From: Piotr Bronowski <piotrx.bronowski@intel.com>
Date: Wed, 9 Mar 2022 18:02:00 +0000 (+0000)
Subject: crypto/ipsec_mb: fix GCM requested digest length
X-Git-Url: http://git.droids-corp.org/?a=commitdiff_plain;h=2c6b3438d6caa096fca1b2f078f3ca18ce737ded;p=dpdk.git

crypto/ipsec_mb: fix GCM requested digest length

This patch removes coverity defect CID 375828:
Untrusted value as argument (TAINTED_SCALAR)

Coverity issue: 375828
Fixes: ceb863938708 ("crypto/aesni_gcm: support all truncated digest sizes")
Cc: stable@dpdk.org

Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Acked-by: Ciara Power <ciara.power@intel.com>
---

diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_gcm.c b/drivers/crypto/ipsec_mb/pmd_aesni_gcm.c
index e5ad629fe5..2c033c6f28 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_gcm.c
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_gcm.c
@@ -96,7 +96,9 @@ aesni_gcm_session_configure(IMB_MGR *mb_mgr, void *session,
 		sess->iv.length = auth_xform->auth.iv.length;
 		key_length = auth_xform->auth.key.length;
 		key = auth_xform->auth.key.data;
-		sess->req_digest_length = auth_xform->auth.digest_length;
+		sess->req_digest_length =
+		    RTE_MIN(auth_xform->auth.digest_length,
+				DIGEST_LENGTH_MAX);
 		break;
 	case IPSEC_MB_OP_AEAD_AUTHENTICATED_ENCRYPT:
 	case IPSEC_MB_OP_AEAD_AUTHENTICATED_DECRYPT:
@@ -116,7 +118,9 @@ aesni_gcm_session_configure(IMB_MGR *mb_mgr, void *session,
 		key_length = aead_xform->aead.key.length;
 		key = aead_xform->aead.key.data;
 		sess->aad_length = aead_xform->aead.aad_length;
-		sess->req_digest_length = aead_xform->aead.digest_length;
+		sess->req_digest_length =
+			RTE_MIN(aead_xform->aead.digest_length,
+				DIGEST_LENGTH_MAX);
 		break;
 	default:
 		IPSEC_MB_LOG(