From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 0C8A2A034E; Thu, 20 Jan 2022 18:05:15 +0100 (CET) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id C318C42714; Thu, 20 Jan 2022 18:05:14 +0100 (CET) Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) by mails.dpdk.org (Postfix) with ESMTP id C936D40042; Thu, 20 Jan 2022 18:05:12 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1642698313; x=1674234313; h=from:to:cc:subject:date:message-id:mime-version: content-transfer-encoding; bh=7/JCQGji46CcNqbF+JWH0Q7t/QE5HzPLglvzBKD6ChM=; b=e6THQLmFoMJPMOxay1zJ2WgSd0+OVMWUB6HigLCU5NqFJPMiBcddObmh Trqfyp2hjly18c3TuhsYRWF9mHF9GaEo0C84zdffn6pnxOn4WN4Lfj2EP 7PNDJk7ZdACXgdN7+mBD9vTUK784W1SZrvTsAnzJ0xPrpJ1AusxWekYIX AUsF6V8hvAWQlBfaGIxSd32UweluQEgwiupOE4RvPN/mbq7HsfEBgQFSM kBLIam2QWkT+/Uj/lh12RvyHD+ALRj/n7leJNpf6iYtzH+833AL0LKqR8 lv/aTN+w+rdMoUfyujsqSSPtQg7Hs6xomx6ZHEFQUDlDbYz0piXEsv/TT w==; X-IronPort-AV: E=McAfee;i="6200,9189,10233"; a="245356946" X-IronPort-AV: E=Sophos;i="5.88,302,1635231600"; d="scan'208";a="245356946" Received: from orsmga008.jf.intel.com ([10.7.209.65]) by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Jan 2022 09:04:58 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.88,302,1635231600"; d="scan'208";a="532863634" Received: from silpixa00400636.ir.intel.com ([10.237.213.19]) by orsmga008.jf.intel.com with ESMTP; 20 Jan 2022 09:04:56 -0800 From: Pablo de Lara To: roy.fan.zhang@intel.com, ciara.power@intel.com Cc: dev@dpdk.org, Pablo de Lara , stable@dpdk.org Subject: [PATCH] crypto/ipsec_mb: fix buffer overrun Date: Thu, 20 Jan 2022 17:04:55 +0000 Message-Id: <20220120170455.41407-1-pablo.de.lara.guarch@intel.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Memory for ZUC cipher/auth key in session had to be expanded to 32 bytes, instead of 16 bytes, when adding ZUC-256 support. However, impact is low as this memory is part of a union with bigger size than 32 bytes. Coverity issue: 374374 Coverity issue: 374379 Fixes: 8c835018de84 ("crypto/ipsec_mb: support ZUC-256 for aesni_mb") Cc: stable@dpdk.org Signed-off-by: Pablo de Lara --- drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h index d37cc787a0..d177961ea5 100644 --- a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h +++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h @@ -848,7 +848,7 @@ struct aesni_mb_session { struct gcm_key_data gcm_key; /* *< Expanded GCM key */ - uint8_t zuc_cipher_key[16]; + uint8_t zuc_cipher_key[32]; /* *< ZUC cipher key */ snow3g_key_schedule_t pKeySched_snow3g_cipher; /* *< SNOW3G scheduled cipher key */ @@ -893,7 +893,7 @@ struct aesni_mb_session { /* *< k3. */ } cmac; /* *< Expanded XCBC authentication keys */ - uint8_t zuc_auth_key[16]; + uint8_t zuc_auth_key[32]; /* *< ZUC authentication key */ snow3g_key_schedule_t pKeySched_snow3g_auth; /* *< SNOW3G scheduled authentication key */ -- 2.25.1