Page MenuHomeFreeBSD

aesni: Fix yet another out-of-bounds read
ClosedPublic

Authored by markj on Dec 15 2021, 5:20 PM.
Tags
None
Referenced Files
Unknown Object (File)
Feb 19 2024, 11:48 PM
Unknown Object (File)
Feb 18 2024, 8:25 AM
Unknown Object (File)
Jan 18 2024, 8:31 PM
Unknown Object (File)
Jan 16 2024, 4:49 AM
Unknown Object (File)
Dec 23 2023, 10:09 AM
Unknown Object (File)
Dec 12 2023, 7:37 AM
Unknown Object (File)
Dec 1 2023, 7:13 PM
Unknown Object (File)
Dec 1 2023, 7:00 PM
Subscribers

Details

Summary

This is the same as 4285655adb74 ("aesni: Avoid a potential
out-of-bounds load in AES_GCM_encrypt()") except for the decryption
path. I failed to notice this last time since I assumed that encryption
and decryption use the same routine, like the CTR mode implementation
does.

Reported by: Jenkins (KASAN job)

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
No Lint Coverage
Unit
No Test Coverage
Build Status
Buildable 43389
Build 40277: arc lint + arc unit

Event Timeline

markj requested review of this revision.Dec 15 2021, 5:20 PM

LGTM modulo overflow concern and what looks like a typo.

sys/crypto/aesni/aesni_ghash.c
793

Is this correct if nbytes was > 2GB? nbytes is a uint32 but resid is (signed) integer.

806

typo

sys/crypto/aesni/aesni_ghash.c
793

I think it still happens to work. Note that OCF itself can only describe buffers up to 2GB anyway (crp_payload_length is an int I think?)

markj marked 3 inline comments as done.

Drop the use of resid entirely, this is consistent with AES_GCM_encrypt() anyway.

This revision is now accepted and ready to land.Dec 15 2021, 8:03 PM