Hello David,
In reference to this comment
> + case MBUF_DATAROOM_KEYWORD_NUM:
> + {
> + uint32_t data_room_size;
Here, I don't think we need a temp storage.
If the value is invalid, the parsing and then init will fail.
You can directly pass &env.mbuf_data_room to parser_read_uint32 and
check its value.
>
> - env.mbuf_data_room = data_room_size;
> - } else {
> + if (parser_read_uint32(&data_room_size,
> + optarg) < 0) {
> cryptodev_fips_validate_usage(prgname);
> return -EINVAL;
> }
> +
> + if (data_room_size == 0 ||
> + data_room_size > UINT16_MAX) {
> + cryptodev_fips_validate_usage(prgname);
> + return -EINVAL;
> + }
> +
> + env.mbuf_data_room = data_room_size;
> +
> break;
> + }
The type of env.mbuf_data_room is uint16_t and the temp variable type
is uint32_t. In my opinion, the temp variable size is bigger than
env.mbuf_data_room to handle overflow value.
--
- Ibtisam
On Mon, Nov 2, 2020 at 1:32 PM Ibtisam Tariq <ibtisam.ta...@emumba.com> wrote:
>
> Hi David,
>
> Thank you for reviewing the patch. I will submit the v2 of the patchset with
> new updates.
>
> On Fri, Oct 30, 2020 at 3:07 AM David Marchand <david.march...@redhat.com>
> wrote:
>>
>> Hello Ibtisam,
>>
>> On Thu, Oct 29, 2020 at 1:55 PM Ibtisam Tariq <ibtisam.ta...@emumba.com>
>> wrote:
>> >
>> > Instead of using getopt_long return value, strcmp was used to
>> > compare the input parameters with the struct option array. This
>> > patch get rid of all those strcmp by directly binding each longopt
>> > with an int enum.
>> >
>> > Bugzilla ID: 238
>> > Fixes: 3d0fad56b74 ("examples/fips_validation: add crypto FIPS
>> > application"}
>>
>> I consider this bz as an enhancement, for better readability /
>> consistency in the project code.
>> This is not a bugfix, and I would not flag the patches with a Fixes: tag.
>>
>>
>> > Cc: marko.kovace...@intel.com
>> >
>> > Reported-by: David Marchand <david.march...@redhat.com>
>> > Signed-off-by: Ibtisam Tariq <ibtisam.ta...@emumba.com>
>> > ---
>> > examples/fips_validation/main.c | 241 +++++++++++++++++++-------------
>> > 1 file changed, 143 insertions(+), 98 deletions(-)
>> >
>> > diff --git a/examples/fips_validation/main.c
>> > b/examples/fips_validation/main.c
>> > index 07532c956..5fb76b421 100644
>> > --- a/examples/fips_validation/main.c
>> > +++ b/examples/fips_validation/main.c
>> > @@ -15,17 +15,31 @@
>> > #include "fips_validation.h"
>> > #include "fips_dev_self_test.h"
>> >
>> > +enum{
>>
>> Missing space.
>>
>>
>> The _KEYWORD suffix gives no info and can be dropped in all those
>> defines / enums.
>>
>> > #define REQ_FILE_PATH_KEYWORD "req-file"
>> > + /* first long only option value must be >= 256, so that we won't
>> > + * conflict with short options
>> > + */
>>
>> This comment is copied from the EAL header, but there is no mapping to
>> a short option in this example.
>> You can drop it.
>>
>> > + REQ_FILE_PATH_KEYWORD_NUM = 256,
>> > #define RSP_FILE_PATH_KEYWORD "rsp-file"
>> > + RSP_FILE_PATH_KEYWORD_NUM,
>> > #define MBUF_DATAROOM_KEYWORD "mbuf-dataroom"
>> > + MBUF_DATAROOM_KEYWORD_NUM,
>> > #define FOLDER_KEYWORD "path-is-folder"
>> > + FOLDER_KEYWORD_NUM,
>> > #define CRYPTODEV_KEYWORD "cryptodev"
>> > + CRYPTODEV_KEYWORD_NUM,
>> > #define CRYPTODEV_ID_KEYWORD "cryptodev-id"
>> > + CRYPTODEV_ID_KEYWORD_NUM,
>> > #define CRYPTODEV_ST_KEYWORD "self-test"
>> > + CRYPTODEV_ST_KEYWORD_NUM,
>> > #define CRYPTODEV_BK_ID_KEYWORD "broken-test-id"
>> > + CRYPTODEV_BK_ID_KEYWORD_NUM,
>> > #define CRYPTODEV_BK_DIR_KEY "broken-test-dir"
>> > + CRYPTODEV_BK_DIR_KEY_NUM,
>>
>>
>> Those next two defines have nothing to do with getopt options and they
>> are only used once.
