RUSTSEC-2022-0032: AES OCB fails to encrypt some bytes


> AES OCB fails to encrypt some bytes

| Details             |                                                |
| ------------------- | ---------------------------------------------- |
| Package             | `openssl-src`                      |
| Version             | `111.21.0+1.1.1p`                   |
| URL                 | [https://www.openssl.org/news/secadv/20220705.txt](https://www.openssl.org/news/secadv/20220705.txt) |
| Date                | 2022-07-05                         |
| Patched versions    | `>=111.22, <300.0,>=300.0.9`                  |

AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised
implementation will not encrypt the entirety of the data under some
circumstances.  This could reveal sixteen bytes of data that was
preexisting in the memory that wasn&#39;t written.  In the special case of
&quot;in place&quot; encryption, sixteen bytes of the plaintext would be revealed.

Since OpenSSL does not support OCB based cipher suites for TLS and DTLS,
they are both unaffected.

See [advisory page](https://rustsec.org/advisories/RUSTSEC-2022-0032.html) for additional details.


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

RUSTSEC-2022-0032: AES OCB fails to encrypt some bytes #276

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Details
Package	`openssl-src`
Version	`111.21.0+1.1.1p`
URL	https://www.openssl.org/news/secadv/20220705.txt
Date	2022-07-05
Patched versions	`>=111.22, <300.0,>=300.0.9`