git: 045fc75ce490 - stable/13 - opencrypto: Respect alignment constraints in xor_and_encrypt()

From: Mark Johnston <markj_at_FreeBSD.org>
Date: Thu, 24 Aug 2023 13:41:07 UTC 
The branch stable/13 has been updated by markj:

URL: https://cgit.FreeBSD.org/src/commit/?id=045fc75ce490cca0aec8f412dd28bc1031e0919d

commit 045fc75ce490cca0aec8f412dd28bc1031e0919d
Author:     Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2023-07-27 19:44:52 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2023-08-24 13:32:59 +0000

    opencrypto: Respect alignment constraints in xor_and_encrypt()
    
    Copy operands to an aligned buffer before performing operations which
    require alignment.  Otherwise it's possible for this code to trigger an
    alignment fault on armv7.
    
    Reviewed by:    jhb
    MFC after:      2 weeks
    Sponsored by:   Klara, Inc.
    Sponsored by:   Stormshield
    Differential Revision:  https://reviews.freebsd.org/D41211
    
    (cherry picked from commit 96c2538121390c872f68ac48f97b35fb973c11dc)
---
 sys/opencrypto/cbc_mac.c | 19 ++++++++-----------
 1 file changed, 8 insertions(+), 11 deletions(-)

diff --git a/sys/opencrypto/cbc_mac.c b/sys/opencrypto/cbc_mac.c
index ed31dd946e48..ed9230beaf49 100644
--- a/sys/opencrypto/cbc_mac.c
+++ b/sys/opencrypto/cbc_mac.c
@@ -38,19 +38,16 @@ static void
 xor_and_encrypt(struct aes_cbc_mac_ctx *ctx,
 		const uint8_t *src, uint8_t *dst)
 {
-	const uint64_t *b1;
-	uint64_t *b2;
-	uint64_t temp_block[CCM_CBC_BLOCK_LEN/sizeof(uint64_t)];
+#define	NWORDS	(CCM_CBC_BLOCK_LEN / sizeof(uint64_t))
+	uint64_t b1[NWORDS], b2[NWORDS], temp[NWORDS];
 
-	b1 = (const uint64_t*)src;
-	b2 = (uint64_t*)dst;
+	memcpy(b1, src, CCM_CBC_BLOCK_LEN);
+	memcpy(b2, dst, CCM_CBC_BLOCK_LEN);
 
-	for (size_t count = 0;
-	     count < CCM_CBC_BLOCK_LEN/sizeof(uint64_t);
-	     count++) {
-		temp_block[count] = b1[count] ^ b2[count];
-	}
-	rijndaelEncrypt(ctx->keysched, ctx->rounds, (void*)temp_block, dst);
+	for (size_t count = 0; count < NWORDS; count++)
+		temp[count] = b1[count] ^ b2[count];
+	rijndaelEncrypt(ctx->keysched, ctx->rounds, (void *)temp, dst);
+#undef NWORDS
 }
 
 void