>> You can directly replace them as their fixed string later in the
>> parsing code, and drop the defines.
>>
>>
>> > #define CRYPTODEV_ENC_KEYWORD "enc"
>> > #define CRYPTODEV_DEC_KEYWORD "dec"
>> > +};
>> >
>> > struct fips_test_vector vec;
>> > struct fips_test_interim_info info;
>> > @@ -226,15 +240,24 @@ cryptodev_fips_validate_parse_args(int argc, char
>> > **argv)
>> > char **argvopt;
>> > int option_index;
>> > struct option lgopts[] = {
>> > - {REQ_FILE_PATH_KEYWORD, required_argument, 0, 0},
>> > - {RSP_FILE_PATH_KEYWORD, required_argument, 0, 0},
>> > - {FOLDER_KEYWORD, no_argument, 0, 0},
>> > - {MBUF_DATAROOM_KEYWORD, required_argument, 0, 0},
>> > - {CRYPTODEV_KEYWORD, required_argument, 0, 0},
>> > - {CRYPTODEV_ID_KEYWORD, required_argument, 0, 0},
>> > - {CRYPTODEV_ST_KEYWORD, no_argument, 0, 0},
>> > - {CRYPTODEV_BK_ID_KEYWORD, required_argument, 0, 0},
>> > - {CRYPTODEV_BK_DIR_KEY, required_argument, 0, 0},
>>
>> Single indent is enough.
>>
>>
>> > + {REQ_FILE_PATH_KEYWORD, required_argument,
>> > + NULL, REQ_FILE_PATH_KEYWORD_NUM},
>> > + {RSP_FILE_PATH_KEYWORD, required_argument,
>> > + NULL, RSP_FILE_PATH_KEYWORD_NUM},
>> > + {FOLDER_KEYWORD, no_argument,
>> > + NULL, FOLDER_KEYWORD_NUM},
>> > + {MBUF_DATAROOM_KEYWORD, required_argument,
>> > + NULL, MBUF_DATAROOM_KEYWORD_NUM},
>> > + {CRYPTODEV_KEYWORD, required_argument,
>> > + NULL, CRYPTODEV_KEYWORD_NUM},
>> > + {CRYPTODEV_ID_KEYWORD, required_argument,
>> > + NULL, CRYPTODEV_ID_KEYWORD_NUM},
>> > + {CRYPTODEV_ST_KEYWORD, no_argument,
>> > + NULL, CRYPTODEV_ST_KEYWORD_NUM},
>> > + {CRYPTODEV_BK_ID_KEYWORD, required_argument,
>> > + NULL, CRYPTODEV_BK_ID_KEYWORD_NUM},
>> > + {CRYPTODEV_BK_DIR_KEY, required_argument,
>> > + NULL, CRYPTODEV_BK_DIR_KEY_NUM},
>> > {NULL, 0, 0, 0}
>> > };
>> >
>> > @@ -251,105 +274,127 @@ cryptodev_fips_validate_parse_args(int argc, char
>> > **argv)
>> > while ((opt = getopt_long(argc, argvopt, "s:",
>> > lgopts, &option_index)) != EOF) {
>> >
>> > + if (opt == '?') {
>> > + cryptodev_fips_validate_usage(prgname);
>> > + return -1;
>> > + }
>> > +
>> > switch (opt) {
>> > - case 0:
>> > - if (strcmp(lgopts[option_index].name,
>> > - REQ_FILE_PATH_KEYWORD) == 0)
>> > - env.req_path = optarg;
>> > - else if (strcmp(lgopts[option_index].name,
>> > - RSP_FILE_PATH_KEYWORD) == 0)
>> > - env.rsp_path = optarg;
>> > - else if (strcmp(lgopts[option_index].name,
>> > - FOLDER_KEYWORD) == 0)
>> > - env.is_path_folder = 1;
>> > - else if (strcmp(lgopts[option_index].name,
>> > - CRYPTODEV_KEYWORD) == 0) {
>> > - ret = parse_cryptodev_arg(optarg);
>> > - if (ret < 0) {
>> > -
>> > cryptodev_fips_validate_usage(prgname);
>> > - return -EINVAL;
>> > - }
>> > - } else if (strcmp(lgopts[option_index].name,
>> > - CRYPTODEV_ID_KEYWORD) == 0) {
>> > - ret = parse_cryptodev_id_arg(optarg);
