git: 4285655adb74 - main - aesni: Avoid a potential out-of-bounds load in AES_GCM_encrypt()

The branch main has been updated by markj:

URL: https://cgit.FreeBSD.org/src/commit/?id=4285655adb7480336857bf8e051365d73db18011

commit 4285655adb7480336857bf8e051365d73db18011
Author:     Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2021-11-16 14:16:16 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2021-11-16 18:30:22 +0000

    aesni: Avoid a potential out-of-bounds load in AES_GCM_encrypt()
    
    Reported by:    Jenkins (KASAN job)
    Reviewed by:    cem, jhb
    MFC after:      1 week
    Sponsored by:   The FreeBSD Foundation
    Differential Revision:  https://reviews.freebsd.org/D33012
---
 sys/crypto/aesni/aesni_ghash.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/sys/crypto/aesni/aesni_ghash.c b/sys/crypto/aesni/aesni_ghash.c
index b0d1b6137ec6..a1295b6ccbda 100644
--- a/sys/crypto/aesni/aesni_ghash.c
+++ b/sys/crypto/aesni/aesni_ghash.c
@@ -504,9 +504,10 @@ AES_GCM_encrypt(const unsigned char *in, unsigned char *out,
 		}
 		tmp1 = _mm_aesenc_si128(tmp1, KEY[nr-1]);
 		tmp1 = _mm_aesenclast_si128(tmp1, KEY[nr]);
-		tmp1 = _mm_xor_si128(tmp1,
-		    _mm_loadu_si128(&((const __m128i *)in)[k]));
-		last_block = tmp1;
+		last_block = _mm_setzero_si128();
+		memcpy(&last_block, &((const __m128i *)in)[k],
+		    nbytes % 16);
+		last_block = _mm_xor_si128(last_block, tmp1);
 		for (j=0; j<nbytes%16; j++)
 			out[k*16+j] = ((unsigned char*)&last_block)[j];
 		for ((void)j; j<16; j++)