[openssl/openssl] 02ac9c: aesv8-armx.pl: Avoid buffer overrread in AES-XTS d...

Tomáš Mráz noreply at github.com
Thu Apr 20 15:53:39 UTC 2023


  Branch: refs/heads/openssl-3.0
  Home:   https://github.com/openssl/openssl
  Commit: 02ac9c9420275868472f33b01def01218742b8bb
      https://github.com/openssl/openssl/commit/02ac9c9420275868472f33b01def01218742b8bb
  Author: Tomas Mraz <tomas at openssl.org>
  Date:   2023-04-20 (Thu, 20 Apr 2023)

  Changed paths:
    M CHANGES.md
    M NEWS.md
    M crypto/aes/asm/aesv8-armx.pl

  Log Message:
  -----------
  aesv8-armx.pl: Avoid buffer overrread in AES-XTS decryption

Original author: Nevine Ebeid (Amazon)
Fixes: CVE-2023-1255

The buffer overread happens on decrypts of 4 mod 5 sizes.
Unless the memory just after the buffer is unmapped this is harmless.

Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove at arm.com>
(Merged from https://github.com/openssl/openssl/pull/20759)

(cherry picked from commit 72dfe46550ee1f1bbfacd49f071419365bc23304)




More information about the openssl-commits mailing list