[PATCH v2 7/7] examples/fips_validation: avoid rte_memcpy() bug

Tue, 30 Dec 2025 10:59:31 -0800 

The code for copying example hash key values was calling rte_memcpy
but rte_memcpy is generating vector instruction that references
past the array.

In function ‘get_hash_oid’,
    inlined from ‘prepare_rsa_xform’ at 
../examples/fips_validation/main.c:1607:12:
../examples/fips_validation/main.c:890:20: warning: array subscript 
‘__m128i_u[0]’
  is partly outside array bounds of ‘uint8_t[15]’ {aka ‘unsigned char[15]’} 
[-Warray-bounds=]
  890 |                 id = id_sha1;
      |                 ~~~^~~~~~~~~
../examples/fips_validation/main.c: In function ‘prepare_rsa_xform’:
../examples/fips_validation/main.c:882:17: note: object ‘id_sha1’ of size 15
  882 |         uint8_t id_sha1[] = {0x30, 0x21, 0x30, 0x09, 0x06, 0x05,

Workaround is to replace rte_memcpy with memcpy.

Fixes: ae5ae3bf5996 ("examples/fips_validation: encode digest with hash OID")
Cc: [email protected]
Cc: [email protected]

Signed-off-by: Stephen Hemminger <[email protected]>
---
 examples/fips_validation/main.c | 14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

diff --git a/examples/fips_validation/main.c b/examples/fips_validation/main.c
index f21826e9d7..daf273bc85 100644
--- a/examples/fips_validation/main.c
+++ b/examples/fips_validation/main.c
@@ -882,8 +882,8 @@ get_hash_oid(enum rte_crypto_auth_algorithm hash, uint8_t 
*buf)
        uint8_t id_sha1[] = {0x30, 0x21, 0x30, 0x09, 0x06, 0x05,
                                0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05,
                                0x00, 0x04, 0x14};
-       uint8_t *id = NULL;
-       int id_len = 0;
+       const uint8_t *id;
+       size_t id_len;
 
        switch (hash) {
        case RTE_CRYPTO_AUTH_SHA1:
@@ -907,12 +907,10 @@ get_hash_oid(enum rte_crypto_auth_algorithm hash, uint8_t 
*buf)
                id_len = sizeof(id_sha512);
                break;
        default:
-               id_len = -1;
-               break;
+               return -1;
        }
 
-       if (id != NULL)
-               rte_memcpy(buf, id, id_len);
+       memcpy(buf, id, id_len);
 
        return id_len;
 }
@@ -1614,8 +1612,8 @@ prepare_rsa_xform(struct rte_crypto_asym_xform *xform)
                        if (b_len) {
                                msg.len = env.digest_len + b_len;
                                msg.val = rte_zmalloc(NULL, msg.len, 0);
-                               rte_memcpy(msg.val, b, b_len);
-                               rte_memcpy(msg.val + b_len, env.digest, 
env.digest_len);
+                               memcpy(msg.val, b, b_len);
+                               memcpy(msg.val + b_len, env.digest, 
env.digest_len);
                                rte_free(env.digest);
                                env.digest = msg.val;
                                env.digest_len = msg.len;
-- 
2.51.0

Reply via email to