Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Step:15-SP4
openssl-3.31275
openssl-CVE-2023-1255.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File openssl-CVE-2023-1255.patch of Package openssl-3.31275
From 72dfe46550ee1f1bbfacd49f071419365bc23304 Mon Sep 17 00:00:00 2001 From: Tomas Mraz <tomas@openssl.org> Date: Mon, 17 Apr 2023 16:51:20 +0200 Subject: [PATCH] aesv8-armx.pl: Avoid buffer overrread in AES-XTS decryption Original author: Nevine Ebeid (Amazon) Fixes: CVE-2023-1255 The buffer overread happens on decrypts of 4 mod 5 sizes. Unless the memory just after the buffer is unmapped this is harmless. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/openssl/pull/20759) --- CHANGES.md | 10 ++++++++++ NEWS.md | 3 +++ crypto/aes/asm/aesv8-armx.pl | 4 +++- 3 files changed, 16 insertions(+), 1 deletion(-) --- a/CHANGES.md +++ b/CHANGES.md @@ -30,6 +30,15 @@ breaking changes, and mappings for the l ### Changes between 3.0.7 and 3.0.8 [7 Feb 2023] + * Fixed buffer overread in AES-XTS decryption on ARM 64 bit platforms which + happens if the buffer size is 4 mod 5. This can trigger a crash of an + application using AES-XTS decryption if the memory just after the buffer + being decrypted is not mapped. + Thanks to Anton Romanov (Amazon) for discovering the issue. + ([CVE-2023-1255]) + + *Nevine Ebeid* + * Corrected documentation of X509_VERIFY_PARAM_add0_policy() to mention that it does not enable policy checking. Thanks to David Benjamin for discovering this issue. @@ -19604,6 +19613,7 @@ ndif <!-- Links --> +[CVE-2023-1255]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-1255 [CVE-2023-0466]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0466 [CVE-2023-0465]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0465 [CVE-2023-0464]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0464 --- a/NEWS.md +++ b/NEWS.md @@ -20,6 +20,8 @@ OpenSSL 3.0 ### Major changes between OpenSSL 3.0.7 and OpenSSL 3.0.8 [7 Feb 2023] + * Fixed buffer overread in AES-XTS decryption on ARM 64 bit platforms + ([CVE-2023-1255]) * Fixed documentation of X509_VERIFY_PARAM_add0_policy() ([CVE-2023-0466]) * Fixed handling of invalid certificate policies in leaf certificates ([CVE-2023-0465]) @@ -1434,6 +1436,7 @@ OpenSSL 0.9.x * Support for various new platforms <!-- Links --> +[CVE-2023-1255]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-1255 [CVE-2023-0466]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0466 [CVE-2023-0465]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0465 [CVE-2023-0464]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0464 --- a/crypto/aes/asm/aesv8-armx.pl +++ b/crypto/aes/asm/aesv8-armx.pl @@ -3353,7 +3353,7 @@ $code.=<<___ if ($flavour =~ /64/); .align 4 .Lxts_dec_tail4x: add $inp,$inp,#16 - vld1.32 {$dat0},[$inp],#16 + tst $tailcnt,#0xf veor $tmp1,$dat1,$tmp0 vst1.8 {$tmp1},[$out],#16 veor $tmp2,$dat2,$tmp2 @@ -3362,6 +3362,8 @@ $code.=<<___ if ($flavour =~ /64/); veor $tmp4,$dat4,$tmp4 vst1.8 {$tmp3-$tmp4},[$out],#32 + b.eq .Lxts_dec_abort + vld1.32 {$dat0},[$inp],#16 b .Lxts_done .align 4 .Lxts_outer_dec_tail:
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor