diff mbox series

crypto/ipsec_mb: fix buffer overrun

Message ID 20220120170455.41407-1-pablo.de.lara.guarch@intel.com (mailing list archive)
State Accepted, archived
Delegated to: akhil goyal
Headers
Series crypto/ipsec_mb: fix buffer overrun |

Checks

Context Check Description
ci/checkpatch success coding style OK
ci/Intel-compilation success Compilation OK
ci/intel-Testing success Testing PASS
ci/iol-broadcom-Performance success Performance Testing PASS
ci/iol-mellanox-Performance success Performance Testing PASS
ci/iol-x86_64-unit-testing success Testing PASS
ci/iol-broadcom-Functional success Functional Testing PASS
ci/iol-x86_64-compile-testing success Testing PASS
ci/github-robot: build success github build: passed
ci/iol-intel-Functional success Functional Testing PASS
ci/iol-intel-Performance success Performance Testing PASS
ci/iol-aarch64-unit-testing success Testing PASS
ci/iol-aarch64-compile-testing success Testing PASS
ci/iol-abi-testing success Testing PASS

Commit Message

De Lara Guarch, Pablo Jan. 20, 2022, 5:04 p.m. UTC 
  Memory for ZUC cipher/auth key in session had to be expanded to 32 bytes,
instead of 16 bytes, when adding ZUC-256 support.
However, impact is low as this memory is part of a union
with bigger size than 32 bytes.

Coverity issue: 374374
Coverity issue: 374379
Fixes: 8c835018de84 ("crypto/ipsec_mb: support ZUC-256 for aesni_mb")
Cc: stable@dpdk.org

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

Comments

Power, Ciara Jan. 24, 2022, 4:08 p.m. UTC | #1 
Hi Pablo,

>-----Original Message-----
>From: De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>
>Sent: Thursday 20 January 2022 17:05
>To: Zhang, Roy Fan <roy.fan.zhang@intel.com>; Power, Ciara
><ciara.power@intel.com>
>Cc: dev@dpdk.org; De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>;
>stable@dpdk.org
>Subject: [PATCH] crypto/ipsec_mb: fix buffer overrun
>
>Memory for ZUC cipher/auth key in session had to be expanded to 32 bytes,
>instead of 16 bytes, when adding ZUC-256 support.
>However, impact is low as this memory is part of a union with bigger size than
>32 bytes.
>
>Coverity issue: 374374
>Coverity issue: 374379
>Fixes: 8c835018de84 ("crypto/ipsec_mb: support ZUC-256 for aesni_mb")
>Cc: stable@dpdk.org
>
>Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
<snip>

Acked-by: Ciara Power <ciara.power@intel.com>
Akhil Goyal Feb. 8, 2022, 9:25 p.m. UTC | #2 
> >Memory for ZUC cipher/auth key in session had to be expanded to 32 bytes,
> >instead of 16 bytes, when adding ZUC-256 support.
> >However, impact is low as this memory is part of a union with bigger size than
> >32 bytes.
> >
> >Coverity issue: 374374
> >Coverity issue: 374379
> >Fixes: 8c835018de84 ("crypto/ipsec_mb: support ZUC-256 for aesni_mb")
> >Cc: stable@dpdk.org
> >
> >Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
> <snip>
> 
> Acked-by: Ciara Power <ciara.power@intel.com>

Applied to dpdk-next-crypto
diff mbox series

Patch

diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
index d37cc787a0..d177961ea5 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
@@ -848,7 +848,7 @@  struct aesni_mb_session {
 
 			struct gcm_key_data gcm_key;
 			/* *< Expanded GCM key */
-			uint8_t zuc_cipher_key[16];
+			uint8_t zuc_cipher_key[32];
 			/* *< ZUC cipher key */
 			snow3g_key_schedule_t pKeySched_snow3g_cipher;
 			/* *< SNOW3G scheduled cipher key */
@@ -893,7 +893,7 @@  struct aesni_mb_session {
 				/* *< k3. */
 			} cmac;
 			/* *< Expanded XCBC authentication keys */
-			uint8_t zuc_auth_key[16];
+			uint8_t zuc_auth_key[32];
 			/* *< ZUC authentication key */
 			snow3g_key_schedule_t pKeySched_snow3g_auth;
 			/* *< SNOW3G scheduled authentication key */