>> > - if (ret < 0) {
>> > -
>> > cryptodev_fips_validate_usage(prgname);
>> > - return -EINVAL;
>> > - }
>> > - } else if (strcmp(lgopts[option_index].name,
>> > - CRYPTODEV_ST_KEYWORD) == 0) {
>> > - env.self_test = 1;
>> > - } else if (strcmp(lgopts[option_index].name,
>> > - CRYPTODEV_BK_ID_KEYWORD) == 0) {
>> > - if (!env.broken_test_config) {
>> > - env.broken_test_config =
>> > rte_malloc(
>> > - NULL,
>> > -
>> > sizeof(*env.broken_test_config),
>> > - 0);
>> > - if (!env.broken_test_config)
>> > - return -ENOMEM;
>> > -
>> > -
>> > env.broken_test_config->expect_fail_dir =
>> > - self_test_dir_enc_auth_gen;
>> > - }
>> > + case REQ_FILE_PATH_KEYWORD_NUM:
>> > + {
>>
>> Unless you need a temp variable, there is no need for a block for each
>> case: statement.
>> Simply:
>> case REQ_FILE_PATH_NUM:
>> env.req_path = optarg;
>> break;
>>
>> > + env.req_path = optarg;
>> > + break;
>> > + }
>> > + case RSP_FILE_PATH_KEYWORD_NUM:
>> > + {
>> > + env.rsp_path = optarg;
>> > + break;
>> > + }
>> > + case FOLDER_KEYWORD_NUM:
>> > + {
>> > + env.is_path_folder = 1;
>> > + break;
>> > + }
>> > + case CRYPTODEV_KEYWORD_NUM:
>> > + {
>> > + ret = parse_cryptodev_arg(optarg);
>> > + if (ret < 0) {
>> > + cryptodev_fips_validate_usage(prgname);
>> > + return -EINVAL;
>> > + }
>> >
>> > - if (parser_read_uint32(
>> > -
>> > &env.broken_test_config->expect_fail_test_idx,
>> > - optarg) < 0) {
>> > - rte_free(env.broken_test_config);
>> > -
>> > cryptodev_fips_validate_usage(prgname);
>> > - return -EINVAL;
>> > - }
>> > - } else if (strcmp(lgopts[option_index].name,
>> > - CRYPTODEV_BK_DIR_KEY) == 0) {
>> > - if (!env.broken_test_config) {
>> > - env.broken_test_config =
>> > rte_malloc(
>> > - NULL,
>> > -
>> > sizeof(*env.broken_test_config),
>> > - 0);
>> > - if (!env.broken_test_config)
>> > - return -ENOMEM;
>> > -
>> > - env.broken_test_config->
>> > - expect_fail_test_idx = 0;
>> > - }
>> > + break;
>> > + }
>> > + case CRYPTODEV_ID_KEYWORD_NUM:
>> > + {
>> > + ret = parse_cryptodev_id_arg(optarg);
>> > + if (ret < 0) {
>> > + cryptodev_fips_validate_usage(prgname);
>> > + return -EINVAL;
>> > + }
>> > + break;
>> > + }
>> > + case CRYPTODEV_ST_KEYWORD_NUM:
>> > + {
>> > + env.self_test = 1;
>> > + break;
>> > + }
>> > + case CRYPTODEV_BK_ID_KEYWORD_NUM:
>> > + {
>> > + if (!env.broken_test_config) {
>> > + env.broken_test_config = rte_malloc(
>> > + NULL,
>> > + sizeof(*env.broken_test_config),
>> > + 0);
>> > + if (!env.broken_test_config)
>> > + return -ENOMEM;
>> > +
>> > + env.broken_test_config->expect_fail_dir =
>> > + self_test_dir_enc_auth_gen;
>> > + }
>> >
>> > - if (strcmp(optarg, CRYPTODEV_ENC_KEYWORD)
>> > == 0)
>> > -
>> > env.broken_test_config->expect_fail_dir =
>> > - self_test_dir_enc_auth_gen;
>> > - else if (strcmp(optarg,
>> > CRYPTODEV_DEC_KEYWORD)
