From cab65f33127d97039506dd3cf15f5e27212fa02d Mon Sep 17 00:00:00 2001 From: Yogaraj Alamenda Date: Mon, 3 Oct 2022 18:05:08 +0530 Subject: [PATCH] Fix buffer overflow issue with SHA3 and ECX. - Fix memcpy with correct bufferlen in case of SHA-3 - Fix ECX reverse_bytes to reverse based on input sizes. Signed-off-by: Yogaraj Alamenda --- qat_hw_asym_common.h | 4 +-- qat_hw_ecx.c | 68 +++++++++++++++++++++++++------------------- qat_hw_sha3.c | 12 ++++---- qat_prov_hw_ecx.c | 46 ++++++++++++++++-------------- 4 files changed, 72 insertions(+), 58 deletions(-) diff --git a/qat_hw_asym_common.h b/qat_hw_asym_common.h index 825c6c9b..649f3145 100644 --- a/qat_hw_asym_common.h +++ b/qat_hw_asym_common.h @@ -58,7 +58,7 @@ int qat_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, void qat_ecx_cb(void *pCallbackTag, CpaStatus status, void *pOpData, CpaBoolean multiplyStatus, CpaFlatBuffer *pXk, CpaFlatBuffer *pYk); -int reverse_bytes(unsigned char *tobuffer, - unsigned char *frombuffer, unsigned int size); +int reverse_bytes(unsigned char *tobuffer, unsigned char *frombuffer, + unsigned int tosize, unsigned int fromsize); # endif #endif /* QAT_HW_ASYM_COMMON_H */ diff --git a/qat_hw_ecx.c b/qat_hw_ecx.c index b147c83b..8e394deb 100644 --- a/qat_hw_ecx.c +++ b/qat_hw_ecx.c @@ -92,20 +92,25 @@ typedef struct { unsigned char *privkey; } ECX_KEY; -int reverse_bytes(unsigned char *tobuffer, - unsigned char *frombuffer, unsigned int size) +int reverse_bytes(unsigned char *tobuffer, unsigned char *frombuffer, + unsigned int tosize, unsigned int fromsize) { int i = 0; - int tobuffer_frombuffer_length_diff = 0; - if (tobuffer == NULL || frombuffer == NULL ) { - WARN("Either tobuffer or frombuffer is NULL %d\n", size); + if (tobuffer == NULL || frombuffer == NULL) { + WARN("Either tobuffer or frombuffer is NULL \n"); return 0; } - if (X448_KEYLEN == size) - tobuffer_frombuffer_length_diff = X448_DATA_KEY_DIFF; - for (i = 0; i < size; i++) { - tobuffer[i] = frombuffer[size - 1 - i + tobuffer_frombuffer_length_diff]; + + if (fromsize == X448_KEYLEN) + i = 8; /* Adds zeros at the begining for 64 byte alignment */ + + /* Reverse bytes and copy to dest buffer */ + for (; i < tosize; i++) { + tobuffer[i] = frombuffer[--fromsize]; + if (fromsize <=0) + break; } + return 1; } @@ -240,7 +245,7 @@ int qat_pkey_ecx_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) goto err; } pubkey = key->pubkey; - privkey = key->privkey = OPENSSL_secure_zalloc(qat_keylen); + privkey = key->privkey = OPENSSL_secure_zalloc(keylen); if (privkey == NULL) { WARN("Cannot allocate privkey.