Differential D31730

aesni: Avoid a potential out-of-bounds load in aes_encrypt_icm()
ClosedPublic
Actions

Authored by markj on Aug 30 2021, 5:40 PM.

Tags

None

Referenced Files

	F148493912: D31730.id94382.diff
	Wed, Mar 18, 6:08 AM

	Unknown Object (File)
	Tue, Mar 17, 3:14 AM

	Unknown Object (File)
	Sat, Mar 14, 7:23 AM

	Unknown Object (File)
	Sun, Mar 8, 4:39 PM

	Unknown Object (File)
	Jan 13 2026, 1:47 PM

	Unknown Object (File)
	Jan 12 2026, 12:15 AM

	Unknown Object (File)
	Jan 11 2026, 11:53 PM

	Unknown Object (File)
	Jan 7 2026, 4:59 AM

Subscribers

Details

Reviewers

jhb
cem

Commits

rG564b6aa7fccd: aesni: Avoid a potential out-of-bounds load in aes_encrypt_icm()

Summary

Given a partial block at the end of a payload, aes_encrypt_icm() would
perform a 16-byte load of the residual into a temporary variable. This
is unsafe in principle since the full block may cross a page boundary.
Fix the problem by copying up to the end of input into a stack variable
and operating on that instead.

Reported by: syzbot+b7e44cde9e2e89f0f6c9@syzkaller.appspotmail.com
Reported by: syzbot+4b5eaf123a99456b5160@syzkaller.appspotmail.com

Test Plan

cryptocheck (which is also able to trigger the panic with KASAN enabled)

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

markj created this revision.Aug 30 2021, 5:40 PM

Herald added subscribers: jmg, imp. · View Herald TranscriptAug 30 2021, 5:40 PM

markj requested review of this revision.Aug 30 2021, 5:40 PM

Harbormaster completed remote builds in B41265: Diff 94382.Aug 30 2021, 5:40 PM

markj edited the summary of this revision. (Show Details)Aug 30 2021, 5:41 PM

markj edited the test plan for this revision. (Show Details)

markj added reviewers: jhb, cem.

jhb accepted this revision.Aug 30 2021, 5:50 PM

This revision is now accepted and ready to land.Aug 30 2021, 5:50 PM

Lgtm.

Closed by commit rG564b6aa7fccd: aesni: Avoid a potential out-of-bounds load in aes_encrypt_icm() (authored by markj). · Explain WhyAug 30 2021, 6:24 PM

This revision was automatically updated to reflect the committed changes.

markj added a commit: rG564b6aa7fccd: aesni: Avoid a potential out-of-bounds load in aes_encrypt_icm().

Revision Contents
Changeset List

Path

Size

sys/

crypto/

aesni/

18 lines

Diff 94383

sys/crypto/aesni/aesni_wrap.c

Loading...