diff options
author | Janne Peltonen <janne.peltonen@nokia.com> | 2022-12-20 17:49:22 +0200 |
---|---|---|
committer | Petri Savolainen <petri.savolainen@nokia.com> | 2022-12-22 12:23:30 +0200 |
commit | 1898b096ac0251584f89ddb547b13ebdd4927f61 (patch) | |
tree | 700083afe929456e00f8d4a7eba0d3bd65add2df /platform | |
parent | 7f850ba0a85e94094cd4226dee6bbd1ec7798398 (diff) |
linux-gen: crypto: arm: fix out-of-bounds IV read access
The Arm crypto library may read up to 16 bytes of data when it is reading
a 12 byte IV. If the IV provided by the caller ends at a page boundary and
the next page is not mapped to readable memory, bad things can happen.
Fix the problem by always copying the user provided IV to a bigger
temporary buffer that is passed to the crypto library.
Signed-off-by: Janne Peltonen <janne.peltonen@nokia.com>
Reviewed-by: Jere Leppänen <jere.leppanen@nokia.com>
Diffstat (limited to 'platform')
-rw-r--r-- | platform/linux-generic/arch/aarch64/odp_crypto_armv8.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/platform/linux-generic/arch/aarch64/odp_crypto_armv8.c b/platform/linux-generic/arch/aarch64/odp_crypto_armv8.c index df9d6442f..0a73d4868 100644 --- a/platform/linux-generic/arch/aarch64/odp_crypto_armv8.c +++ b/platform/linux-generic/arch/aarch64/odp_crypto_armv8.c @@ -239,6 +239,7 @@ void aes_gcm_encrypt(odp_packet_t pkt, .d = {0, 0} } }; + uint8_t iv_data[ARM_CRYPTO_MAX_IV_LENGTH]; uint8_t *iv_ptr; uint64_t iv_bit_length = AES_GCM_IV_LEN * 8; uint64_t plaintext_bit_length = param->cipher_range.length * 8; @@ -267,6 +268,9 @@ void aes_gcm_encrypt(odp_packet_t pkt, iv_ptr = param->cipher_iv_ptr; _ODP_ASSERT(iv_ptr != NULL); #endif + /* The crypto lib may read 16 bytes. Copy to a big enough buffer */ + memcpy(iv_data, iv_ptr, AES_GCM_IV_LEN); + iv_ptr = iv_data; cs.constants = &session->cc; @@ -339,6 +343,7 @@ void aes_gcm_decrypt(odp_packet_t pkt, .d = {0, 0} } }; + uint8_t iv_data[ARM_CRYPTO_MAX_IV_LENGTH]; uint8_t *iv_ptr; uint8_t tag[AES_GCM_TAG_LEN]; uint64_t iv_bit_length = AES_GCM_IV_LEN * 8; @@ -367,6 +372,9 @@ void aes_gcm_decrypt(odp_packet_t pkt, iv_ptr = param->cipher_iv_ptr; _ODP_ASSERT(iv_ptr != NULL); #endif + /* The crypto lib may read 16 bytes. Copy to a big enough buffer */ + memcpy(iv_data, iv_ptr, AES_GCM_IV_LEN); + iv_ptr = iv_data; cs.constants = &session->cc; |