crypto/ipsec_mb: fix GCM requested digest length

This patch removes coverity defect CID 375828:
Untrusted value as argument (TAINTED_SCALAR)

Coverity issue: 375828
Fixes: ceb863938708 ("crypto/aesni_gcm: support all truncated digest sizes")
Cc: stable@dpdk.org
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Acked-by: Ciara Power <ciara.power@intel.com>

diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_gcm.c b/drivers/crypto/ipsec_mb/pmd_aesni_gcm.c
index e5ad629..2c033c6 100644 (file)
--- a/drivers/crypto/ipsec_mb/pmd_aesni_gcm.c
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_gcm.c
@@ -96,7 +96,9 @@ aesni_gcm_session_configure(IMB_MGR *mb_mgr, void *session,
                sess->iv.length = auth_xform->auth.iv.length;
                key_length = auth_xform->auth.key.length;
                key = auth_xform->auth.key.data;
-               sess->req_digest_length = auth_xform->auth.digest_length;
+               sess->req_digest_length =
+                   RTE_MIN(auth_xform->auth.digest_length,
+                               DIGEST_LENGTH_MAX);
                break;
        case IPSEC_MB_OP_AEAD_AUTHENTICATED_ENCRYPT:
        case IPSEC_MB_OP_AEAD_AUTHENTICATED_DECRYPT:
@@ -116,7 +118,9 @@ aesni_gcm_session_configure(IMB_MGR *mb_mgr, void *session,
                key_length = aead_xform->aead.key.length;
                key = aead_xform->aead.key.data;
                sess->aad_length = aead_xform->aead.aad_length;
-               sess->req_digest_length = aead_xform->aead.digest_length;
+               sess->req_digest_length =
+                       RTE_MIN(aead_xform->aead.digest_length,
+                               DIGEST_LENGTH_MAX);
                break;
        default:
                IPSEC_MB_LOG(