crypto/ipsec_mb: fix ZUC authentication verify

[ upstream commit bd37697 ] ZUC authentication is done over multiple buffers at a time. When authentication verification is done, multiple scratch buffers are using to generate the tags that will be compared afterwards. However, the same scratch buffer was used always, instead of having different ones for each crypto operation. Fixes: 0b133c3 ("crypto/zuc: support IPsec Multi-buffer lib v0.54") Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
kevintraynor · Feb 28, 2022 · 1170e24 · 1170e24
1 parent bbc5965
commit 1170e24
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/drivers/crypto/ipsec_mb/pmd_zuc.c b/drivers/crypto/ipsec_mb/pmd_zuc.c
@@ -166,7 +166,7 @@ process_zuc_hash_op(struct ipsec_mb_qp *qp, struct rte_crypto_op **ops,
 
 		hash_keys[i] = sess->pKey_hash;
 		if (sess->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY)
-			dst[i] = (uint32_t *)qp_data->temp_digest;
+			dst[i] = (uint32_t *)qp_data->temp_digest[i];
 		else
 			dst[i] = (uint32_t *)ops[i]->sym->auth.digest.data;
 

diff --git a/drivers/crypto/ipsec_mb/pmd_zuc_priv.h b/drivers/crypto/ipsec_mb/pmd_zuc_priv.h
@@ -75,7 +75,7 @@ struct zuc_session {
 
 struct zuc_qp_data {
 
-	uint8_t temp_digest[ZUC_DIGEST_LENGTH];
+	uint8_t temp_digest[ZUC_MAX_BURST][ZUC_DIGEST_LENGTH];
 	/* *< Buffers used to store the digest generated
 	 * by the driver when verifying a digest provided
 	 * by the user (using authentication verify operation)