crypto/aes: add missing aes-gcm buffer overlap checks to PPC64

The tests added by CL 601778 highlighted missing buffer overlap checks in the ppc64 specific aes-gcm implementation. Fixes #69007 Change-Id: I80c3b5628c5079cfed2c3dace7298512c16a8f46 Reviewed-on: https://go-review.googlesource.com/c/go/+/607519 Reviewed-by: Cherry Mui <cherryyz@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>

crypto/aes: add missing aes-gcm buffer overlap checks to PPC64
1e9c5bbc · Paul E. Murphy · Paul Murphy · 2cee5d81 · 1e9c5bbc
Commit 1e9c5bbc authored 8 months ago by Paul E. Murphy Committed by Paul Murphy 8 months ago
--- a/src/crypto/aes/gcm_ppc64x.go
+++ b/src/crypto/aes/gcm_ppc64x.go
@@ -8,6 +8,7 @@ package aes

 import (
 	"crypto/cipher"
+	"crypto/internal/alias"
 	"crypto/subtle"
 	"errors"
 	"internal/byteorder"
@@ -171,6 +172,9 @@ func (g *gcmAsm) Seal(dst, nonce, plaintext, data []byte) []byte {
 	}

 	ret, out := sliceForAppend(dst, len(plaintext)+g.tagSize)
+	if alias.InexactOverlap(out[:len(plaintext)], plaintext) {
+		panic("crypto/cipher: invalid buffer overlap")
+	}

 	var counter, tagMask [gcmBlockSize]byte
 	g.deriveCounter(&counter, nonce)
@@ -210,6 +214,9 @@ func (g *gcmAsm) Open(dst, nonce, ciphertext, data []byte) ([]byte, error) {
 	g.auth(expectedTag[:], ciphertext, data, &tagMask)

 	ret, out := sliceForAppend(dst, len(ciphertext))
+	if alias.InexactOverlap(out, ciphertext) {
+		panic("crypto/cipher: invalid buffer overlap")
+	}

 	if subtle.ConstantTimeCompare(expectedTag[:g.tagSize], tag) != 1 {
 		clear(out)