t data[ROC_AE_EC_DATA_MAX];
unsigned int length;
} order;
struct {
/* P521 maximum length */
- uint8_t data[66];
+ uint8_t data[ROC_AE_EC_DATA_MAX];
unsigned int length;
} consta;
struct {
/* P521 maximum length */
- uint8_t data[66];
+ uint8_t data[ROC_AE_EC_DATA_MAX];
unsigned int length;
} constb;
};
@@ -86,18 +88,18 @@ struct roc_ae_ec_ctx {
/* Private key */
struct {
- uint8_t data[66];
+ uint8_t data[ROC_AE_EC_DATA_MAX];
unsigned int length;
} pkey;
/* Public key */
struct {
struct {
- uint8_t data[66];
+ uint8_t data[ROC_AE_EC_DATA_MAX];
unsigned int length;
} x;
struct {
- uint8_t data[66];
+ uint8_t data[ROC_AE_EC_DATA_MAX];
unsigned int length;
} y;
} q;
diff --git a/drivers/crypto/cnxk/cnxk_ae.h b/drivers/crypto/cnxk/cnxk_ae.h
index ea11e093bf..a843d6b5ef 100644
--- a/drivers/crypto/cnxk/cnxk_ae.h
+++ b/drivers/crypto/cnxk/cnxk_ae.h
@@ -205,16 +205,22 @@ cnxk_ae_fill_ec_params(struct cnxk_ae_sess *sess,
return 0;
ec->pkey.length = xform->ec.pkey.length;
- if (xform->ec.pkey.length)
- rte_memcpy(ec->pkey.data, xform->ec.pkey.data, xform->ec.pkey.length);
+ if (ec->pkey.length > ROC_AE_EC_DATA_MAX)
+ ec->pkey.length = ROC_AE_EC_DATA_MAX;
+ if (ec->pkey.length)
+ rte_memcpy(ec->pkey.data, xform->ec.pkey.data, ec->pkey.length);
ec->q.x.length = xform->ec.q.x.length;
- if (xform->ec.q.x.length)
- rte_memcpy(ec->q.x.data, xform->ec.q.x.data, xform->ec.q.x.length);
+ if (ec->q.x.length > ROC_AE_EC_DATA_MAX)
+ ec->q.x.length = ROC_AE_EC_DATA_MAX;
+ if (ec->q.x.length)
+ rte_memcpy(ec->q.x.data, xform->ec.q.x.data, ec->q.x.length);
ec->q.y.length = xform->ec.q.y.length;
+ if (ec->q.y.length > ROC_AE_EC_DATA_MAX)
+ ec->q.y.length = ROC_AE_EC_DATA_MAX;
if (xform->ec.q.y.length)
- rte_memcpy(ec->q.y.data, xform->ec.q.y.data, xform->ec.q.y.length);
+ rte_memcpy(ec->q.y.data, xform->ec.q.y.data, ec->q.y.length);
return 0;
}
@@ -735,7 +741,11 @@ cnxk_ae_sm2_sign_prep(struct rte_crypto_sm2_op_param *sm2,
uint8_t *dptr;
prime_len = ec_grp->prime.length;
+ if (prime_len > ROC_AE_EC_DATA_MAX)
+ prime_len = ROC_AE_EC_DATA_MAX;
order_len = ec_grp->order.length;
+ if (order_len > ROC_AE_EC_DATA_MAX)
+ order_len = ROC_AE_EC_DATA_MAX;
/* Truncate input length to curve prime length */
if (message_len > prime_len)
@@ -822,7 +832,11 @@ cnxk_ae_sm2_verify_prep(struct rte_crypto_sm2_op_param *sm2,
uint8_t *dptr;
prime_len = ec_grp->prime.length;
+ if (prime_len > ROC_AE_EC_DATA_MAX)
+ prime_len = ROC_AE_EC_DATA_MAX;
order_len = ec_grp->order.length;
+ if (order_len > ROC_AE_EC_DATA_MAX)
+ order_len = ROC_AE_EC_DATA_MAX;
/* Truncate input length to curve prime length */
if (message_len > prime_len)
--
2.25.1
^ permalink raw reply [flat|nested] 2+ messages in thread
* RE: [EXTERNAL] [PATCH] crypto/cnxk: fix coverity issues
2024-06-15 11:33 [PATCH] crypto/cnxk: fix coverity issues Gowrishankar Muthukrishnan
@ 2024-06-26 7:46 ` Akhil Goyal
0 siblings, 0 replies; 2+ messages in thread
From: Akhil Goyal @ 2024-06-26 7:46 UTC (permalink / raw)
To: Gowrishankar Muthukrishnan, dev, Nithin Kumar Dabilpuram,
Kiran Kumar Kokkilagadda, Sunil Kumar Kori,
Satha Koteswara Rao Kottidi, Ankur Dwivedi, Anoob Joseph,
Tejasree Kondoj
Cc: Gowrishankar Muthukrishnan, stable
[-- Attachment #1: Type: text/plain, Size: 536 bytes --]
> Fix out-of-bound issues reported by coverity scan.
>
> Coverity issue: 403164, 403165, 403166, 403167, 403169, 403170,
> 403171,
> 403172, 403173, 403174, 403176, 403178, 403179, 403180
> Fixes: 5686b573e4b ("crypto/cnxk: support SM2")
> Fixes: badc0c6f6d6 ("cryptodev: set private and public keys in EC session")
> Cc: stable@dpdk.org
>
> Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
Applied to dpdk-next-crypto
Title changed to "crypto/cnxk: fix out of bound access"
Thanks.
[-- Attachment #2: winmail.dat --]
[-- Type: application/ms-tnef, Size: 14472 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2024-06-26 7:46 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-06-15 11:33 [PATCH] crypto/cnxk: fix coverity issues Gowrishankar Muthukrishnan
2024-06-26 7:46 ` [EXTERNAL] " Akhil Goyal
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).