K 10
svn:author
V 5
markj
K 8
svn:date
V 27
2021-09-06T16:31:32.913208Z
K 7
svn:log
V 828
aesni: Avoid a potential out-of-bounds load in aes_encrypt_icm()

Given a partial block at the end of a payload, aes_encrypt_icm() would
perform a 16-byte load of the residual into a temporary variable.  This
is unsafe in principle since the full block may cross a page boundary.
Fix the problem by copying the residual into a stack buffer first.

Reported by:	syzbot+b7e44cde9e2e89f0f6c9@syzkaller.appspotmail.com
Reported by:	syzbot+4b5eaf123a99456b5160@syzkaller.appspotmail.com
Reported by:	syzbot+70c74c1aa232633355ca@syzkaller.appspotmail.com
Reported by:	syzbot+2c663776a52828373d41@syzkaller.appspotmail.com
Reviewed by:	cem, jhb
Sponsored by:	The FreeBSD Foundation

(cherry picked from commit 564b6aa7fccd98654207447f870b82659b895e7b)

Git Hash:   9ca533bfb45aa45d95e434d2682d5c5b667fb022
Git Author: markj@FreeBSD.org
END