Hi Ovidiu,

Thanks for spotting and fixing this.

On Fri, 2021-01-15 at 22:46 +0200, Ovidiu Panait wrote:
> src_size and aad_size are defined as u32, so the following
> expressions are
> currently being evaluated using 32-bit arithmetic:
> 
> bit_len = src_size * 8;
> ...
> bit_len = aad_size * 8;
> 
> However, bit_len is used afterwards in a context that expects a valid
> 64-bit value (the lower and upper 32-bit words of bit_len are
> extracted
> and written to hw).
> 
> In order to make sure the correct bit length is generated and the 32-
> bit
> multiplication does not wrap around, cast src_size and aad_size to
> u64.
> 
> Signed-off-by: Ovidiu Panait <ovidiu.pan...@windriver.com>

Acked-by: Daniele Alessandrelli <daniele.alessandre...@intel.com>

> ---
>  drivers/crypto/keembay/ocs-aes.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/crypto/keembay/ocs-aes.c
> b/drivers/crypto/keembay/ocs-aes.c
> index cc286adb1c4a..b85c89477afa 100644
> --- a/drivers/crypto/keembay/ocs-aes.c
> +++ b/drivers/crypto/keembay/ocs-aes.c
> @@ -958,14 +958,14 @@ int ocs_aes_gcm_op(struct ocs_aes_dev *aes_dev,
>       ocs_aes_write_last_data_blk_len(aes_dev, src_size);
>  
>       /* Write ciphertext bit length */
> -     bit_len = src_size * 8;
> +     bit_len = (u64)src_size * 8;
>       val = bit_len & 0xFFFFFFFF;
>       iowrite32(val, aes_dev->base_reg + AES_MULTIPURPOSE2_0_OFFSET);
>       val = bit_len >> 32;
>       iowrite32(val, aes_dev->base_reg + AES_MULTIPURPOSE2_1_OFFSET);
>  
>       /* Write aad bit length */
> -     bit_len = aad_size * 8;
> +     bit_len = (u64)aad_size * 8;
>       val = bit_len & 0xFFFFFFFF;
>       iowrite32(val, aes_dev->base_reg + AES_MULTIPURPOSE2_2_OFFSET);
>       val = bit_len >> 32;

Reply via email to