crypto/ipsec_mb: fix buffer overrun

Memory for ZUC cipher/auth key in session had to be expanded to 32 bytes,
instead of 16 bytes, when adding ZUC-256 support.
However, impact is low as this memory is part of a union
with bigger size than 32 bytes.

Coverity issue: 374374
Coverity issue: 374379
Fixes: 8c835018de84 ("crypto/ipsec_mb: support ZUC-256 for aesni_mb")
Cc: stable@dpdk.org
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Ciara Power <ciara.power@intel.com>

diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
index d37cc787a03b0edf4fa336c9d661aaefc9c0a0a9..d177961ea5e1c8ec25df0600f8c24d6b23b8e65c 100644 (file)
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
@@ -848,7 +848,7 @@ struct aesni_mb_session {
 
                        struct gcm_key_data gcm_key;
                        /* *< Expanded GCM key */
-                       uint8_t zuc_cipher_key[16];
+                       uint8_t zuc_cipher_key[32];
                        /* *< ZUC cipher key */
                        snow3g_key_schedule_t pKeySched_snow3g_cipher;
                        /* *< SNOW3G scheduled cipher key */
@@ -893,7 +893,7 @@ struct aesni_mb_session {
                                /* *< k3. */
                        } cmac;
                        /* *< Expanded XCBC authentication keys */
-                       uint8_t zuc_auth_key[16];
+                       uint8_t zuc_auth_key[32];
                        /* *< ZUC authentication key */
                        snow3g_key_schedule_t pKeySched_snow3g_auth;
                        /* *< SNOW3G scheduled authentication key */