85 lines
3.1 KiB
Diff
85 lines
3.1 KiB
Diff
From 72dfe46550ee1f1bbfacd49f071419365bc23304 Mon Sep 17 00:00:00 2001
|
|
From: Tomas Mraz <tomas@openssl.org>
|
|
Date: Mon, 17 Apr 2023 16:51:20 +0200
|
|
Subject: [PATCH] aesv8-armx.pl: Avoid buffer overrread in AES-XTS decryption
|
|
|
|
Original author: Nevine Ebeid (Amazon)
|
|
Fixes: CVE-2023-1255
|
|
|
|
The buffer overread happens on decrypts of 4 mod 5 sizes.
|
|
Unless the memory just after the buffer is unmapped this is harmless.
|
|
|
|
Reviewed-by: Paul Dale <pauli@openssl.org>
|
|
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
|
|
(Merged from https://github.com/openssl/openssl/pull/20759)
|
|
---
|
|
CHANGES.md | 10 ++++++++++
|
|
NEWS.md | 3 +++
|
|
crypto/aes/asm/aesv8-armx.pl | 4 +++-
|
|
3 files changed, 16 insertions(+), 1 deletion(-)
|
|
|
|
--- a/CHANGES.md
|
|
+++ b/CHANGES.md
|
|
@@ -30,6 +30,15 @@ breaking changes, and mappings for the l
|
|
|
|
### Changes between 3.0.7 and 3.0.8 [7 Feb 2023]
|
|
|
|
+ * Fixed buffer overread in AES-XTS decryption on ARM 64 bit platforms which
|
|
+ happens if the buffer size is 4 mod 5. This can trigger a crash of an
|
|
+ application using AES-XTS decryption if the memory just after the buffer
|
|
+ being decrypted is not mapped.
|
|
+ Thanks to Anton Romanov (Amazon) for discovering the issue.
|
|
+ ([CVE-2023-1255])
|
|
+
|
|
+ *Nevine Ebeid*
|
|
+
|
|
* Corrected documentation of X509_VERIFY_PARAM_add0_policy() to mention
|
|
that it does not enable policy checking. Thanks to David Benjamin for
|
|
discovering this issue.
|
|
@@ -19604,6 +19613,7 @@ ndif
|
|
|
|
<!-- Links -->
|
|
|
|
+[CVE-2023-1255]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-1255
|
|
[CVE-2023-0466]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0466
|
|
[CVE-2023-0465]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0465
|
|
[CVE-2023-0464]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0464
|
|
--- a/NEWS.md
|
|
+++ b/NEWS.md
|
|
@@ -20,6 +20,8 @@ OpenSSL 3.0
|
|
|
|
### Major changes between OpenSSL 3.0.7 and OpenSSL 3.0.8 [7 Feb 2023]
|
|
|
|
+ * Fixed buffer overread in AES-XTS decryption on ARM 64 bit platforms
|
|
+ ([CVE-2023-1255])
|
|
* Fixed documentation of X509_VERIFY_PARAM_add0_policy() ([CVE-2023-0466])
|
|
* Fixed handling of invalid certificate policies in leaf certificates
|
|
([CVE-2023-0465])
|
|
@@ -1434,6 +1436,7 @@ OpenSSL 0.9.x
|
|
* Support for various new platforms
|
|
|
|
<!-- Links -->
|
|
+[CVE-2023-1255]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-1255
|
|
[CVE-2023-0466]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0466
|
|
[CVE-2023-0465]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0465
|
|
[CVE-2023-0464]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0464
|
|
--- a/crypto/aes/asm/aesv8-armx.pl
|
|
+++ b/crypto/aes/asm/aesv8-armx.pl
|
|
@@ -3353,7 +3353,7 @@ $code.=<<___ if ($flavour =~ /64/);
|
|
.align 4
|
|
.Lxts_dec_tail4x:
|
|
add $inp,$inp,#16
|
|
- vld1.32 {$dat0},[$inp],#16
|
|
+ tst $tailcnt,#0xf
|
|
veor $tmp1,$dat1,$tmp0
|
|
vst1.8 {$tmp1},[$out],#16
|
|
veor $tmp2,$dat2,$tmp2
|
|
@@ -3362,6 +3362,8 @@ $code.=<<___ if ($flavour =~ /64/);
|
|
veor $tmp4,$dat4,$tmp4
|
|
vst1.8 {$tmp3-$tmp4},[$out],#32
|
|
|
|
+ b.eq .Lxts_dec_abort
|
|
+ vld1.32 {$dat0},[$inp],#16
|
|
b .Lxts_done
|
|
.align 4
|
|
.Lxts_outer_dec_tail:
|