!130 fix the CVE-2022-2097
From: @hzero1996 Reviewed-by: @zhujianwei001 Signed-off-by: @zhujianwei001
This commit is contained in:
openeuler-ci-bot
Gitee
commit
a7ca29f1dd
@ -0,0 +1,73 @@
|
||||
From 919925673d6c9cfed3c1085497f5dfbbed5fc431 Mon Sep 17 00:00:00 2001
|
||||
From: Alex Chernyakhovsky <achernya@google.com>
|
||||
Date: Thu, 16 Jun 2022 12:00:22 +1000
|
||||
Subject: [PATCH] Fix AES OCB encrypt/decrypt for x86 AES-NI
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
aesni_ocb_encrypt and aesni_ocb_decrypt operate by having a fast-path
|
||||
that performs operations on 6 16-byte blocks concurrently (the
|
||||
"grandloop") and then proceeds to handle the "short" tail (which can
|
||||
be anywhere from 0 to 5 blocks) that remain.
|
||||
|
||||
As part of initialization, the assembly initializes $len to the true
|
||||
length, less 96 bytes and converts it to a pointer so that the $inp
|
||||
can be compared to it. Each iteration of "grandloop" checks to see if
|
||||
there's a full 96-byte chunk to process, and if so, continues. Once
|
||||
this has been exhausted, it falls through to "short", which handles
|
||||
the remaining zero to five blocks.
|
||||
|
||||
Unfortunately, the jump at the end of "grandloop" had a fencepost
|
||||
error, doing a `jb` ("jump below") rather than `jbe` (jump below or
|
||||
equal). This should be `jbe`, as $inp is pointing to the *end* of the
|
||||
chunk currently being handled. If $inp == $len, that means that
|
||||
there's a whole 96-byte chunk waiting to be handled. If $inp > $len,
|
||||
then there's 5 or fewer 16-byte blocks left to be handled, and the
|
||||
fall-through is intended.
|
||||
|
||||
The net effect of `jb` instead of `jbe` is that the last 16-byte block
|
||||
of the last 96-byte chunk was completely omitted. The contents of
|
||||
`out` in this position were never written to. Additionally, since
|
||||
those bytes were never processed, the authentication tag generated is
|
||||
also incorrect.
|
||||
|
||||
The same fencepost error, and identical logic, exists in both
|
||||
aesni_ocb_encrypt and aesni_ocb_decrypt.
|
||||
|
||||
This addresses CVE-2022-2097.
|
||||
|
||||
Co-authored-by: Alejandro Sedeño <asedeno@google.com>
|
||||
Co-authored-by: David Benjamin <davidben@google.com>
|
||||
|
||||
Reviewed-by: Paul Dale <pauli@openssl.org>
|
||||
Reviewed-by: Tomas Mraz <tomas@openssl.org>
|
||||
---
|
||||
crypto/aes/asm/aesni-x86.pl | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/crypto/aes/asm/aesni-x86.pl b/crypto/aes/asm/aesni-x86.pl
|
||||
index fe2b265..812758e 100644
|
||||
--- a/crypto/aes/asm/aesni-x86.pl
|
||||
+++ b/crypto/aes/asm/aesni-x86.pl
|
||||
@@ -2027,7 +2027,7 @@ my ($l_,$block,$i1,$i3,$i5) = ($rounds_,$key_,$rounds,$len,$out);
|
||||
&movdqu (&QWP(-16*2,$out,$inp),$inout4);
|
||||
&movdqu (&QWP(-16*1,$out,$inp),$inout5);
|
||||
&cmp ($inp,$len); # done yet?
|
||||
- &jb (&label("grandloop"));
|
||||
+ &jbe (&label("grandloop"));
|
||||
|
||||
&set_label("short");
|
||||
&add ($len,16*6);
|
||||
@@ -2453,7 +2453,7 @@ my ($l_,$block,$i1,$i3,$i5) = ($rounds_,$key_,$rounds,$len,$out);
|
||||
&pxor ($rndkey1,$inout5);
|
||||
&movdqu (&QWP(-16*1,$out,$inp),$inout5);
|
||||
&cmp ($inp,$len); # done yet?
|
||||
- &jb (&label("grandloop"));
|
||||
+ &jbe (&label("grandloop"));
|
||||
|
||||
&set_label("short");
|
||||
&add ($len,16*6);
|
||||
--
|
||||
1.8.3.1
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
Name: openssl
|
||||
Epoch: 1
|
||||
Version: 1.1.1m
|
||||
Release: 5
|
||||
Release: 6
|
||||
Summary: Cryptography and SSL/TLS Toolkit
|
||||
License: OpenSSL and SSLeay
|
||||
URL: https://www.openssl.org/
|
||||
@ -31,6 +31,7 @@ Patch20: Backport-ct_test.c-Update-the-epoch-time.patch
|
||||
Patch21: Feature-Support-TLCP-protocol.patch
|
||||
Patch22: Feature-X509-command-supports-SM2-certificate-signing-with-default-sm2id.patch
|
||||
Patch23: CVE-2022-2068-Fix-file-operations-in-c_rehash.patch
|
||||
Patch24: CVE-2022-2097-Fix-AES-OCB-encrypt-decrypt-for-x86-AES-NI.patch
|
||||
|
||||
BuildRequires: gcc perl make lksctp-tools-devel coreutils util-linux zlib-devel
|
||||
Requires: coreutils %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
|
||||
@ -227,6 +228,9 @@ make test || :
|
||||
%ldconfig_scriptlets libs
|
||||
|
||||
%changelog
|
||||
* Tue Jul 12 2022 wangcheng <wangcheng156@huawei.com> - 1:1.1.1m-6
|
||||
- fix CVE-2022-2097
|
||||
|
||||
* Thu Jun 30 2022 wangcheng <wangcheng156@huawei.com> - 1:1.1.1m-5
|
||||
- fix CVE-2022-2068
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user