[openwrt/openwrt] ltq-deu: aes: do not read/write behind buffer
LEDE Commits
lede-commits at lists.infradead.org
Wed Jan 5 17:10:15 PST 2022
hauke pushed a commit to openwrt/openwrt.git, branch master:
https://git.openwrt.org/ab270c6fbc38f81669529300daee85b809111c39
commit ab270c6fbc38f81669529300daee85b809111c39
Author: Mathias Kresin <dev at kresin.me>
AuthorDate: Sun Apr 18 14:26:01 2021 +0200
ltq-deu: aes: do not read/write behind buffer
When handling non-aligned remaining data (not padded to 16 byte
[AES_BLOCK_SIZE]), a full 16 byte block is read from the input buffer
and written to the output buffer after en-/decryption.
While code already assumes that an input buffer could have less than 16
byte remaining, as it can be seen by the code zeroing the remaining
bytes till AES_BLOCK_SIZE, the full AES_BLOCK_SIZE is read.
An output buffer size of a multiple of AES_BLOCK_SIZE is expected but
never validated.
To get rid of the read/write behind buffer, use a temporary buffer when
dealing with not padded data and only write as much bytes to the output
as we read.
Do not memcpy directly to the register, to make used of the endian swap
macro and to trigger the crypto start operator via the ID0R to trigger
the register. Since we might need an endian swap for the output in
future, use a temporary buffer for the output as well.
The issue could not be observed so far, since all caller of ifx_deu_aes
will ignore the padded (remaining) data. Considering that the minimum
blocksize for the algorithm is set to AES_BLOCK_SIZE, the behaviour
could be called expected.
Signed-off-by: Mathias Kresin <dev at kresin.me>
[fix commit title prefix]
Signed-off-by: Daniel Kestrel <kestrel1974 at t-online.de>
---
package/kernel/lantiq/ltq-deu/src/ifxmips_aes.c | 26 +++++++++++++------------
1 file changed, 14 insertions(+), 12 deletions(-)
diff --git a/package/kernel/lantiq/ltq-deu/src/ifxmips_aes.c b/package/kernel/lantiq/ltq-deu/src/ifxmips_aes.c
index 7ce6df0ac6..62ce563181 100644
--- a/package/kernel/lantiq/ltq-deu/src/ifxmips_aes.c
+++ b/package/kernel/lantiq/ltq-deu/src/ifxmips_aes.c
@@ -251,23 +251,25 @@ void ifx_deu_aes (void *ctx_arg, u8 *out_arg, const u8 *in_arg,
/* To handle all non-aligned bytes (not aligned to 16B size) */
if (byte_cnt) {
- aes->ID3R = INPUT_ENDIAN_SWAP(*((u32 *) in_arg + (i * 4) + 0));
- aes->ID2R = INPUT_ENDIAN_SWAP(*((u32 *) in_arg + (i * 4) + 1));
- aes->ID1R = INPUT_ENDIAN_SWAP(*((u32 *) in_arg + (i * 4) + 2));
- aes->ID0R = INPUT_ENDIAN_SWAP(*((u32 *) in_arg + (i * 4) + 3)); /* start crypto */
+ u8 *input[16];
+ u8 *output[16];
+
+ memcpy(input, ((u32 *) in_arg + (i * 4)), byte_cnt);
+
+ aes->ID3R = INPUT_ENDIAN_SWAP(*((u32 *) input + (i * 4) + 0));
+ aes->ID2R = INPUT_ENDIAN_SWAP(*((u32 *) input + (i * 4) + 1));
+ aes->ID1R = INPUT_ENDIAN_SWAP(*((u32 *) input + (i * 4) + 2));
+ aes->ID0R = INPUT_ENDIAN_SWAP(*((u32 *) input + (i * 4) + 3)); /* start crypto */
while (aes->controlr.BUS) {
}
- *((volatile u32 *) out_arg + (i * 4) + 0) = aes->OD3R;
- *((volatile u32 *) out_arg + (i * 4) + 1) = aes->OD2R;
- *((volatile u32 *) out_arg + (i * 4) + 2) = aes->OD1R;
- *((volatile u32 *) out_arg + (i * 4) + 3) = aes->OD0R;
-
- /* to ensure that the extended pages are clean */
- memset (out_arg + (i * 16) + (nbytes % AES_BLOCK_SIZE), 0,
- (AES_BLOCK_SIZE - (nbytes % AES_BLOCK_SIZE)));
+ *((volatile u32 *) output + (i * 4) + 0) = aes->OD3R;
+ *((volatile u32 *) output + (i * 4) + 1) = aes->OD2R;
+ *((volatile u32 *) output + (i * 4) + 2) = aes->OD1R;
+ *((volatile u32 *) output + (i * 4) + 3) = aes->OD0R;
+ memcpy(((u32 *) out_arg + (i * 4)), output, byte_cnt);
}
//tc.chen : copy iv_arg back
More information about the lede-commits
mailing list