diff options
author | Tomas Mraz <tomas@openssl.org> | 2023-09-08 15:35:22 +0200 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2023-09-11 10:46:57 +0200 |
commit | ed65a9c52a861e838af60ae7e17eef7887e93e78 (patch) | |
tree | 051c70394012ba038866d23ab1380a119e65a1ec | |
parent | d0ce81ae1a8f78fa1351cb79a50902af4169b80a (diff) |
Add CVE-2023-4807 fix to CHANGES and NEWS
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22034)
-rw-r--r-- | CHANGES | 22 | ||||
-rw-r--r-- | NEWS | 3 |
2 files changed, 23 insertions, 2 deletions
@@ -9,7 +9,27 @@ Changes between 1.1.1v and 1.1.1w [xx XXX xxxx] - *) + *) Fix POLY1305 MAC implementation corrupting XMM registers on Windows. + + The POLY1305 MAC (message authentication code) implementation in OpenSSL + does not save the contents of non-volatile XMM registers on Windows 64 + platform when calculating the MAC of data larger than 64 bytes. Before + returning to the caller all the XMM registers are set to zero rather than + restoring their previous content. The vulnerable code is used only on newer + x86_64 processors supporting the AVX512-IFMA instructions. + + The consequences of this kind of internal application state corruption can + be various - from no consequences, if the calling application does not + depend on the contents of non-volatile XMM registers at all, to the worst + consequences, where the attacker could get complete control of the + application process. However given the contents of the registers are just + zeroized so the attacker cannot put arbitrary values inside, the most likely + consequence, if any, would be an incorrect result of some application + dependent calculations or a crash leading to a denial of service. + + (CVE-2023-4807) + [Bernd Edlinger] + Changes between 1.1.1u and 1.1.1v [1 Aug 2023] @@ -7,7 +7,8 @@ Major changes between OpenSSL 1.1.1v and OpenSSL 1.1.1w [under development] - o + o Fix POLY1305 MAC implementation corrupting XMM registers on Windows + (CVE-2023-4807) Major changes between OpenSSL 1.1.1u and OpenSSL 1.1.1v [1 Aug 2023] |