]> git.ipfire.org Git - thirdparty/openssl.git/commit
projects / thirdparty / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 84f73f7) | patch
Fix OCB AES-NI/HW stream path unauthenticated/unencrypted trailing bytes
authorNorbert Pocs <norbertp@openssl.org>
Thu, 8 Jan 2026 14:04:54 +0000 (15:04 +0100)
committerTomas Mraz <tomas@openssl.org>
Mon, 26 Jan 2026 19:47:37 +0000 (20:47 +0100)
commitbe9375d5d45dfaf897b56ef148a0b58402491fcb
treee0f75682d3ec7836dfbe83995a545c0897d2022btree | snapshot
parent84f73f79af9f69c1527a9a372b7a9e771a394c2acommit | diff
Fix OCB AES-NI/HW stream path unauthenticated/unencrypted trailing bytes

When ctx->stream (e.g., AES‑NI or ARMv8 CE) is available, the fast path
encrypts/decrypts full blocks but does not advance in/out pointers. The
tail-handling code then operates on the base pointers, effectively reprocessing
the beginning of the buffer while leaving the actual trailing bytes
unencrypted (encryption) or using the wrong plaintext (decryption). The
authentication checksum excludes the true tail.

CVE-2025-69418

Fixes: https://github.com/openssl/srt/issues/58
Signed-off-by: Norbert Pocs <norbertp@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Mon Jan 26 19:48:35 2026
crypto/modes/ocb128.c diff | blob | blame | history
Mirror of https://github.com/openssl/openssl.git