\n"); QATerr(QAT_F_QAT_PKEY_ECX_KEYGEN, ERR_R_MALLOC_FAILURE); @@ -273,7 +278,7 @@ int qat_pkey_ecx_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) qat_ecx_op_data->curveType = is_ecx_448 ? CPA_CY_EC_MONTEDWDS_CURVE448_TYPE : CPA_CY_EC_MONTEDWDS_CURVE25519_TYPE; - if (0 == reverse_bytes(qat_ecx_op_data->k.pData, privkey, qat_keylen)) { + if (0 == reverse_bytes(qat_ecx_op_data->k.pData, privkey, qat_keylen, keylen)) { WARN("Failed to reverse bytes for submission of data to QAT driver\n"); QATerr(QAT_F_QAT_PKEY_ECX_KEYGEN, ERR_R_INTERNAL_ERROR); goto err; @@ -429,7 +434,7 @@ int qat_pkey_ecx_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) qat_cleanup_op_done(&op_done); - if (0 == reverse_bytes(pubkey, pXk->pData, keylen)) { + if (0 == reverse_bytes(pubkey, pXk->pData, keylen, qat_keylen)) { WARN("Failed to reverse bytes for data received from QAT driver\n"); QATerr(QAT_F_QAT_PKEY_ECX_KEYGEN, ERR_R_INTERNAL_ERROR); goto err; @@ -525,7 +530,6 @@ int qat_pkey_ecx_derive25519(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keyl CpaBoolean multiplyStatus = CPA_TRUE; CpaFlatBuffer *pXk = NULL; const unsigned char *privkey, *pubkey; - Cpa8U dataLenInBytes = X25519_KEYLEN; op_done_t op_done; int qatPerformOpRetries = 0; int iMsgRetry = getQatMsgRetryCount(); @@ -557,7 +561,7 @@ int qat_pkey_ecx_derive25519(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keyl return 0; if (key == NULL) { - *keylen = dataLenInBytes; + *keylen = X25519_KEYLEN; return 1; } @@ -571,21 +575,21 @@ int qat_pkey_ecx_derive25519(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keyl } memset(qat_ecx_op_data, 0, sizeof(CpaCyEcMontEdwdsPointMultiplyOpData)); - qat_ecx_op_data->k.pData = (Cpa8U *)qaeCryptoMemAlloc(dataLenInBytes, __FILE__, __LINE__); + qat_ecx_op_data->k.pData = (Cpa8U *)qaeCryptoMemAlloc(X25519_KEYLEN, __FILE__, __LINE__); if (qat_ecx_op_data->k.pData == NULL) { WARN("Failure to allocate k.pData.\n"); QATerr(QAT_F_QAT_PKEY_ECX_DERIVE25519, ERR_R_MALLOC_FAILURE); goto err; } - qat_ecx_op_data->k.dataLenInBytes = (Cpa32U)dataLenInBytes; + qat_ecx_op_data->k.dataLenInBytes = X25519_KEYLEN; - qat_ecx_op_data->x.pData = (Cpa8U *)qaeCryptoMemAlloc(dataLenInBytes, __FILE__, __LINE__); + qat_ecx_op_data->x.pData = (Cpa8U *)qaeCryptoMemAlloc(X25519_KEYLEN, __FILE__, __LINE__); if (qat_ecx_op_data->x.pData == NULL) { WARN("Failure to allocate x.pData.\n"); QATerr(QAT_F_QAT_PKEY_ECX_DERIVE25519, ERR_R_MALLOC_FAILURE); goto err; } - qat_ecx_op_data->x.dataLenInBytes = (Cpa32U)dataLenInBytes; + qat_ecx_op_data->x.dataLenInBytes = X25519_KEYLEN; pXk = (CpaFlatBuffer *)OPENSSL_zalloc(sizeof(CpaFlatBuffer)); if (NULL == pXk) { @@ -593,24 +597,26 @@ int qat_pkey_ecx_derive25519(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keyl QATerr(QAT_F_QAT_PKEY_ECX_DERIVE25519, ERR_R_MALLOC_FAILURE); goto err; } - pXk->pData = (Cpa8U *)qaeCryptoMemAlloc(dataLenInBytes, __FILE__, __LINE__); + pXk->pData = (Cpa8U *)qaeCryptoMemAlloc(X25519_KEYLEN, __FILE__, __LINE__); if (NULL == pXk->pData) { WARN("Failed to allocate memory for pXk data\n"); QATerr(QAT_F_QAT_PKEY_ECX_DERIVE25519, ERR_R_MALLOC_FAILURE); goto err; } - pXk->dataLenInBytes = dataLenInBytes; + pXk->dataLenInBytes = X25519_KEYLEN; qat_ecx_op_data->generator = CPA_FALSE; qat_ecx_op_data->curveType = CPA_CY_EC_MONTEDWDS_CURVE25519_TYPE; - if (0 == reverse_bytes(qat_ecx_op_data->k.pData, (unsigned char *)privkey, dataLenInBytes)) { + if (0 == reverse_bytes(qat_ecx_op_data->k.pData, (unsigned char *)privkey, + X25519_KEYLEN, X25519_KEYLEN)) { WARN("Failed to reverse bytes for submission of data to QAT driver\n"); QATerr(QAT_F_QAT_PKEY_ECX_DERIVE25519, ERR_R_INTERNAL_ERROR); goto err; } - if (0 == reverse_bytes(qat_ecx_op_data->x.pData,(unsigned char *)pubkey, dataLenInBytes)) { + if (0 == reverse_bytes(qat_ecx_op_data->x.pData,(unsigned char *)pubkey, + X25519_KEYLEN, X25519_KEYLEN)) { WARN("Failed to reverse bytes for submission of data to QAT driver\n"); QATerr(QAT_F_QAT_PKEY_ECX_DERIVE25519, ERR_R_INTERNAL_ERROR); goto err; @@ -766,20 +772,20 @@ int qat_pkey_ecx_derive25519(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keyl qat_cleanup_op_done(&op_done); - if (0 == reverse_bytes(key, pXk->pData, dataLenInBytes)) { + if (0 == reverse_bytes(key, pXk->pData, X25519_KEYLEN, X25519_KEYLEN)) { WARN("Failed to reverse bytes for data received from QAT driver\n"); QATerr(QAT_F_QAT_PKEY_ECX_DERIVE25519, ERR_R_INTERNAL_ERROR); goto err; } - *keylen = (size_t)dataLenInBytes; + *keylen = X25519_KEYLEN; ret = 1; err: /* Clean the memory. */ if (pXk != NULL) { if (pXk->pData != NULL) { - OPENSSL_cleanse(pXk->pData, dataLenInBytes); + OPENSSL_cleanse(pXk->pData, X25519_KEYLEN); qaeCryptoMemFreeNonZero(pXk->pData); } OPENSSL_free(pXk); @@ -787,11 +793,11 @@ int qat_pkey_ecx_derive25519(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keyl if (NULL != qat_ecx_op_data) { if (qat_ecx_op_data->k.pData != NULL) { - OPENSSL_cleanse(qat_ecx_op_data->k.pData, dataLenInBytes); + OPENSSL_cleanse(qat_ecx_op_data->k.pData, X25519_KEYLEN); qaeCryptoMemFreeNonZero(qat_ecx_op_data->k.pData); } if (qat_ecx_op_data->x.pData != NULL) { - OPENSSL_cleanse(qat_ecx_op_data->x.pData, dataLenInBytes); + OPENSSL_cleanse(qat_ecx_op_data->x.pData, X25519_KEYLEN); qaeCryptoMemFreeNonZero(qat_ecx_op_data->x.pData); } qaeCryptoMemFreeNonZero(qat_ecx_op_data); @@ -896,13 +902,15 @@ int qat_pkey_ecx_derive448(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen qat_ecx_op_data->generator = CPA_FALSE; qat_ecx_op_data->curveType = CPA_CY_EC_MONTEDWDS_CURVE448_TYPE; - if (0 == reverse_bytes(qat_ecx_op_data->k.pData, (unsigned char *)privkey, QAT_X448_DATALEN)) { + if (0 == reverse_bytes(qat_ecx_op_data->k.pData, (unsigned char *)privkey, + QAT_X448_DATALEN, X448_KEYLEN)) { WARN("Failed to reverse bytes for submission of data to QAT driver\n"); QATerr(QAT_F_QAT_PKEY_ECX_DERIVE448, ERR_R_INTERNAL_ERROR); goto err; } - if (0 == reverse_bytes(qat_ecx_op_data->x.pData, (unsigned char *)pubkey, QAT_X448_DATALEN)) { + if (0 == reverse_bytes(qat_ecx_op_data->x.pData, (unsigned char *)pubkey, + QAT_X448_DATALEN, X448_KEYLEN)) { WARN("Failed to