crypto/aes: add missing aes-gcm buffer overlap checks to PPC64

The tests added by CL 601778 highlighted missing buffer overlap
checks in the ppc64 specific aes-gcm implementation.

Fixes #69007

Change-Id: I80c3b5628c5079cfed2c3dace7298512c16a8f46
Reviewed-on: https://go-review.googlesource.com/c/go/+/607519
Reviewed-by: Cherry Mui <cherryyz@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>

diff --git a/src/crypto/aes/gcm_ppc64x.go b/src/crypto/aes/gcm_ppc64x.go
index f1e85129a8e060d55a80583eea16c3467f520f14..e3fa48ed8d135cf3ac3ac7cd576f4d1427172903 100644 (file)
--- a/src/crypto/aes/gcm_ppc64x.go
+++ b/src/crypto/aes/gcm_ppc64x.go
@@ -8,6 +8,7 @@ package aes
 
 import (
        "crypto/cipher"
+       "crypto/internal/alias"
        "crypto/subtle"
        "errors"
        "internal/byteorder"
@@ -171,6 +172,9 @@ func (g *gcmAsm) Seal(dst, nonce, plaintext, data []byte) []byte {
        }
 
        ret, out := sliceForAppend(dst, len(plaintext)+g.tagSize)
+       if alias.InexactOverlap(out[:len(plaintext)], plaintext) {
+               panic("crypto/cipher: invalid buffer overlap")
+       }
 
        var counter, tagMask [gcmBlockSize]byte
        g.deriveCounter(&counter, nonce)
@@ -210,6 +214,9 @@ func (g *gcmAsm) Open(dst, nonce, ciphertext, data []byte) ([]byte, error) {
        g.auth(expectedTag[:], ciphertext, data, &tagMask)
 
        ret, out := sliceForAppend(dst, len(ciphertext))
+       if alias.InexactOverlap(out, ciphertext) {
+               panic("crypto/cipher: invalid buffer overlap")
+       }
 
        if subtle.ConstantTimeCompare(expectedTag[:g.tagSize], tag) != 1 {
                clear(out)