crypto/aes: add missing aes-gcm buffer overlap checks to PPC64

The tests added by CL 601778 highlighted missing buffer overlap
checks in the ppc64 specific aes-gcm implementation.

Fixes #69007

Change-Id: I80c3b5628c5079cfed2c3dace7298512c16a8f46
Reviewed-on: https://go-review.googlesource.com/c/go/+/607519
Reviewed-by: Cherry Mui <[email protected]>
LUCI-TryBot-Result: Go LUCI <[email protected]>
Reviewed-by: Dmitri Shuralyov <[email protected]>

Author: pmur

src/crypto/aes/gcm_ppc64x.go

@@ -8,6 +8,7 @@ package aes
 
 import (
 	"crypto/cipher"
+	"crypto/internal/alias"
 	"crypto/subtle"
 	"errors"
 	"internal/byteorder"
@@ -171,6 +172,9 @@ func (g *gcmAsm) Seal(dst, nonce, plaintext, data []byte) []byte {
 	}
 
 	ret, out := sliceForAppend(dst, len(plaintext)+g.tagSize)
+	if alias.InexactOverlap(out[:len(plaintext)], plaintext) {
+		panic("crypto/cipher: invalid buffer overlap")
+	}
 
 	var counter, tagMask [gcmBlockSize]byte
 	g.deriveCounter(&counter, nonce)
@@ -210,6 +214,9 @@ func (g *gcmAsm) Open(dst, nonce, ciphertext, data []byte) ([]byte, error) {
 	g.auth(expectedTag[:], ciphertext, data, &tagMask)
 
 	ret, out := sliceForAppend(dst, len(ciphertext))
+	if alias.InexactOverlap(out, ciphertext) {
+		panic("crypto/cipher: invalid buffer overlap")
+	}
 
 	if subtle.ConstantTimeCompare(expectedTag[:g.tagSize], tag) != 1 {
 		clear(out)