From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 66E9DA0350 for ; Mon, 21 Feb 2022 16:43:26 +0100 (CET) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 615164013F; Mon, 21 Feb 2022 16:43:26 +0100 (CET) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mails.dpdk.org (Postfix) with ESMTP id DBD1B4013F for ; Mon, 21 Feb 2022 16:43:24 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1645458204; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=QmbbynuNVFQRukg/8GfvbaSyJoCWiiQKM3p5QnlWwAk=; b=SO++GfL6mtK06VJIc29dsthFpfmGR6gG7kh9R74HyVvskPTzs8vRVmDI/fNGnqc/3ijXE5 36HuPUvVHRO9Mz4tg6L19iiNH8d7HI789oCAG4HfsSbZJcTDMd4LL9x82bajyqJB0+O0Wb X5e7o+d499uIAVMuxM8Y09p1Prh8/+U= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-128-eiOnCb1fMuK63y9pFnCbQQ-1; Mon, 21 Feb 2022 10:43:20 -0500 X-MC-Unique: eiOnCb1fMuK63y9pFnCbQQ-1 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id EE2E2100C664; Mon, 21 Feb 2022 15:43:18 +0000 (UTC) Received: from rh.Home (unknown [10.39.195.12]) by smtp.corp.redhat.com (Postfix) with ESMTP id E48597E2EA; Mon, 21 Feb 2022 15:43:17 +0000 (UTC) From: Kevin Traynor To: Pablo de Lara Cc: Ciara Power , dpdk stable Subject: patch 'crypto/ipsec_mb: fix buffer overrun' has been queued to stable release 21.11.1 Date: Mon, 21 Feb 2022 15:36:17 +0000 Message-Id: <20220221153625.152324-188-ktraynor@redhat.com> In-Reply-To: <20220221153625.152324-1-ktraynor@redhat.com> References: <20220221153625.152324-1-ktraynor@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=ktraynor@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org Hi, FYI, your patch has been queued to stable release 21.11.1 Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet. It will be pushed if I get no objections before 02/26/22. So please shout if anyone has objections. Also note that after the patch there's a diff of the upstream commit vs the patch applied to the branch. This will indicate if there was any rebasing needed to apply to the stable branch. If there were code changes for rebasing (ie: not only metadata diffs), please double check that the rebase was correctly done. Queued patches are on a temporary branch at: https://github.com/kevintraynor/dpdk-stable This queued commit can be viewed at: https://github.com/kevintraynor/dpdk-stable/commit/98ec92641b262818a0df3833050de871efb91acf Thanks. Kevin --- >From 98ec92641b262818a0df3833050de871efb91acf Mon Sep 17 00:00:00 2001 From: Pablo de Lara Date: Thu, 20 Jan 2022 17:04:55 +0000 Subject: [PATCH] crypto/ipsec_mb: fix buffer overrun [ upstream commit 4582f79c7bd06ff99c0b82b6995c37edda156fea ] Memory for ZUC cipher/auth key in session had to be expanded to 32 bytes, instead of 16 bytes, when adding ZUC-256 support. However, impact is low as this memory is part of a union with bigger size than 32 bytes. Coverity issue: 374374 Coverity issue: 374379 Fixes: 8c835018de84 ("crypto/ipsec_mb: support ZUC-256 for aesni_mb") Signed-off-by: Pablo de Lara Acked-by: Ciara Power --- drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h index d37cc787a0..d177961ea5 100644 --- a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h +++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h @@ -849,5 +849,5 @@ struct aesni_mb_session { struct gcm_key_data gcm_key; /* *< Expanded GCM key */ - uint8_t zuc_cipher_key[16]; + uint8_t zuc_cipher_key[32]; /* *< ZUC cipher key */ snow3g_key_schedule_t pKeySched_snow3g_cipher; @@ -894,5 +894,5 @@ struct aesni_mb_session { } cmac; /* *< Expanded XCBC authentication keys */ - uint8_t zuc_auth_key[16]; + uint8_t zuc_auth_key[32]; /* *< ZUC authentication key */ snow3g_key_schedule_t pKeySched_snow3g_auth; -- 2.34.1 --- Diff of the applied patch vs upstream commit (please double-check if non-empty: --- --- - 2022-02-21 15:22:48.610151030 +0000 +++ 0188-crypto-ipsec_mb-fix-buffer-overrun.patch 2022-02-21 15:22:44.374704764 +0000 @@ -1 +1 @@ -From 4582f79c7bd06ff99c0b82b6995c37edda156fea Mon Sep 17 00:00:00 2001 +From 98ec92641b262818a0df3833050de871efb91acf Mon Sep 17 00:00:00 2001 @@ -5,0 +6,2 @@ +[ upstream commit 4582f79c7bd06ff99c0b82b6995c37edda156fea ] + @@ -14 +15,0 @@ -Cc: stable@dpdk.org