From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 68C4E4546C; Sat, 15 Jun 2024 13:33:18 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 52907402BB; Sat, 15 Jun 2024 13:33:18 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 241BF40269; Sat, 15 Jun 2024 13:33:17 +0200 (CEST) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 45F9qRbY019475; Sat, 15 Jun 2024 04:33:16 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= cc:content-transfer-encoding:content-type:date:from:message-id :mime-version:subject:to; s=pfpt0220; bh=yMIDqXfrvsblaGFqMQfVKR4 uG9+txt+eaWKtvDXbVE0=; b=R4nUNbtYGVbgqqeJQgVvs/3gD1CnnNq7Yl5++/x Dd2aZcvKtUZQD2t5VQpUueBVp0IY4tefUaqgH366DEdwfzEaJjJo2fmhYEY1dfC1 d7R8k0nbmj9oh43kN6R44YaMQg13i+7LYPCSsRDlurjHKs1UGLlRMqlu2Q1Jpenv uuwc4DKDsoBYg25HNSjD9I8bMFMePcz0gxcVYYueJ+eRxamaaP7isBEihii8IFwx pFzUCcMgq7+EpmgEraMFwOw2CJGX8OoBmcn7bO8S/VgQjYyJc2H7w2MVG+SPqKgr /fCYrLaICaKKcELWs9C+KnvTWHvZhP4V1SPtyVYsMf1tSLg== Received: from dc5-exch05.marvell.com ([199.233.59.128]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3yrcq4nb5y-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 15 Jun 2024 04:33:16 -0700 (PDT) Received: from DC5-EXCH05.marvell.com (10.69.176.209) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.4; Sat, 15 Jun 2024 04:33:14 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server id 15.2.1544.4 via Frontend Transport; Sat, 15 Jun 2024 04:33:14 -0700 Received: from BG-LT91401.marvell.com (unknown [10.28.168.34]) by maili.marvell.com (Postfix) with ESMTP id 81AFD5B692E; Sat, 15 Jun 2024 04:33:10 -0700 (PDT) From: Gowrishankar Muthukrishnan To: , Nithin Dabilpuram , Kiran Kumar K , Sunil Kumar Kori , Satha Rao , Ankur Dwivedi , Anoob Joseph , Tejasree Kondoj CC: Gowrishankar Muthukrishnan , Subject: [PATCH] crypto/cnxk: fix coverity issues Date: Sat, 15 Jun 2024 17:03:01 +0530 Message-ID: <20240615113304.2197-1-gmuthukrishn@marvell.com> X-Mailer: git-send-email 2.21.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Proofpoint-ORIG-GUID: 387a6V0NuJza54Cm1MOIZtw_TSuhQFO6 X-Proofpoint-GUID: 387a6V0NuJza54Cm1MOIZtw_TSuhQFO6 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1039,Hydra:6.0.680,FMLib:17.12.28.16 definitions=2024-06-15_08,2024-06-14_03,2024-05-17_01 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Fix out-of-bound issues reported by coverity scan. Coverity issue: 403164, 403165, 403166, 403167, 403169, 403170, 403171, 403172, 403173, 403174, 403176, 403178, 403179, 403180 Fixes: 5686b573e4b ("crypto/cnxk: support SM2") Fixes: badc0c6f6d6 ("cryptodev: set private and public keys in EC session") Cc: stable@dpdk.org Signed-off-by: Gowrishankar Muthukrishnan --- drivers/common/cnxk/roc_ae.h | 16 +++++++++------- drivers/crypto/cnxk/cnxk_ae.h | 24 +++++++++++++++++++----- 2 files changed, 28 insertions(+), 12 deletions(-) diff --git a/drivers/common/cnxk/roc_ae.h b/drivers/common/cnxk/roc_ae.h index a9a08d9fb9..7886b9d107 100644 --- a/drivers/common/cnxk/roc_ae.h +++ b/drivers/common/cnxk/roc_ae.h @@ -53,29 +53,31 @@ typedef enum { ROC_AE_ERR_ECC_POINT_NOT_ON_CURVE = 0x11 } roc_ae_error_code; +#define ROC_AE_EC_DATA_MAX 66 + /* Prime and order fields of built-in elliptic curves */ struct roc_ae_ec_group { struct { /* P521 maximum length */ - uint8_t data[66]; + uint8_t data[ROC_AE_EC_DATA_MAX]; unsigned int length; } prime; struct { /* P521 maximum length */ - uint8_t data[66]; + uint8_t data[ROC_AE_EC_DATA_MAX]; unsigned int length; } order; struct { /* P521 maximum length */ - uint8_t data[66]; + uint8_t data[ROC_AE_EC_DATA_MAX]; unsigned int length; } consta; struct { /* P521 maximum length */ - uint8_t data[66]; + uint8_t data[ROC_AE_EC_DATA_MAX]; unsigned int length; } constb; }; @@ -86,18 +88,18 @@ struct roc_ae_ec_ctx { /* Private key */ struct { - uint8_t data[66]; + uint8_t data[ROC_AE_EC_DATA_MAX]; unsigned int length; } pkey; /* Public key */ struct { struct { - uint8_t data[66]; + uint8_t data[ROC_AE_EC_DATA_MAX]; unsigned int length; } x; struct { - uint8_t data[66]; + uint8_t data[ROC_AE_EC_DATA_MAX]; unsigned int length; } y; } q; diff --git a/drivers/crypto/cnxk/cnxk_ae.h b/drivers/crypto/cnxk/cnxk_ae.h index ea11e093bf..a843d6b5ef 100644 --- a/drivers/crypto/cnxk/cnxk_ae.h +++ b/drivers/crypto/cnxk/cnxk_ae.h @@ -205,16 +205,22 @@ cnxk_ae_fill_ec_params(struct cnxk_ae_sess *sess, return 0; ec->pkey.length = xform->ec.pkey.length; - if (xform->ec.pkey.length) - rte_memcpy(ec->pkey.data, xform->ec.pkey.data, xform->ec.pkey.length); + if (ec->pkey.length > ROC_AE_EC_DATA_MAX) + ec->pkey.length = ROC_AE_EC_DATA_MAX; + if (ec->pkey.length) + rte_memcpy(ec->pkey.data, xform->ec.pkey.data, ec->pkey.length); ec->q.x.length = xform->ec.q.x.length; - if (xform->ec.q.x.length) - rte_memcpy(ec->q.x.data, xform->ec.q.x.data, xform->ec.q.x.length); + if (ec->q.x.length > ROC_AE_EC_DATA_MAX) + ec->q.x.length = ROC_AE_EC_DATA_MAX; + if (ec->q.x.length) + rte_memcpy(ec->q.x.data, xform->ec.q.x.data, ec->q.x.length); ec->q.y.length = xform->ec.q.y.length; + if (ec->q.y.length > ROC_AE_EC_DATA_MAX) + ec->q.y.length = ROC_AE_EC_DATA_MAX; if (xform->ec.q.y.length) - rte_memcpy(ec->q.y.data, xform->ec.q.y.data, xform->ec.q.y.length); + rte_memcpy(ec->q.y.data, xform->ec.q.y.data, ec->q.y.length); return 0; } @@ -735,7 +741,11 @@ cnxk_ae_sm2_sign_prep(struct rte_crypto_sm2_op_param *sm2, uint8_t *dptr; prime_len = ec_grp->prime.length; + if (prime_len > ROC_AE_EC_DATA_MAX) + prime_len = ROC_AE_EC_DATA_MAX; order_len = ec_grp->order.length; + if (order_len > ROC_AE_EC_DATA_MAX) + order_len = ROC_AE_EC_DATA_MAX; /* Truncate input length to curve prime length */ if (message_len > prime_len) @@ -822,7 +832,11 @@ cnxk_ae_sm2_verify_prep(struct rte_crypto_sm2_op_param *sm2, uint8_t *dptr; prime_len = ec_grp->prime.length; + if (prime_len > ROC_AE_EC_DATA_MAX) + prime_len = ROC_AE_EC_DATA_MAX; order_len = ec_grp->order.length; + if (order_len > ROC_AE_EC_DATA_MAX) + order_len = ROC_AE_EC_DATA_MAX; /* Truncate input length to curve prime length */ if (message_len > prime_len) -- 2.25.1