Input buffer over-read in AES-XTS implementation on 64 bit ARM

Resolves: rhbz#2188554
2023-04-21 12:33:25 +02:00 · 2023-04-21 12:33:25 +02:00 · 7680abf05d
commit 7680abf05d
parent 4999352324
2 changed files with 27 additions and 1 deletions
--- a/0118-CVE-2023-1255.patch
+++ b/0118-CVE-2023-1255.patch
@ -0,0 +1,20 @@
+--- a/crypto/aes/asm/aesv8-armx.pl
+++ b/crypto/aes/asm/aesv8-armx.pl
+@@ -3353,7 +3353,7 @@ $code.=<<___	if ($flavour =~ /64/);
+ .align	4
+ .Lxts_dec_tail4x:
+ 	add	$inp,$inp,#16
+-	vld1.32	{$dat0},[$inp],#16
+	tst	$tailcnt,#0xf
+ 	veor	$tmp1,$dat1,$tmp0
+ 	vst1.8	{$tmp1},[$out],#16
+ 	veor	$tmp2,$dat2,$tmp2
+@@ -3362,6 +3362,8 @@ $code.=<<___	if ($flavour =~ /64/);
+ 	veor	$tmp4,$dat4,$tmp4
+ 	vst1.8	{$tmp3-$tmp4},[$out],#32
+ 
+	b.eq	.Lxts_dec_abort
+	vld1.32	{$dat0},[$inp],#16
+ 	b	.Lxts_done
+ .align	4
+ .Lxts_outer_dec_tail:
--- a/openssl.spec
+++ b/openssl.spec
@ -29,7 +29,7 @@ print(string.sub(hash, 0, 16))
 Summary: Utilities from the general purpose cryptography library with TLS implementation
 Name: openssl
 Version: 3.0.7
-Release: 13%{?dist}
+Release: 14%{?dist}
 Epoch: 1
 # We have to remove certain patented algorithms from the openssl source
 # tarball with the hobble-openssl script which is included below.
@ -184,6 +184,8 @@ Patch114: 0114-FIPS-enforce-EMS-support.patch
 Patch115: 0115-CVE-2023-0464.patch
 Patch116: 0116-CVE-2023-0465.patch
 Patch117: 0117-CVE-2023-0466.patch
+# AES-XTS CVE
+Patch118: 0118-CVE-2023-1255.patch

 License: ASL 2.0
 URL: http://www.openssl.org/
@ -514,6 +516,10 @@ install -m644 %{SOURCE9} \
 %ldconfig_scriptlets libs

 %changelog
+* Fri Apr 21 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-14
+- Input buffer over-read in AES-XTS implementation on 64 bit ARM
+  Resolves: rhbz#2188554
+
 * Tue Apr 18 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-13
 - Enforce using EMS in FIPS mode
  Resolves: rhbz#2157951