This patch avoid copying the decrypted message into the signature buffer, which is actually an input to the verify operation. This prevents overwriting the input buffer unnecessarily.
Fixes: 6661bedf1605 ("crypto/cnxk: add asymmetric datapath") Signed-off-by: Sucharitha Sarananaga <ssaranan...@marvell.com> --- drivers/crypto/cnxk/cnxk_ae.h | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/drivers/crypto/cnxk/cnxk_ae.h b/drivers/crypto/cnxk/cnxk_ae.h index cd66f66e70..26a8f4544d 100644 --- a/drivers/crypto/cnxk/cnxk_ae.h +++ b/drivers/crypto/cnxk/cnxk_ae.h @@ -1583,20 +1583,18 @@ cnxk_ae_dequeue_rsa_op(struct rte_crypto_op *cop, uint8_t *rptr, case RTE_CRYPTO_ASYM_OP_VERIFY: if (rsa_ctx->padding.type == RTE_CRYPTO_RSA_PADDING_NONE) { rsa->sign.length = rsa_ctx->n.length; - memcpy(rsa->sign.data, rptr, rsa->sign.length); + if (memcmp(rptr, rsa->message.data, rsa->message.length)) + cop->status = RTE_CRYPTO_OP_STATUS_ERROR; } else { /* Get length of signed output */ rsa->sign.length = rte_cpu_to_be_16(*((uint16_t *)rptr)); /* * Offset output data pointer by length field - * (2 bytes) and copy signed data. + * (2 bytes) and compare signed data. */ - memcpy(rsa->sign.data, rptr + 2, rsa->sign.length); - } - if (memcmp(rsa->sign.data, rsa->message.data, - rsa->message.length)) { - cop->status = RTE_CRYPTO_OP_STATUS_ERROR; + if (memcmp(rptr + 2, rsa->message.data, rsa->message.length)) + cop->status = RTE_CRYPTO_OP_STATUS_ERROR; } break; default: -- 2.49.0