>> > - == 0)
>> > -
>> > env.broken_test_config->expect_fail_dir =
>> > -
>> > self_test_dir_dec_auth_verify;
>> > - else {
>> > - rte_free(env.broken_test_config);
>> > -
>> > cryptodev_fips_validate_usage(prgname);
>> > - return -EINVAL;
>> > - }
>> > - } else if (strcmp(lgopts[option_index].name,
>> > - MBUF_DATAROOM_KEYWORD) == 0) {
>> > - uint32_t data_room_size;
>> > -
>> > - if (parser_read_uint32(&data_room_size,
>> > - optarg) < 0) {
>> > -
>> > cryptodev_fips_validate_usage(prgname);
>> > - return -EINVAL;
>> > - }
>> > + if (parser_read_uint32(
>> > +
>> > &env.broken_test_config->expect_fail_test_idx,
>> > + optarg) < 0) {
>> > + rte_free(env.broken_test_config);
>> > + cryptodev_fips_validate_usage(prgname);
>> > + return -EINVAL;
>> > + }
>> > + break;
>> > + }
>> > + case CRYPTODEV_BK_DIR_KEY_NUM:
>> > + {
>> > + if (!env.broken_test_config) {
>> > + env.broken_test_config = rte_malloc(
>> > + NULL,
>> > + sizeof(*env.broken_test_config),
>> > + 0);
>> > + if (!env.broken_test_config)
>> > + return -ENOMEM;
>> > +
>> > + env.broken_test_config->
>> > + expect_fail_test_idx = 0;
>> > + }
>> >
>> > - if (data_room_size == 0 ||
>> > - data_room_size >
>> > UINT16_MAX) {
>> > -
>> > cryptodev_fips_validate_usage(prgname);
>> > - return -EINVAL;
>> > - }
>> > + if (strcmp(optarg, CRYPTODEV_ENC_KEYWORD) == 0)
>> > + env.broken_test_config->expect_fail_dir =
>> > + self_test_dir_enc_auth_gen;
>> > + else if (strcmp(optarg, CRYPTODEV_DEC_KEYWORD)
>> > + == 0)
>> > + env.broken_test_config->expect_fail_dir =
>> > + self_test_dir_dec_auth_verify;
>> > + else {
>> > + rte_free(env.broken_test_config);
>> > + cryptodev_fips_validate_usage(prgname);
>> > + return -EINVAL;
>> > + }
>> > + break;
>> > + }
>> > + case MBUF_DATAROOM_KEYWORD_NUM:
>> > + {
>> > + uint32_t data_room_size;
>>
>> Here, I don't think we need a temp storage.
>> If the value is invalid, the parsing and then init will fail.
>> You can directly pass &env.mbuf_data_room to parser_read_uint32 and
>> check its value.
>>
>>
>> >
>> > - env.mbuf_data_room = data_room_size;
>> > - } else {
>> > + if (parser_read_uint32(&data_room_size,
>> > + optarg) < 0) {
>> > cryptodev_fips_validate_usage(prgname);
>> > return -EINVAL;
>> > }
>> > +
>> > + if (data_room_size == 0 ||
>> > + data_room_size > UINT16_MAX) {
>> > + cryptodev_fips_validate_usage(prgname);
>> > + return -EINVAL;
>> > + }
>> > +
>> > + env.mbuf_data_room = data_room_size;
>> > +
>> > break;
>> > + }
>> > default:
>> > - return -1;
>> > + {
>> > + cryptodev_fips_validate_usage(prgname);
>> > + return -EINVAL;
>> > + }
>> > }
>> > }
>> >
>> > --
>> > 2.17.1
>> >
>>
>> I did not look too much at the rest of the series, but I guess most of
>> those comments apply to other patches.
>>
>>
>> --
>> David Marchand
>>
>
>
> --
> - Ibtisam
>
--
- Ibtisam