reverse bytes for submission of data to QAT driver\n"); QATerr(QAT_F_QAT_PKEY_ECX_DERIVE448, ERR_R_INTERNAL_ERROR); goto err; @@ -1058,7 +1066,7 @@ int qat_pkey_ecx_derive448(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen qat_cleanup_op_done(&op_done); - if (0 == reverse_bytes(key, pXk->pData, X448_KEYLEN)) { + if (0 == reverse_bytes(key, pXk->pData, X448_KEYLEN, QAT_X448_DATALEN)) { WARN("Failed to reverse bytes for data received from QAT driver\n"); QATerr(QAT_F_QAT_PKEY_ECX_DERIVE448, ERR_R_INTERNAL_ERROR); goto err; diff --git a/qat_hw_sha3.c b/qat_hw_sha3.c index 3d151fff..c61509a7 100644 --- a/qat_hw_sha3.c +++ b/qat_hw_sha3.c @@ -844,17 +844,19 @@ static int qat_sha3_update(EVP_MD_CTX *ctx, const void *in, size_t len) #endif /* Allocate buffer for HASH operation. */ buffer_len = len + sha3_ctx->digest_size ; - sha3_ctx->src_buffer[0].pData = qaeCryptoMemAlloc( buffer_len , __FILE__, __LINE__); + sha3_ctx->src_buffer[0].pData = qaeCryptoMemAlloc(buffer_len, __FILE__, __LINE__); if ((sha3_ctx->src_buffer[0].pData) == NULL) { - WARN("Unable to allocate memory for buffer for sha3 hash.\n"); - QATerr(QAT_F_QAT_SHA3_UPDATE, ERR_R_MALLOC_FAILURE); - goto err; + WARN("Unable to allocate memory for buffer for sha3 hash.\n"); + QATerr(QAT_F_QAT_SHA3_UPDATE, ERR_R_MALLOC_FAILURE); + goto err; } + memset(sha3_ctx->src_buffer[0].pData, 0, buffer_len); + sha3_ctx->dst_buffer[0].pData = sha3_ctx->src_buffer[0].pData; - memcpy(sha3_ctx->src_buffer[0].pData, in, buffer_len); + memcpy(sha3_ctx->src_buffer[0].pData, in, len); tlv = qat_check_create_local_variables(); if (NULL == tlv) { diff --git a/qat_prov_hw_ecx.c b/qat_prov_hw_ecx.c index 094dcab4..c464fc06 100644 --- a/qat_prov_hw_ecx.c +++ b/qat_prov_hw_ecx.c @@ -171,7 +171,7 @@ void *qat_pkey_ecx_keygen(void *genctx, OSSL_CALLBACK *osslcb, qat_ecx_op_data->k.dataLenInBytes = (Cpa32U)qat_keylen; pubkey = key->pubkey; - privkey = key->privkey = OPENSSL_secure_zalloc(qat_keylen); + privkey = key->privkey = OPENSSL_secure_zalloc(key->keylen); if (privkey == NULL) { WARN("Cannot allocate privkey.\n"); QATerr(QAT_F_QAT_PKEY_ECX_KEYGEN, ERR_R_MALLOC_FAILURE); @@ -204,7 +204,7 @@ void *qat_pkey_ecx_keygen(void *genctx, OSSL_CALLBACK *osslcb, qat_ecx_op_data->curveType = is_ecx_448 ? CPA_CY_EC_MONTEDWDS_CURVE448_TYPE : CPA_CY_EC_MONTEDWDS_CURVE25519_TYPE; - if (0 == reverse_bytes(qat_ecx_op_data->k.pData, privkey, qat_keylen)) { + if (0 == reverse_bytes(qat_ecx_op_data->k.pData, privkey, qat_keylen, key->keylen)) { WARN("Failed to reverse bytes for submission of data to QAT driver\n"); QATerr(QAT_F_QAT_PKEY_ECX_KEYGEN, ERR_R_INTERNAL_ERROR); goto err; @@ -360,7 +360,7 @@ void *qat_pkey_ecx_keygen(void *genctx, OSSL_CALLBACK *osslcb, qat_cleanup_op_done(&op_done); - if (0 == reverse_bytes(pubkey, pXk->pData, key->keylen)) { + if (0 == reverse_bytes(pubkey, pXk->pData, key->keylen, qat_keylen)) { WARN("Failed to reverse bytes