From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by dpdk.org (Postfix) with ESMTP id 9772437B4 for ; Mon, 15 Jan 2018 14:53:34 +0100 (CET) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmsmga102.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 15 Jan 2018 05:53:33 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.46,363,1511856000"; d="scan'208";a="10915004" Received: from tjozwiax-wtg1.ger.corp.intel.com (HELO localhost.localdomain) ([10.103.104.22]) by fmsmga002.fm.intel.com with ESMTP; 15 Jan 2018 05:53:32 -0800 From: Tomasz Jozwiak To: pablo.de.lara.guarch@intel.com Cc: dev@dpdk.org, Tomasz Jozwiak Date: Mon, 15 Jan 2018 14:53:29 +0100 Message-Id: <1516024409-7659-1-git-send-email-tomaszx.jozwiak@intel.com> X-Mailer: git-send-email 2.7.4 Subject: [dpdk-dev] [PATCH] crypto/qat: fix out-of-bounds compiler error X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Jan 2018 13:53:35 -0000 This commit fixes - bpi_cipher_encrypt to prevent before 'array subscript is above array bounds' error - bpi_cipher_decrypt to prevent before 'array subscript is above array bounds' error - right cast from qat_cipher_get_block_size function. This function can return -EFAULT in case of any error, and that value must be cast to int instead of uint8_t - typo in error message A performance improvement was added to bpi_cipher_encrypt and bpi_cipher_decrypt as well. Fixes: d18ab45f7654 ("crypto/qat: support DOCSIS BPI mode") Signed-off-by: Tomasz Jozwiak --- drivers/crypto/qat/qat_crypto.c | 28 +++++++++++++++++----------- 1 file changed, 17 insertions(+), 11 deletions(-) diff --git a/drivers/crypto/qat/qat_crypto.c b/drivers/crypto/qat/qat_crypto.c index a572967..c63697e 100644 --- a/drivers/crypto/qat/qat_crypto.c +++ b/drivers/crypto/qat/qat_crypto.c @@ -69,6 +69,10 @@ #include "adf_transport_access_macros.h" #define BYTE_LENGTH 8 +/* bpi is only used for partial blocks of DES and AES + * so AES block len can be assumed as max len for iv, src and dst + */ +#define BPI_MAX_ENCR_IV_LEN ICP_QAT_HW_AES_BLK_SZ static int qat_is_cipher_alg_supported(enum rte_crypto_cipher_algorithm algo, @@ -121,16 +125,17 @@ bpi_cipher_encrypt(uint8_t *src, uint8_t *dst, { EVP_CIPHER_CTX *ctx = (EVP_CIPHER_CTX *)bpi_ctx; int encrypted_ivlen; - uint8_t encrypted_iv[16]; - int i; + uint8_t encrypted_iv[BPI_MAX_ENCR_IV_LEN]; + + register uint8_t *encr = encrypted_iv; /* ECB method: encrypt the IV, then XOR this with plaintext */ if (EVP_EncryptUpdate(ctx, encrypted_iv, &encrypted_ivlen, iv, ivlen) <= 0) goto cipher_encrypt_err; - for (i = 0; i < srclen; i++) - *(dst+i) = *(src+i)^(encrypted_iv[i]); + for (; srclen != 0; --srclen, ++dst, ++src, ++encr) + *dst = *src ^ *encr; return 0; @@ -150,21 +155,22 @@ bpi_cipher_decrypt(uint8_t *src, uint8_t *dst, { EVP_CIPHER_CTX *ctx = (EVP_CIPHER_CTX *)bpi_ctx; int encrypted_ivlen; - uint8_t encrypted_iv[16]; - int i; + uint8_t encrypted_iv[BPI_MAX_ENCR_IV_LEN]; + + register uint8_t *encr = encrypted_iv; /* ECB method: encrypt (not decrypt!) the IV, then XOR with plaintext */ if (EVP_EncryptUpdate(ctx, encrypted_iv, &encrypted_ivlen, iv, ivlen) <= 0) goto cipher_decrypt_err; - for (i = 0; i < srclen; i++) - *(dst+i) = *(src+i)^(encrypted_iv[i]); + for (; srclen != 0; --srclen, ++dst, ++src, ++encr) + *dst = *src ^ *encr; return 0; cipher_decrypt_err: - PMD_DRV_LOG(ERR, "libcrypto ECB cipher encrypt for BPI IV failed"); + PMD_DRV_LOG(ERR, "libcrypto ECB cipher decrypt for BPI IV failed"); return -EINVAL; } @@ -844,7 +850,7 @@ static inline uint32_t qat_bpicipher_preprocess(struct qat_session *ctx, struct rte_crypto_op *op) { - uint8_t block_len = qat_cipher_get_block_size(ctx->qat_cipher_alg); + int block_len = qat_cipher_get_block_size(ctx->qat_cipher_alg); struct rte_crypto_sym_op *sym_op = op->sym; uint8_t last_block_len = block_len > 0 ? sym_op->cipher.data.length % block_len : 0; @@ -899,7 +905,7 @@ static inline uint32_t qat_bpicipher_postprocess(struct qat_session *ctx, struct rte_crypto_op *op) { - uint8_t block_len = qat_cipher_get_block_size(ctx->qat_cipher_alg); + int block_len = qat_cipher_get_block_size(ctx->qat_cipher_alg); struct rte_crypto_sym_op *sym_op = op->sym; uint8_t last_block_len = block_len > 0 ? sym_op->cipher.data.length % block_len : 0; -- 2.7.4