Date: Tue, 23 Nov 2021 14:32:57 GMT From: Mark Johnston <markj@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Subject: git: 8c29b0eeb0ce - stable/13 - aesni: Avoid a potential out-of-bounds load in AES_GCM_encrypt() Message-ID: <202111231432.1ANEWvv2039008@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch stable/13 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=8c29b0eeb0ce4b7e6df524004d5edfbb6146e35b commit 8c29b0eeb0ce4b7e6df524004d5edfbb6146e35b Author: Mark Johnston <markj@FreeBSD.org> AuthorDate: 2021-11-16 14:16:16 +0000 Commit: Mark Johnston <markj@FreeBSD.org> CommitDate: 2021-11-23 14:32:33 +0000 aesni: Avoid a potential out-of-bounds load in AES_GCM_encrypt() Reported by: Jenkins (KASAN job) Reviewed by: cem, jhb Sponsored by: The FreeBSD Foundation (cherry picked from commit 4285655adb7480336857bf8e051365d73db18011) --- sys/crypto/aesni/aesni_ghash.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/sys/crypto/aesni/aesni_ghash.c b/sys/crypto/aesni/aesni_ghash.c index b0d1b6137ec6..a1295b6ccbda 100644 --- a/sys/crypto/aesni/aesni_ghash.c +++ b/sys/crypto/aesni/aesni_ghash.c @@ -504,9 +504,10 @@ AES_GCM_encrypt(const unsigned char *in, unsigned char *out, } tmp1 = _mm_aesenc_si128(tmp1, KEY[nr-1]); tmp1 = _mm_aesenclast_si128(tmp1, KEY[nr]); - tmp1 = _mm_xor_si128(tmp1, - _mm_loadu_si128(&((const __m128i *)in)[k])); - last_block = tmp1; + last_block = _mm_setzero_si128(); + memcpy(&last_block, &((const __m128i *)in)[k], + nbytes % 16); + last_block = _mm_xor_si128(last_block, tmp1); for (j=0; j<nbytes%16; j++) out[k*16+j] = ((unsigned char*)&last_block)[j]; for ((void)j; j<16; j++)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202111231432.1ANEWvv2039008>