* [PATCH] crypto/ipsec_mb: fix buffer overrun
@ 2022-01-20 17:04 Pablo de Lara
2022-01-24 16:08 ` Power, Ciara
0 siblings, 1 reply; 3+ messages in thread
From: Pablo de Lara @ 2022-01-20 17:04 UTC (permalink / raw)
To: roy.fan.zhang, ciara.power; +Cc: dev, Pablo de Lara, stable
Memory for ZUC cipher/auth key in session had to be expanded to 32 bytes,
instead of 16 bytes, when adding ZUC-256 support.
However, impact is low as this memory is part of a union
with bigger size than 32 bytes.
Coverity issue: 374374
Coverity issue: 374379
Fixes: 8c835018de84 ("crypto/ipsec_mb: support ZUC-256 for aesni_mb")
Cc: stable@dpdk.org
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
index d37cc787a0..d177961ea5 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
@@ -848,7 +848,7 @@ struct aesni_mb_session {
struct gcm_key_data gcm_key;
/* *< Expanded GCM key */
- uint8_t zuc_cipher_key[16];
+ uint8_t zuc_cipher_key[32];
/* *< ZUC cipher key */
snow3g_key_schedule_t pKeySched_snow3g_cipher;
/* *< SNOW3G scheduled cipher key */
@@ -893,7 +893,7 @@ struct aesni_mb_session {
/* *< k3. */
} cmac;
/* *< Expanded XCBC authentication keys */
- uint8_t zuc_auth_key[16];
+ uint8_t zuc_auth_key[32];
/* *< ZUC authentication key */
snow3g_key_schedule_t pKeySched_snow3g_auth;
/* *< SNOW3G scheduled authentication key */
--
2.25.1
^ permalink raw reply [flat|nested] 3+ messages in thread
* RE: [PATCH] crypto/ipsec_mb: fix buffer overrun
2022-01-20 17:04 [PATCH] crypto/ipsec_mb: fix buffer overrun Pablo de Lara
@ 2022-01-24 16:08 ` Power, Ciara
2022-02-08 21:25 ` Akhil Goyal
0 siblings, 1 reply; 3+ messages in thread
From: Power, Ciara @ 2022-01-24 16:08 UTC (permalink / raw)
To: De Lara Guarch, Pablo, Zhang, Roy Fan; +Cc: dev, stable
Hi Pablo,
>-----Original Message-----
>From: De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>
>Sent: Thursday 20 January 2022 17:05
>To: Zhang, Roy Fan <roy.fan.zhang@intel.com>; Power, Ciara
><ciara.power@intel.com>
>Cc: dev@dpdk.org; De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>;
>stable@dpdk.org
>Subject: [PATCH] crypto/ipsec_mb: fix buffer overrun
>
>Memory for ZUC cipher/auth key in session had to be expanded to 32 bytes,
>instead of 16 bytes, when adding ZUC-256 support.
>However, impact is low as this memory is part of a union with bigger size than
>32 bytes.
>
>Coverity issue: 374374
>Coverity issue: 374379
>Fixes: 8c835018de84 ("crypto/ipsec_mb: support ZUC-256 for aesni_mb")
>Cc: stable@dpdk.org
>
>Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
<snip>
Acked-by: Ciara Power <ciara.power@intel.com>
^ permalink raw reply [flat|nested] 3+ messages in thread
* RE: [PATCH] crypto/ipsec_mb: fix buffer overrun
2022-01-24 16:08 ` Power, Ciara
@ 2022-02-08 21:25 ` Akhil Goyal
0 siblings, 0 replies; 3+ messages in thread
From: Akhil Goyal @ 2022-02-08 21:25 UTC (permalink / raw)
To: Power, Ciara, De Lara Guarch, Pablo, Zhang, Roy Fan; +Cc: dev, stable
> >Memory for ZUC cipher/auth key in session had to be expanded to 32 bytes,
> >instead of 16 bytes, when adding ZUC-256 support.
> >However, impact is low as this memory is part of a union with bigger size than
> >32 bytes.
> >
> >Coverity issue: 374374
> >Coverity issue: 374379
> >Fixes: 8c835018de84 ("crypto/ipsec_mb: support ZUC-256 for aesni_mb")
> >Cc: stable@dpdk.org
> >
> >Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
> <snip>
>
> Acked-by: Ciara Power <ciara.power@intel.com>
Applied to dpdk-next-crypto
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-02-08 21:25 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-01-20 17:04 [PATCH] crypto/ipsec_mb: fix buffer overrun Pablo de Lara
2022-01-24 16:08 ` Power, Ciara
2022-02-08 21:25 ` Akhil Goyal
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).