Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 3 May 2016 20:17:52 +0200
From: Gsunde Orangen <gsunde.orangen@...il.com>
To: oss-security@...ts.openwall.com
Subject: Re: OpenSSL Security Advisory [3rd May 2016]

Thanks, Alexander & agreed - and the "official" OpenSSL changelog
confirms that AES-NI support was introduced with 1.0.1:

https://www.openssl.org/news/changelog.html#x22
Changes between 1.0.0h and 1.0.1  [14 Mar 2012]:
*) Extensive assembler packs updates, most notably:
 - x86[_64]: AES-NI, ...

On 03.05.2016, 19:35 Solar Designer wrote:
> On Tue, May 03, 2016 at 06:52:43PM +0200, Gsunde Orangen wrote:
>> * Padding oracle in AES-NI CBC MAC check (CVE-2016-2107)
>> The advisory says: "This issue was introduced as part of the fix for
>> Lucky 13 padding attack (CVE-2013-0169)".
>> So the following versions should be affected (ref.
>> https://openssl.org/news/vulnerabilities.html#y2013):
>>  - 1.0.2 through 1.02g
>>  - 1.0.1d through 1.0.1s
>>  - 1.0.0k and all later versions
>>  - 0.9.8y and all later versions
> 
> You're assuming that all versions with the fix for CVE-2013-0169 are
> affected, but the description also says that the new bug is in AES-NI
> specific code.  AES-NI support appears to be missing in 1.0.0 and older.
> I've just tried grepping 1.0.0t for aesenc (one of the AES-NI mnemonics,
> present in the 1.0.1 tree) - it isn't in there.
> 
> Alexander
> 

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.