Page MenuHomeFreeBSD

aesni: Fix yet another out-of-bounds read
ClosedPublic

Authored by markj on Dec 15 2021, 5:20 PM.

Details

Summary

This is the same as 4285655adb74 ("aesni: Avoid a potential
out-of-bounds load in AES_GCM_encrypt()") except for the decryption
path. I failed to notice this last time since I assumed that encryption
and decryption use the same routine, like the CTR mode implementation
does.

Reported by: Jenkins (KASAN job)

Diff Detail

Repository
rG FreeBSD src repository
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

markj requested review of this revision.Dec 15 2021, 5:20 PM

LGTM modulo overflow concern and what looks like a typo.

sys/crypto/aesni/aesni_ghash.c
793

Is this correct if nbytes was > 2GB? nbytes is a uint32 but resid is (signed) integer.

806

typo

sys/crypto/aesni/aesni_ghash.c
793

I think it still happens to work. Note that OCF itself can only describe buffers up to 2GB anyway (crp_payload_length is an int I think?)

markj marked 3 inline comments as done.

Drop the use of resid entirely, this is consistent with AES_GCM_encrypt() anyway.

This revision is now accepted and ready to land.Dec 15 2021, 8:03 PM