crypto/ipsec_mb: fix buffer overrun
Checks
Commit Message
Memory for ZUC cipher/auth key in session had to be expanded to 32 bytes,
instead of 16 bytes, when adding ZUC-256 support.
However, impact is low as this memory is part of a union
with bigger size than 32 bytes.
Coverity issue: 374374
Coverity issue: 374379
Fixes: 8c835018de84 ("crypto/ipsec_mb: support ZUC-256 for aesni_mb")
Cc: stable@dpdk.org
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
Comments
Hi Pablo,
>-----Original Message-----
>From: De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>
>Sent: Thursday 20 January 2022 17:05
>To: Zhang, Roy Fan <roy.fan.zhang@intel.com>; Power, Ciara
><ciara.power@intel.com>
>Cc: dev@dpdk.org; De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>;
>stable@dpdk.org
>Subject: [PATCH] crypto/ipsec_mb: fix buffer overrun
>
>Memory for ZUC cipher/auth key in session had to be expanded to 32 bytes,
>instead of 16 bytes, when adding ZUC-256 support.
>However, impact is low as this memory is part of a union with bigger size than
>32 bytes.
>
>Coverity issue: 374374
>Coverity issue: 374379
>Fixes: 8c835018de84 ("crypto/ipsec_mb: support ZUC-256 for aesni_mb")
>Cc: stable@dpdk.org
>
>Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
<snip>
Acked-by: Ciara Power <ciara.power@intel.com>
> >Memory for ZUC cipher/auth key in session had to be expanded to 32 bytes,
> >instead of 16 bytes, when adding ZUC-256 support.
> >However, impact is low as this memory is part of a union with bigger size than
> >32 bytes.
> >
> >Coverity issue: 374374
> >Coverity issue: 374379
> >Fixes: 8c835018de84 ("crypto/ipsec_mb: support ZUC-256 for aesni_mb")
> >Cc: stable@dpdk.org
> >
> >Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
> <snip>
>
> Acked-by: Ciara Power <ciara.power@intel.com>
Applied to dpdk-next-crypto
@@ -848,7 +848,7 @@ struct aesni_mb_session {
struct gcm_key_data gcm_key;
/* *< Expanded GCM key */
- uint8_t zuc_cipher_key[16];
+ uint8_t zuc_cipher_key[32];
/* *< ZUC cipher key */
snow3g_key_schedule_t pKeySched_snow3g_cipher;
/* *< SNOW3G scheduled cipher key */
@@ -893,7 +893,7 @@ struct aesni_mb_session {
/* *< k3. */
} cmac;
/* *< Expanded XCBC authentication keys */
- uint8_t zuc_auth_key[16];
+ uint8_t zuc_auth_key[32];
/* *< ZUC authentication key */
snow3g_key_schedule_t pKeySched_snow3g_auth;
/* *< SNOW3G scheduled authentication key */