git: 05bf7d68c568 - stable/13 - aesni: Fix an out-of-bounds read in AES_GCM_decrypt()
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 27 Dec 2021 15:45:49 UTC
The branch stable/13 has been updated by markj:
URL: https://cgit.FreeBSD.org/src/commit/?id=05bf7d68c56830e52dee14dc87c07d6716e8195e
commit 05bf7d68c56830e52dee14dc87c07d6716e8195e
Author: Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2021-12-16 14:08:16 +0000
Commit: Mark Johnston <markj@FreeBSD.org>
CommitDate: 2021-12-27 15:45:36 +0000
aesni: Fix an out-of-bounds read in AES_GCM_decrypt()
This is the same as 4285655adb74 ("aesni: Avoid a potential
out-of-bounds load in AES_GCM_encrypt()") except for the decryption
path.
Reported by: Jenkins (KASAN job)
Reviewed by: cem
Sponsored by: The FreeBSD Foundation
(cherry picked from commit 4a61d8ef42cb44c337dfdc17424cc2e2f1d67fd5)
---
sys/crypto/aesni/aesni_ghash.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/sys/crypto/aesni/aesni_ghash.c b/sys/crypto/aesni/aesni_ghash.c
index a1295b6ccbda..a95723f13d85 100644
--- a/sys/crypto/aesni/aesni_ghash.c
+++ b/sys/crypto/aesni/aesni_ghash.c
@@ -799,8 +799,9 @@ AES_GCM_decrypt(const unsigned char *in, unsigned char *out,
}
tmp1 = _mm_aesenc_si128(tmp1, KEY[nr-1]);
tmp1 = _mm_aesenclast_si128(tmp1, KEY[nr]);
- tmp1 = _mm_xor_si128(tmp1,
- _mm_loadu_si128(&((const __m128i *)in)[k]));
+ last_block = _mm_setzero_si128();
+ memcpy(&last_block, &((const __m128i *)in)[k], nbytes%16);
+ tmp1 = _mm_xor_si128(tmp1, last_block);
last_block = tmp1;
for (j=0; j<nbytes%16; j++)
out[k*16+j] = ((unsigned char*)&last_block)[j];