crypto/ipsec_mb: fix GCM requested digest length

[ upstream commit 2c6b343 ] This patch removes coverity defect CID 375828: Untrusted value as argument (TAINTED_SCALAR) Coverity issue: 375828 Fixes: ceb8639 ("crypto/aesni_gcm: support all truncated digest sizes") Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com> Acked-by: Ciara Power <ciara.power@intel.com>
kevintraynor · Mar 15, 2022 · 75c5700 · 75c5700
1 parent 8fc808e
commit 75c5700
Showing 1 changed file with 6 additions and 2 deletions.
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_gcm.c b/drivers/crypto/ipsec_mb/pmd_aesni_gcm.c
@@ -96,7 +96,9 @@ aesni_gcm_session_configure(IMB_MGR *mb_mgr, void *session,
 		sess->iv.length = auth_xform->auth.iv.length;
 		key_length = auth_xform->auth.key.length;
 		key = auth_xform->auth.key.data;
-		sess->req_digest_length = auth_xform->auth.digest_length;
+		sess->req_digest_length =
+		    RTE_MIN(auth_xform->auth.digest_length,
+				DIGEST_LENGTH_MAX);
 		break;
 	case IPSEC_MB_OP_AEAD_AUTHENTICATED_ENCRYPT:
 	case IPSEC_MB_OP_AEAD_AUTHENTICATED_DECRYPT:
@@ -116,7 +118,9 @@ aesni_gcm_session_configure(IMB_MGR *mb_mgr, void *session,
 		key_length = aead_xform->aead.key.length;
 		key = aead_xform->aead.key.data;
 		sess->aad_length = aead_xform->aead.aad_length;
-		sess->req_digest_length = aead_xform->aead.digest_length;
+		sess->req_digest_length =
+			RTE_MIN(aead_xform->aead.digest_length,
+				DIGEST_LENGTH_MAX);
 		break;
 	default:
 		IPSEC_MB_LOG(