From: Paul E. Murphy <murp@ibm.com>
Date: Thu, 22 Aug 2024 14:50:08 +0000 (-0500)
Subject: crypto/aes: add missing aes-gcm buffer overlap checks to PPC64
X-Git-Tag: go1.24rc1~1118
X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=1e9c5bbc8a428da5832137e84d08ff2b8e99dfaa;p=gostls13.git

crypto/aes: add missing aes-gcm buffer overlap checks to PPC64

The tests added by CL 601778 highlighted missing buffer overlap
checks in the ppc64 specific aes-gcm implementation.

Fixes #69007

Change-Id: I80c3b5628c5079cfed2c3dace7298512c16a8f46
Reviewed-on: https://go-review.googlesource.com/c/go/+/607519
Reviewed-by: Cherry Mui <cherryyz@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
---

diff --git a/src/crypto/aes/gcm_ppc64x.go b/src/crypto/aes/gcm_ppc64x.go
index f1e85129a8..e3fa48ed8d 100644
--- a/src/crypto/aes/gcm_ppc64x.go
+++ b/src/crypto/aes/gcm_ppc64x.go
@@ -8,6 +8,7 @@ package aes
 
 import (
 	"crypto/cipher"
+	"crypto/internal/alias"
 	"crypto/subtle"
 	"errors"
 	"internal/byteorder"
@@ -171,6 +172,9 @@ func (g *gcmAsm) Seal(dst, nonce, plaintext, data []byte) []byte {
 	}
 
 	ret, out := sliceForAppend(dst, len(plaintext)+g.tagSize)
+	if alias.InexactOverlap(out[:len(plaintext)], plaintext) {
+		panic("crypto/cipher: invalid buffer overlap")
+	}
 
 	var counter, tagMask [gcmBlockSize]byte
 	g.deriveCounter(&counter, nonce)
@@ -210,6 +214,9 @@ func (g *gcmAsm) Open(dst, nonce, ciphertext, data []byte) ([]byte, error) {
 	g.auth(expectedTag[:], ciphertext, data, &tagMask)
 
 	ret, out := sliceForAppend(dst, len(ciphertext))
+	if alias.InexactOverlap(out, ciphertext) {
+		panic("crypto/cipher: invalid buffer overlap")
+	}
 
 	if subtle.ConstantTimeCompare(expectedTag[:g.tagSize], tag) != 1 {
 		clear(out)