Page MenuHomeFreeBSD

aesni: Avoid a potential out-of-bounds load in aes_encrypt_icm()

Authored by markj on Aug 30 2021, 5:40 PM.



Given a partial block at the end of a payload, aes_encrypt_icm() would
perform a 16-byte load of the residual into a temporary variable. This
is unsafe in principle since the full block may cross a page boundary.
Fix the problem by copying up to the end of input into a stack variable
and operating on that instead.

Reported by:
Reported by:

Test Plan

cryptocheck (which is also able to trigger the panic with KASAN enabled)

Diff Detail

R10 FreeBSD src repository
Automatic diff as part of commit; lint not applicable.
Automatic diff as part of commit; unit tests not applicable.