Loading pkgs/development/libraries/openssl/1.1/CVE-2023-4807.patchdeleted 100644 → 0 +0 −44 Original line number Diff line number Diff line From 4bfac4471f53c4f74c8d81020beb938f92d84ca5 Mon Sep 17 00:00:00 2001 From: Bernd Edlinger <bernd.edlinger@hotmail.de> Date: Tue, 22 Aug 2023 16:07:30 +0200 Subject: [PATCH] Avoid clobbering non-volatile XMM registers This affects some Poly1305 assembler functions which are only used for certain CPU types. Remove those functions for Windows targets, as a simple interim solution. Fixes #21522 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21808) (cherry picked from commit 7b8e27bc2e02238986d89ef0ece067ec1b48e165) --- crypto/poly1305/asm/poly1305-x86_64.pl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/poly1305/asm/poly1305-x86_64.pl b/crypto/poly1305/asm/poly1305-x86_64.pl index fa9bfb7a7b81..24bab9d0bcf9 100755 --- a/crypto/poly1305/asm/poly1305-x86_64.pl +++ b/crypto/poly1305/asm/poly1305-x86_64.pl @@ -195,7 +195,7 @@ sub poly1305_iteration { bt \$`5+32`,%r9 # AVX2? cmovc %rax,%r10 ___ -$code.=<<___ if ($avx>3); +$code.=<<___ if ($avx>3 && !$win64); mov \$`(1<<31|1<<21|1<<16)`,%rax shr \$32,%r9 and %rax,%r9 @@ -2724,7 +2724,7 @@ sub poly1305_iteration { .cfi_endproc .size poly1305_blocks_avx512,.-poly1305_blocks_avx512 ___ -if ($avx>3) { +if ($avx>3 && !$win64) { ######################################################################## # VPMADD52 version using 2^44 radix. # pkgs/development/libraries/openssl/default.nix +2 −5 Original line number Diff line number Diff line Loading @@ -236,14 +236,11 @@ in { # the permitted insecure version to ensure it gets cached for our users # and backport this to stable release (23.05). openssl_1_1 = common { version = "1.1.1v"; sha256 = "sha256-1ml+KHHncjhGBALpNi1H0YOCsV758karpse9eA04prA="; version = "1.1.1w"; sha256 = "sha256-zzCYlQy02FOtlcCEHx+cbT3BAtzPys1SHZOSUgi3asg="; patches = [ ./1.1/nix-ssl-cert-file.patch # https://www.openssl.org/news/secadv/20230908.txt ./1.1/CVE-2023-4807.patch (if stdenv.hostPlatform.isDarwin then ./use-etc-ssl-certs-darwin.patch else ./use-etc-ssl-certs.patch) Loading pkgs/top-level/release.nix +1 −1 Original line number Diff line number Diff line Loading @@ -26,7 +26,7 @@ # for no real reason. # Remove them for 23.11. "nodejs-16.20.2" "openssl-1.1.1v" "openssl-1.1.1w" ]; }; } }: Loading Loading
pkgs/development/libraries/openssl/1.1/CVE-2023-4807.patchdeleted 100644 → 0 +0 −44 Original line number Diff line number Diff line From 4bfac4471f53c4f74c8d81020beb938f92d84ca5 Mon Sep 17 00:00:00 2001 From: Bernd Edlinger <bernd.edlinger@hotmail.de> Date: Tue, 22 Aug 2023 16:07:30 +0200 Subject: [PATCH] Avoid clobbering non-volatile XMM registers This affects some Poly1305 assembler functions which are only used for certain CPU types. Remove those functions for Windows targets, as a simple interim solution. Fixes #21522 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21808) (cherry picked from commit 7b8e27bc2e02238986d89ef0ece067ec1b48e165) --- crypto/poly1305/asm/poly1305-x86_64.pl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/poly1305/asm/poly1305-x86_64.pl b/crypto/poly1305/asm/poly1305-x86_64.pl index fa9bfb7a7b81..24bab9d0bcf9 100755 --- a/crypto/poly1305/asm/poly1305-x86_64.pl +++ b/crypto/poly1305/asm/poly1305-x86_64.pl @@ -195,7 +195,7 @@ sub poly1305_iteration { bt \$`5+32`,%r9 # AVX2? cmovc %rax,%r10 ___ -$code.=<<___ if ($avx>3); +$code.=<<___ if ($avx>3 && !$win64); mov \$`(1<<31|1<<21|1<<16)`,%rax shr \$32,%r9 and %rax,%r9 @@ -2724,7 +2724,7 @@ sub poly1305_iteration { .cfi_endproc .size poly1305_blocks_avx512,.-poly1305_blocks_avx512 ___ -if ($avx>3) { +if ($avx>3 && !$win64) { ######################################################################## # VPMADD52 version using 2^44 radix. #
pkgs/development/libraries/openssl/default.nix +2 −5 Original line number Diff line number Diff line Loading @@ -236,14 +236,11 @@ in { # the permitted insecure version to ensure it gets cached for our users # and backport this to stable release (23.05). openssl_1_1 = common { version = "1.1.1v"; sha256 = "sha256-1ml+KHHncjhGBALpNi1H0YOCsV758karpse9eA04prA="; version = "1.1.1w"; sha256 = "sha256-zzCYlQy02FOtlcCEHx+cbT3BAtzPys1SHZOSUgi3asg="; patches = [ ./1.1/nix-ssl-cert-file.patch # https://www.openssl.org/news/secadv/20230908.txt ./1.1/CVE-2023-4807.patch (if stdenv.hostPlatform.isDarwin then ./use-etc-ssl-certs-darwin.patch else ./use-etc-ssl-certs.patch) Loading
pkgs/top-level/release.nix +1 −1 Original line number Diff line number Diff line Loading @@ -26,7 +26,7 @@ # for no real reason. # Remove them for 23.11. "nodejs-16.20.2" "openssl-1.1.1v" "openssl-1.1.1w" ]; }; } }: Loading
