Skip to content

accelerated: check keysize in SSSE3 cipher setkey

Vitezslav Cizek requested to merge civz/gnutls:aes_key_size into master

File da59d34eacdf50a0019a457fb7c4916be48c99a5 causes crashes on i586 machines. The file contains a PKCS#8 encoded key of size 1.

The SSSE3 AES codepath accepts the key without any sanity checks. _gnutls_pkcs_raw_decrypt_data then allocates 1 byte buffer for the key.

Later when the optimized AES computation begins, it loads 16 bytes from the memory address consisting of just 1 malloc()ed byte to the xmm registers.

_vpaes_schedule_core () at elf/aes-ssse3-x86.s:249 249 movdqu (%esi),%xmm0

Two invalid writes happen later, when the routine writes the result of the computation back to the memory.

Checking for proper AES keysize (16/24/32 bytes) mitigates the issue.

Reviewer's checklist:

  • Any issues marked for closing are addressed
  • There is a test suite reasonably covering new functionality or modifications
  • Function naming, parameters, return values, types, etc., are consistent and according to CONTRIBUTION.md
  • This feature/change has adequate documentation added
  • No obvious mistakes in the code

Merge request reports