From: Aarnav JP <[email protected]>
Enforce exact key length match for DES/3DES algorithms
in fill_sess_cipher(), since these have fixed key sizes
(8 or 24 bytes). The existing check only enforced a lower
bound, allowing oversized keys to pass through.
Fixes: eb43e39851b8 ("crypto/cnxk: add cipher operation in session")
Cc: [email protected]
Signed-off-by: Aarnav JP <[email protected]>
---
Changes in v2: No change.
drivers/crypto/cnxk/cnxk_se.h | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/drivers/crypto/cnxk/cnxk_se.h b/drivers/crypto/cnxk/cnxk_se.h
index 8dbf3e73c7..e2d7e10ec9 100644
--- a/drivers/crypto/cnxk/cnxk_se.h
+++ b/drivers/crypto/cnxk/cnxk_se.h
@@ -2297,9 +2297,14 @@ fill_sess_cipher(struct rte_crypto_sym_xform *xform,
struct cnxk_se_sess *sess)
return -1;
}
- if (c_form->key.length < cipher_key_len) {
- plt_dp_err("Invalid cipher params keylen %u",
- c_form->key.length);
+ if (enc_type == ROC_SE_DES3_CBC || enc_type == ROC_SE_DES3_ECB ||
+ enc_type == ROC_SE_DES_DOCSISBPI) {
+ if (c_form->key.length != cipher_key_len) {
+ plt_dp_err("Invalid cipher params keylen %u",
c_form->key.length);
+ return -1;
+ }
+ } else if (c_form->key.length < cipher_key_len) {
+ plt_dp_err("Invalid cipher params keylen %u",
c_form->key.length);
return -1;
}
--
2.34.1
