From e45847d8fd0cd9c46ea13a6b5b87087cfb8ae393 Mon Sep 17 00:00:00 2001 From: Pablo de Lara Date: Fri, 9 Oct 2020 12:05:20 +0000 Subject: [PATCH] crypto/aesni_mb: fix GCM digest size check GCM digest sizes should be between 1 and 16 bytes. Fixes: 7b2d4706c90e ("crypto/aesni_mb: support newer library version only") Cc: stable@dpdk.org Signed-off-by: Pablo de Lara --- .../crypto/aesni_mb/aesni_mb_pmd_private.h | 4 ++-- drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 22 +++++++++---------- .../crypto/aesni_mb/rte_aesni_mb_pmd_ops.c | 8 +++---- 3 files changed, 16 insertions(+), 18 deletions(-) diff --git a/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h b/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h index 9693bf9854..7481e1d5e9 100644 --- a/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h +++ b/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h @@ -85,7 +85,7 @@ static const unsigned auth_truncated_digest_byte_lengths[] = { [AES_CMAC] = 12, [AES_CCM] = 8, [NULL_HASH] = 0, - [AES_GMAC] = 16, + [AES_GMAC] = 12, [PLAIN_SHA1] = 20, [PLAIN_SHA_224] = 28, [PLAIN_SHA_256] = 32, @@ -121,7 +121,7 @@ static const unsigned auth_digest_byte_lengths[] = { [AES_XCBC] = 16, [AES_CMAC] = 16, [AES_CCM] = 16, - [AES_GMAC] = 12, + [AES_GMAC] = 16, [NULL_HASH] = 0, [PLAIN_SHA1] = 20, [PLAIN_SHA_224] = 28, diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c index ba2882d276..7dbe40e025 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c @@ -213,19 +213,11 @@ aesni_mb_set_session_auth_parameters(const MB_MGR *mb_mgr, sess->cipher.direction = DECRYPT; sess->auth.algo = AES_GMAC; - /* - * Multi-buffer lib supports 8, 12 and 16 bytes of digest. - * If size requested is different, generate the full digest - * (16 bytes) in a temporary location and then memcpy - * the requested number of bytes. - */ - if (sess->auth.req_digest_len != 16 && - sess->auth.req_digest_len != 12 && - sess->auth.req_digest_len != 8) { - sess->auth.gen_digest_len = 16; - } else { - sess->auth.gen_digest_len = sess->auth.req_digest_len; + if (sess->auth.req_digest_len > get_digest_byte_length(AES_GMAC)) { + AESNI_MB_LOG(ERR, "Invalid digest size\n"); + return -EINVAL; } + sess->auth.gen_digest_len = sess->auth.req_digest_len; sess->iv.length = xform->auth.iv.length; sess->iv.offset = xform->auth.iv.offset; @@ -721,6 +713,12 @@ aesni_mb_set_session_aead_parameters(const MB_MGR *mb_mgr, return -EINVAL; } + /* GCM digest size must be between 1 and 16 */ + if (sess->auth.req_digest_len == 0 || + sess->auth.req_digest_len > 16) { + AESNI_MB_LOG(ERR, "Invalid digest size\n"); + return -EINVAL; + } break; default: diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c index e54205f1b8..46b8517a9f 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c @@ -455,9 +455,9 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = { .increment = 8 }, .digest_size = { - .min = 8, + .min = 1, .max = 16, - .increment = 4 + .increment = 1 }, .aad_size = { .min = 0, @@ -485,9 +485,9 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = { .increment = 8 }, .digest_size = { - .min = 8, + .min = 1, .max = 16, - .increment = 4 + .increment = 1 }, .iv_size = { .min = 12, -- 2.20.1