diff mbox series

crypto/openssl: fix warning on copy length

Message ID	20230106101520.2736826-1-ruifeng.wang@arm.com (mailing list archive)
State	Superseded, archived
Delegated to:	akhil goyal
Headers	From: Ruifeng Wang <ruifeng.wang@arm.com> To: Kai Ji <kai.ji@intel.com>, Fan Zhang <fanzhang.oss@gmail.com>, Akhil Goyal <gakhil@marvell.com> Cc: dev@dpdk.org, nd@arm.com, Ruifeng Wang <ruifeng.wang@arm.com>, stable@dpdk.org, Feifei Wang <feifei.wang2@arm.com> Subject: [PATCH] crypto/openssl: fix warning on copy length Date: Fri, 6 Jan 2023 18:15:20 +0800 Message-Id: <20230106101520.2736826-1-ruifeng.wang@arm.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: list Errors-To: dev-bounces@dpdk.org
Series	crypto/openssl: fix warning on copy length \| crypto/openssl: fix warning on copy length

Checks

Context	Check	Description
ci/checkpatch	warning	coding style issues
ci/loongarch-compilation	success	Compilation OK
ci/loongarch-unit-testing	success	Unit Testing PASS
ci/Intel-compilation	success	Compilation OK
ci/iol-broadcom-Performance	success	Performance Testing PASS
ci/iol-mellanox-Performance	success	Performance Testing PASS
ci/intel-Testing	success	Testing PASS
ci/iol-intel-Performance	success	Performance Testing PASS
ci/iol-intel-Functional	success	Functional Testing PASS
ci/github-robot: build	success	github build: passed
ci/iol-testing	success	Testing PASS
ci/iol-x86_64-unit-testing	success	Testing PASS
ci/iol-aarch64-unit-testing	success	Testing PASS
ci/iol-abi-testing	success	Testing PASS
ci/iol-x86_64-compile-testing	success	Testing PASS
ci/iol-aarch64-compile-testing	success	Testing PASS

Commit Message

Ruifeng Wang Jan. 6, 2023, 10:15 a.m. UTC

  When building with gcc 11.2.0, the compiler warns as follows:
In function 'memcpy',
    inlined from 'openssl_set_session_auth_parameters' at ../drivers/crypto/openssl/rte_openssl_pmd.c:699:3,
    inlined from 'openssl_set_session_parameters' at ../drivers/crypto/openssl/rte_openssl_pmd.c:826:9:
/usr/include/aarch64-linux-gnu/bits/string_fortified.h:29:10: warning: '__builtin_memcpy' forming offset [4, 8] is out of the bounds [0, 4] [-Warray-bounds]

Fixed the warning by copying up to string size.

Fixes: 75adf1eae44f ("crypto/openssl: update HMAC routine with 3.0 EVP API")
Cc: stable@dpdk.org
Cc: kai.ji@intel.com

Signed-off-by: Ruifeng Wang <ruifeng.wang@arm.com>
Reviewed-by: Feifei Wang <feifei.wang2@arm.com>
---
 drivers/crypto/openssl/rte_openssl_pmd.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

David Marchand Jan. 6, 2023, 10:26 a.m. UTC | #1

On Fri, Jan 6, 2023 at 11:16 AM Ruifeng Wang <ruifeng.wang@arm.com> wrote:
>
> When building with gcc 11.2.0, the compiler warns as follows:
> In function 'memcpy',
>     inlined from 'openssl_set_session_auth_parameters' at ../drivers/crypto/openssl/rte_openssl_pmd.c:699:3,
>     inlined from 'openssl_set_session_parameters' at ../drivers/crypto/openssl/rte_openssl_pmd.c:826:9:
> /usr/include/aarch64-linux-gnu/bits/string_fortified.h:29:10: warning: '__builtin_memcpy' forming offset [4, 8] is out of the bounds [0, 4] [-Warray-bounds]
>
> Fixed the warning by copying up to string size.
>
> Fixes: 75adf1eae44f ("crypto/openssl: update HMAC routine with 3.0 EVP API")
> Cc: stable@dpdk.org
> Cc: kai.ji@intel.com
>
> Signed-off-by: Ruifeng Wang <ruifeng.wang@arm.com>
> Reviewed-by: Feifei Wang <feifei.wang2@arm.com>
> ---
>  drivers/crypto/openssl/rte_openssl_pmd.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
> index 05449b6e98..8458ad487a 100644
> --- a/drivers/crypto/openssl/rte_openssl_pmd.c
> +++ b/drivers/crypto/openssl/rte_openssl_pmd.c
> @@ -696,7 +696,7 @@ openssl_set_session_auth_parameters(struct openssl_session *sess,
>                 algo = digest_name_get(xform->auth.algo);
>                 if (!algo)
>                         return -EINVAL;
> -               rte_memcpy(algo_name, algo, (sizeof(algo)+1));
> +               rte_memcpy(algo_name, algo, strlen(algo) + 1);

Why is there a need for copying such a string to a local storage?

If it is really needed, we are dealing with strings, so I suggest:
strlcpy(algo_name, algo, sizeof(algo_name));

Ruifeng Wang Jan. 9, 2023, 3:31 a.m. UTC | #2

> -----Original Message-----
> From: David Marchand <david.marchand@redhat.com>
> Sent: Friday, January 6, 2023 6:27 PM
> To: Kai Ji <kai.ji@intel.com>; Ruifeng Wang <Ruifeng.Wang@arm.com>
> Cc: Fan Zhang <fanzhang.oss@gmail.com>; Akhil Goyal <gakhil@marvell.com>; dev@dpdk.org; nd
> <nd@arm.com>; stable@dpdk.org; Feifei Wang <Feifei.Wang2@arm.com>
> Subject: Re: [PATCH] crypto/openssl: fix warning on copy length
> 
> On Fri, Jan 6, 2023 at 11:16 AM Ruifeng Wang <ruifeng.wang@arm.com> wrote:
> >
> > When building with gcc 11.2.0, the compiler warns as follows:
> > In function 'memcpy',
> >     inlined from 'openssl_set_session_auth_parameters'
> at ../drivers/crypto/openssl/rte_openssl_pmd.c:699:3,
> >     inlined from 'openssl_set_session_parameters'
> at ../drivers/crypto/openssl/rte_openssl_pmd.c:826:9:
> > /usr/include/aarch64-linux-gnu/bits/string_fortified.h:29:10: warning:
> '__builtin_memcpy' forming offset [4, 8] is out of the bounds [0, 4] [-Warray-bounds]
> >
> > Fixed the warning by copying up to string size.
> >
> > Fixes: 75adf1eae44f ("crypto/openssl: update HMAC routine with 3.0 EVP API")
> > Cc: stable@dpdk.org
> > Cc: kai.ji@intel.com
> >
> > Signed-off-by: Ruifeng Wang <ruifeng.wang@arm.com>
> > Reviewed-by: Feifei Wang <feifei.wang2@arm.com>
> > ---
> >  drivers/crypto/openssl/rte_openssl_pmd.c | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c
> b/drivers/crypto/openssl/rte_openssl_pmd.c
> > index 05449b6e98..8458ad487a 100644
> > --- a/drivers/crypto/openssl/rte_openssl_pmd.c
> > +++ b/drivers/crypto/openssl/rte_openssl_pmd.c
> > @@ -696,7 +696,7 @@ openssl_set_session_auth_parameters(struct openssl_session *sess,
> >                 algo = digest_name_get(xform->auth.algo);
> >                 if (!algo)
> >                         return -EINVAL;
> > -               rte_memcpy(algo_name, algo, (sizeof(algo)+1));
> > +               rte_memcpy(algo_name, algo, strlen(algo) + 1);
> 
> Why is there a need for copying such a string to a local storage?

From OpenSSL document, I can see OSSL_PARAM_construct_utf8_string() takes a buffer
as input. But I'm not sure if a const is acceptable. 
I would keep the fix simple for backport. Removing copy is an improvement that
can be done by someone who has more knowledge of OpenSSL library.
> 
> If it is really needed, we are dealing with strings, so I suggest:
> strlcpy(algo_name, algo, sizeof(algo_name));

Thanks for the suggestion. Will update in v2.

Regards,
Ruifeng
> 
> 
> --
> David Marchand

diff mbox series

Patch

diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index 05449b6e98..8458ad487a 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -696,7 +696,7 @@  openssl_set_session_auth_parameters(struct openssl_session *sess,
 		algo = digest_name_get(xform->auth.algo);
 		if (!algo)
 			return -EINVAL;
-		rte_memcpy(algo_name, algo, (sizeof(algo)+1));
+		rte_memcpy(algo_name, algo, strlen(algo) + 1);
 
 		mac = EVP_MAC_fetch(NULL, "HMAC", NULL);
 		sess->auth.hmac.ctx = EVP_MAC_CTX_new(mac);