Hi Fan, > -----Original Message----- > From: dev [mailto:dev-boun...@dpdk.org] On Behalf Of Fan Zhang > Sent: Wednesday, May 15, 2019 4:33 PM > To: dev@dpdk.org > Cc: akhil.go...@nxp.com; Zhang, Roy Fan <roy.fan.zh...@intel.com> > Subject: [dpdk-dev] [PATCH] aesni_mb: fix out-of-bounds access > > This patch fixes the out-of-bounds coverity issue by adding missed > algorithms to the array. > > Coverity issue: 337683 > > Fixes: c68d7aa354f6 ("crypto/aesni_mb: use architecture independent > macros") > > Signed-off-by: Fan Zhang <roy.fan.zh...@intel.com> > --- > drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h | 8 +++++++- > 1 file changed, 7 insertions(+), 1 deletion(-) > > diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h > b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h > index 4d439360f..c937b21b6 100644 > --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h > +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h > @@ -65,7 +65,13 @@ static const unsigned > auth_truncated_digest_byte_lengths[] = { > [AES_XCBC] = 12, > [AES_CMAC] = 12, > [AES_CCM] = 8, > - [NULL_HASH] = 0 > + [NULL_HASH] = 0, > + [AES_GMAC] = 12,
According to the code in the IPSec MB lib, truncated value for GMAC is 16, although it can actually generate anything from 4 to 16 bytes, so I guess any value between this range could work. > + [PLAIN_SHA1] = 20, > + [PLAIN_SHA_224] = 28, > + [PLAIN_SHA_256] = 32, > + [PLAIN_SHA_384] = 48, > + [PLAIN_SHA_512] = 64 > }; > Could you also complete the other two arrays? auth_digest_byte_lengths (missing AES_CCM) and auth_blocksize. Thanks! Pablo > /** > -- > 2.14.5
