upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-02-20 00:11:07 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
opnsense-src/sys/crypto
History
Mark Johnston 9e08dbbd51 aesni: Avoid a potential out-of-bounds load in aes_encrypt_icm() 
Given a partial block at the end of a payload, aes_encrypt_icm() would
perform a 16-byte load of the residual into a temporary variable.  This
is unsafe in principle since the full block may cross a page boundary.
Fix the problem by copying the residual into a stack buffer first.

Reported by:	syzbot+b7e44cde9e2e89f0f6c9@syzkaller.appspotmail.com
Reported by:	syzbot+4b5eaf123a99456b5160@syzkaller.appspotmail.com
Reported by:	syzbot+70c74c1aa232633355ca@syzkaller.appspotmail.com
Reported by:	syzbot+2c663776a52828373d41@syzkaller.appspotmail.com
Reviewed by:	cem, jhb
Sponsored by:	The FreeBSD Foundation

(cherry picked from commit 564b6aa7fc)
2021-09-14 09:03:58 +02:00
..
aesni aesni: Avoid a potential out-of-bounds load in aes_encrypt_icm() 2021-09-14 09:03:58 +02:00
armv8 src: clean-cut move to releng/12.1 2019-09-25 16:17:31 +02:00
blake2 src: clean-cut move to releng/12.1 2019-09-25 16:17:31 +02:00
blowfish src: initial commit based on FreeBSD-10.0 2014-11-09 09:30:14 +01:00
camellia src: initial commit based on FreeBSD-10.0 2014-11-09 09:30:14 +01:00
ccp src: clean-cut move to releng/12.1 2019-09-25 16:17:31 +02:00
chacha20 src: clean-cut move to releng/12.1 2019-09-25 16:17:31 +02:00
des src: switch to release/11.2.0 2018-10-07 14:26:34 +02:00
libsodium src: clean-cut move to releng/12.1 2019-09-25 16:17:31 +02:00
rc4 src: initial commit based on FreeBSD-10.0 2014-11-09 09:30:14 +01:00
rijndael src: clean-cut move to release/11.0.0 2016-10-03 12:28:21 +02:00
sha2 src: clean-cut move to releng/12.1 2019-09-25 16:17:31 +02:00
siphash src: clean-cut move to release/11.1.0 2017-08-20 13:44:58 +02:00
skein src: clean-cut move to releng/12.1 2019-09-25 16:17:31 +02:00
via src: clean-cut move to releng/12.1 2019-09-25 16:17:31 +02:00
intake.h src: switch to release/11.2.0 2018-10-07 14:26:34 +02:00
sha1.c src: clean-cut move to releng/12.1 2019-09-25 16:17:31 +02:00
sha1.h src: clean-cut move to releng/12.1 2019-09-25 16:17:31 +02:00