for data received from QAT driver\n"); QATerr(QAT_F_QAT_PKEY_ECX_KEYGEN, ERR_R_INTERNAL_ERROR); goto err; @@ -442,7 +442,6 @@ int qat_pkey_ecx_derive25519(void *vecxctx, unsigned char *secret, size_t *secre CpaBoolean multiplyStatus = CPA_TRUE; CpaFlatBuffer *pXk = NULL; const unsigned char *privkey, *pubkey; - Cpa8U dataLenInBytes = X25519_KEYLEN; op_done_t op_done; int qatPerformOpRetries = 0; int iMsgRetry = getQatMsgRetryCount(); @@ -465,7 +464,7 @@ int qat_pkey_ecx_derive25519(void *vecxctx, unsigned char *secret, size_t *secre return 0; if (secret == NULL) { - *secretlen = dataLenInBytes; + *secretlen = X25519_KEYLEN; return 1; } @@ -479,21 +478,21 @@ int qat_pkey_ecx_derive25519(void *vecxctx, unsigned char *secret, size_t *secre } memset(qat_ecx_op_data, 0, sizeof(CpaCyEcMontEdwdsPointMultiplyOpData)); - qat_ecx_op_data->k.pData = (Cpa8U *)qaeCryptoMemAlloc(dataLenInBytes, __FILE__, __LINE__); + qat_ecx_op_data->k.pData = (Cpa8U *)qaeCryptoMemAlloc(X25519_KEYLEN, __FILE__, __LINE__); if (qat_ecx_op_data->k.pData == NULL) { WARN("Failure to allocate k.pData.\n"); QATerr(QAT_F_QAT_PKEY_ECX_DERIVE25519, ERR_R_MALLOC_FAILURE); goto err; } - qat_ecx_op_data->k.dataLenInBytes = (Cpa32U)dataLenInBytes; + qat_ecx_op_data->k.dataLenInBytes = X25519_KEYLEN; - qat_ecx_op_data->x.pData = (Cpa8U *)qaeCryptoMemAlloc(dataLenInBytes, __FILE__, __LINE__); + qat_ecx_op_data->x.pData = (Cpa8U *)qaeCryptoMemAlloc(X25519_KEYLEN, __FILE__, __LINE__); if (qat_ecx_op_data->x.pData == NULL) { WARN("Failure to allocate x.pData.\n"); QATerr(QAT_F_QAT_PKEY_ECX_DERIVE25519, ERR_R_MALLOC_FAILURE); goto err; } - qat_ecx_op_data->x.dataLenInBytes = (Cpa32U)dataLenInBytes; + qat_ecx_op_data->x.dataLenInBytes = X25519_KEYLEN; pXk = (CpaFlatBuffer *)OPENSSL_zalloc(sizeof(CpaFlatBuffer)); if (NULL == pXk) { @@ -501,24 +500,26 @@ int qat_pkey_ecx_derive25519(void *vecxctx, unsigned char *secret, size_t *secre QATerr(QAT_F_QAT_PKEY_ECX_DERIVE25519, ERR_R_MALLOC_FAILURE); goto err; } - pXk->pData = (Cpa8U *)qaeCryptoMemAlloc(dataLenInBytes, __FILE__, __LINE__); + pXk->pData = (Cpa8U *)qaeCryptoMemAlloc(X25519_KEYLEN, __FILE__, __LINE__); if (NULL == pXk->pData) { WARN("Failed to allocate memory for pXk data\n"); QATerr(QAT_F_QAT_PKEY_ECX_DERIVE25519, ERR_R_MALLOC_FAILURE); goto err; } - pXk->dataLenInBytes = dataLenInBytes; + pXk->dataLenInBytes = X25519_KEYLEN; qat_ecx_op_data->generator = CPA_FALSE; qat_ecx_op_data->curveType = CPA_CY_EC_MONTEDWDS_CURVE25519_TYPE; - if (0 == reverse_bytes(qat_ecx_op_data->k.pData, (unsigned char *)privkey, dataLenInBytes)) { + if (0 == reverse_bytes(qat_ecx_op_data->k.pData, (unsigned char *)privkey, + X25519_KEYLEN, X25519_KEYLEN)) { WARN("Failed to reverse bytes for submission of data to QAT driver\n"); QATerr(QAT_F_QAT_PKEY_ECX_DERIVE25519, ERR_R_INTERNAL_ERROR); goto err; } - if (0 == reverse_bytes(qat_ecx_op_data->x.pData,(unsigned char *)pubkey, dataLenInBytes)) { + if (0 == reverse_bytes(qat_ecx_op_data->x.pData,(unsigned char *)pubkey, + X25519_KEYLEN, X25519_KEYLEN)) { WARN("Failed to reverse bytes for submission of data to QAT driver\n"); QATerr(QAT_F_QAT_PKEY_ECX_DERIVE25519, ERR_R_INTERNAL_ERROR); goto err; @@ -674,20 +675,20 @@ int qat_pkey_ecx_derive25519(void *vecxctx, unsigned char *secret, size_t *secre qat_cleanup_op_done(&op_done); - if (0 == reverse_bytes(secret, pXk->pData, dataLenInBytes)) { + if (0 == reverse_bytes(secret, pXk->pData, X25519_KEYLEN, X25519_KEYLEN)) { WARN("Failed to reverse bytes for data received from QAT driver\n"); QATerr(QAT_F_QAT_PKEY_ECX_DERIVE25519, ERR_R_INTERNAL_ERROR); goto err; } - *secretlen = (size_t)dataLenInBytes; + *secretlen = X25519_KEYLEN; ret = 1; err: /* Clean the memory. */ if (pXk != NULL) { if (pXk->pData != NULL) { - OPENSSL_cleanse(pXk->pData, dataLenInBytes); + OPENSSL_cleanse(pXk->pData, X25519_KEYLEN); qaeCryptoMemFreeNonZero(pXk->pData); } OPENSSL_free(pXk); @@ -695,11 +696,11 @@ int qat_pkey_ecx_derive25519(void *vecxctx, unsigned char *secret, size_t *secre if (NULL != qat_ecx_op_data) { if (qat_ecx_op_data->k.pData != NULL) { - OPENSSL_cleanse(qat_ecx_op_data->k.pData, dataLenInBytes); + OPENSSL_cleanse(qat_ecx_op_data->k.pData, X25519_KEYLEN); qaeCryptoMemFreeNonZero(qat_ecx_op_data->k.pData); } if (qat_ecx_op_data->x.pData != NULL) { - OPENSSL_cleanse(qat_ecx_op_data->x.pData, dataLenInBytes); + OPENSSL_cleanse(qat_ecx_op_data->x.pData, X25519_KEYLEN); qaeCryptoMemFreeNonZero(qat_ecx_op_data->x.pData); } qaeCryptoMemFreeNonZero(qat_ecx_op_data); @@ -796,13 +797,16 @@ int qat_pkey_ecx_derive448(void *vecxctx, unsigned char *secret, size_t *secretl qat_ecx_op_data->generator = CPA_FALSE; qat_ecx_op_data->curveType = CPA_CY_EC_MONTEDWDS_CURVE448_TYPE; - if (0 == reverse_bytes(qat_ecx_op_data->k.pData, (unsigned char *)privkey, QAT_X448_DATALEN)) { + if (0 == reverse_bytes(qat_ecx_op_data->k.pData, (unsigned char *)privkey, + QAT_X448_DATALEN, X448_KEYLEN)) { + WARN("Failed to reverse bytes for submission of data to QAT driver\n"); QATerr(QAT_F_QAT_PKEY_ECX_DERIVE448, ERR_R_INTERNAL_ERROR); goto err; } - if (0 == reverse_bytes(qat_ecx_op_data->x.pData, (unsigned char *)pubkey, QAT_X448_DATALEN)) { + if (0 == reverse_bytes(qat_ecx_op_data->x.pData, (unsigned char *)pubkey, + QAT_X448_DATALEN, X448_KEYLEN)) { WARN("Failed to reverse bytes for submission of data to QAT driver\n"); QATerr(QAT_F_QAT_PKEY_ECX_DERIVE448, ERR_R_INTERNAL_ERROR); goto err; @@ -958,7 +962,7 @@ int qat_pkey_ecx_derive448(void *vecxctx, unsigned char *secret, size_t *secretl qat_cleanup_op_done(&op_done); - if (0 == reverse_bytes(secret, pXk->pData, X448_KEYLEN)) { + if (0 == reverse_bytes(secret, pXk->pData, X448_KEYLEN, QAT_X448_DATALEN)) { WARN("Failed to reverse bytes for data received from QAT driver\n"); QATerr(QAT_F_QAT_PKEY_ECX_DERIVE448, ERR_R_INTERNAL_ERROR); goto err;