Loading pkgs/development/libraries/openssl/1.1/CVE-2023-4807.patch 0 → 100644 +44 −0 Original line number Diff line number Diff line From 4bfac4471f53c4f74c8d81020beb938f92d84ca5 Mon Sep 17 00:00:00 2001 From: Bernd Edlinger <bernd.edlinger@hotmail.de> Date: Tue, 22 Aug 2023 16:07:30 +0200 Subject: [PATCH] Avoid clobbering non-volatile XMM registers This affects some Poly1305 assembler functions which are only used for certain CPU types. Remove those functions for Windows targets, as a simple interim solution. Fixes #21522 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21808) (cherry picked from commit 7b8e27bc2e02238986d89ef0ece067ec1b48e165) --- crypto/poly1305/asm/poly1305-x86_64.pl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/poly1305/asm/poly1305-x86_64.pl b/crypto/poly1305/asm/poly1305-x86_64.pl index fa9bfb7a7b81..24bab9d0bcf9 100755 --- a/crypto/poly1305/asm/poly1305-x86_64.pl +++ b/crypto/poly1305/asm/poly1305-x86_64.pl @@ -195,7 +195,7 @@ sub poly1305_iteration { bt \$`5+32`,%r9 # AVX2? cmovc %rax,%r10 ___ -$code.=<<___ if ($avx>3); +$code.=<<___ if ($avx>3 && !$win64); mov \$`(1<<31|1<<21|1<<16)`,%rax shr \$32,%r9 and %rax,%r9 @@ -2724,7 +2724,7 @@ sub poly1305_iteration { .cfi_endproc .size poly1305_blocks_avx512,.-poly1305_blocks_avx512 ___ -if ($avx>3) { +if ($avx>3 && !$win64) { ######################################################################## # VPMADD52 version using 2^44 radix. # pkgs/development/libraries/openssl/default.nix +3 −0 Original line number Diff line number Diff line Loading @@ -241,6 +241,9 @@ in { patches = [ ./1.1/nix-ssl-cert-file.patch # https://www.openssl.org/news/secadv/20230908.txt ./1.1/CVE-2023-4807.patch (if stdenv.hostPlatform.isDarwin then ./use-etc-ssl-certs-darwin.patch else ./use-etc-ssl-certs.patch) Loading Loading
pkgs/development/libraries/openssl/1.1/CVE-2023-4807.patch 0 → 100644 +44 −0 Original line number Diff line number Diff line From 4bfac4471f53c4f74c8d81020beb938f92d84ca5 Mon Sep 17 00:00:00 2001 From: Bernd Edlinger <bernd.edlinger@hotmail.de> Date: Tue, 22 Aug 2023 16:07:30 +0200 Subject: [PATCH] Avoid clobbering non-volatile XMM registers This affects some Poly1305 assembler functions which are only used for certain CPU types. Remove those functions for Windows targets, as a simple interim solution. Fixes #21522 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21808) (cherry picked from commit 7b8e27bc2e02238986d89ef0ece067ec1b48e165) --- crypto/poly1305/asm/poly1305-x86_64.pl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/poly1305/asm/poly1305-x86_64.pl b/crypto/poly1305/asm/poly1305-x86_64.pl index fa9bfb7a7b81..24bab9d0bcf9 100755 --- a/crypto/poly1305/asm/poly1305-x86_64.pl +++ b/crypto/poly1305/asm/poly1305-x86_64.pl @@ -195,7 +195,7 @@ sub poly1305_iteration { bt \$`5+32`,%r9 # AVX2? cmovc %rax,%r10 ___ -$code.=<<___ if ($avx>3); +$code.=<<___ if ($avx>3 && !$win64); mov \$`(1<<31|1<<21|1<<16)`,%rax shr \$32,%r9 and %rax,%r9 @@ -2724,7 +2724,7 @@ sub poly1305_iteration { .cfi_endproc .size poly1305_blocks_avx512,.-poly1305_blocks_avx512 ___ -if ($avx>3) { +if ($avx>3 && !$win64) { ######################################################################## # VPMADD52 version using 2^44 radix. #
pkgs/development/libraries/openssl/default.nix +3 −0 Original line number Diff line number Diff line Loading @@ -241,6 +241,9 @@ in { patches = [ ./1.1/nix-ssl-cert-file.patch # https://www.openssl.org/news/secadv/20230908.txt ./1.1/CVE-2023-4807.patch (if stdenv.hostPlatform.isDarwin then ./use-etc-ssl-certs-darwin.patch else ./use-etc-ssl-certs.patch) Loading
