Skip to content

Commit bc2f61a

Browse files
t8mt8m
committed
aesv8-armx.pl: Avoid buffer overrread in AES-XTS decryption
Original author: Nevine Ebeid (Amazon) Fixes: CVE-2023-1255 The buffer overread happens on decrypts of 4 mod 5 sizes. Unless the memory just after the buffer is unmapped this is harmless. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from #20759) (cherry picked from commit 72dfe46)
1 parent 54be1fe commit bc2f61a

File tree

3 files changed

+16
-1
lines changed

3 files changed

+16
-1
lines changed

CHANGES.md

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,15 @@ OpenSSL 3.1
2424

2525
### Changes between 3.1.0 and 3.1.1 [xx XXX xxxx]
2626

27+
* Fixed buffer overread in AES-XTS decryption on ARM 64 bit platforms which
28+
happens if the buffer size is 4 mod 5. This can trigger a crash of an
29+
application using AES-XTS decryption if the memory just after the buffer
30+
being decrypted is not mapped.
31+
Thanks to Anton Romanov (Amazon) for discovering the issue.
32+
([CVE-2023-1255])
33+
34+
*Nevine Ebeid*
35+
2736
* Reworked the Fix for the Timing Oracle in RSA Decryption ([CVE-2022-4304]).
2837
The previous fix for this timing side channel turned out to cause
2938
a severe 2-3x performance regression in the typical use case
@@ -19724,6 +19733,7 @@ ndif
1972419733

1972519734
<!-- Links -->
1972619735

19736+
[CVE-2023-1255]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-1255
1972719737
[CVE-2023-0466]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0466
1972819738
[CVE-2023-0465]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0465
1972919739
[CVE-2023-0464]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0464

NEWS.md

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,8 @@ OpenSSL 3.1
2121

2222
### Major changes between OpenSSL 3.1.0 and OpenSSL 3.1.1 [under development]
2323

24+
* Fixed buffer overread in AES-XTS decryption on ARM 64 bit platforms
25+
([CVE-2023-1255])
2426
* Fixed documentation of X509_VERIFY_PARAM_add0_policy() ([CVE-2023-0466])
2527
* Fixed handling of invalid certificate policies in leaf certificates
2628
([CVE-2023-0465])
@@ -1449,6 +1451,7 @@ OpenSSL 0.9.x
14491451
* Support for various new platforms
14501452

14511453
<!-- Links -->
1454+
[CVE-2023-1255]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-1255
14521455
[CVE-2023-0466]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0466
14531456
[CVE-2023-0465]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0465
14541457
[CVE-2023-0464]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0464

crypto/aes/asm/aesv8-armx.pl

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3367,7 +3367,7 @@ ()
33673367
.align 4
33683368
.Lxts_dec_tail4x:
33693369
add $inp,$inp,#16
3370-
vld1.32 {$dat0},[$inp],#16
3370+
tst $tailcnt,#0xf
33713371
veor $tmp1,$dat1,$tmp0
33723372
vst1.8 {$tmp1},[$out],#16
33733373
veor $tmp2,$dat2,$tmp2
@@ -3376,6 +3376,8 @@ ()
33763376
veor $tmp4,$dat4,$tmp4
33773377
vst1.8 {$tmp3-$tmp4},[$out],#32
33783378
3379+
b.eq .Lxts_dec_abort
3380+
vld1.32 {$dat0},[$inp],#16
33793381
b .Lxts_done
33803382
.align 4
33813383
.Lxts_outer_dec_tail:

0 commit comments

Comments
 (0)