From 39907e875b07e962a795a7c0b4aae42adb9199c7 Mon Sep 17 00:00:00 2001 From: emmmmtang Date: Thu, 7 Jul 2022 11:00:39 +0800 Subject: [PATCH] r1.8 fix openssl CVE-2022-2097 --- cmake/external_libs/openssl.cmake | 4 ++++ third_party/patch/openssl/CVE-2022-2097.patch | 22 +++++++++++++++++++ 2 files changed, 26 insertions(+) create mode 100644 third_party/patch/openssl/CVE-2022-2097.patch diff --git a/cmake/external_libs/openssl.cmake b/cmake/external_libs/openssl.cmake index ce07507032a..dad9f12fdb9 100644 --- a/cmake/external_libs/openssl.cmake +++ b/cmake/external_libs/openssl.cmake @@ -29,6 +29,7 @@ if(BUILD_LITE) PATCHES ${OPENSSL_PATCH_ROOT}/CVE-2021-3711.patch PATCHES ${OPENSSL_PATCH_ROOT}/CVE-2021-3712.patch PATCHES ${OPENSSL_PATCH_ROOT}/CVE-2022-0778.patch + PATCHES ${OPENSSL_PATCH_ROOT}/CVE-2022-2097.patch ) elseif(PLATFORM_ARM32 AND ANDROID_NDK_TOOLCHAIN_INCLUDED) set(openssl_USE_STATIC_LIBS OFF) @@ -46,6 +47,7 @@ if(BUILD_LITE) PATCHES ${OPENSSL_PATCH_ROOT}/CVE-2021-3711.patch PATCHES ${OPENSSL_PATCH_ROOT}/CVE-2021-3712.patch PATCHES ${OPENSSL_PATCH_ROOT}/CVE-2022-0778.patch + PATCHES ${OPENSSL_PATCH_ROOT}/CVE-2022-2097.patch ) elseif(${CMAKE_SYSTEM_NAME} MATCHES "Linux" OR APPLE) set(openssl_CFLAGS -fvisibility=hidden) @@ -58,6 +60,7 @@ if(BUILD_LITE) PATCHES ${OPENSSL_PATCH_ROOT}/CVE-2021-3711.patch PATCHES ${OPENSSL_PATCH_ROOT}/CVE-2021-3712.patch PATCHES ${OPENSSL_PATCH_ROOT}/CVE-2022-0778.patch + PATCHES ${OPENSSL_PATCH_ROOT}/CVE-2022-2097.patch ) else() MESSAGE(FATAL_ERROR "openssl does not support compilation for the current environment.") @@ -77,6 +80,7 @@ else() PATCHES ${OPENSSL_PATCH_ROOT}/CVE-2021-3711.patch PATCHES ${OPENSSL_PATCH_ROOT}/CVE-2021-3712.patch PATCHES ${OPENSSL_PATCH_ROOT}/CVE-2022-0778.patch + PATCHES ${OPENSSL_PATCH_ROOT}/CVE-2022-2097.patch ) include_directories(${openssl_INC}) add_library(mindspore::ssl ALIAS openssl::ssl) diff --git a/third_party/patch/openssl/CVE-2022-2097.patch b/third_party/patch/openssl/CVE-2022-2097.patch new file mode 100644 index 00000000000..0bc4a3ab17b --- /dev/null +++ b/third_party/patch/openssl/CVE-2022-2097.patch @@ -0,0 +1,22 @@ +diff --git a/crypto/aes/asm/aesni-x86.pl b/crypto/aes/asm/aesni-x86.pl +index fe2b26542a..812758e02e 100644 +--- a/crypto/aes/asm/aesni-x86.pl ++++ b/crypto/aes/asm/aesni-x86.pl +@@ -2027,7 +2027,7 @@ my ($l_,$block,$i1,$i3,$i5) = ($rounds_,$key_,$rounds,$len,$out); + &movdqu (&QWP(-16*2,$out,$inp),$inout4); + &movdqu (&QWP(-16*1,$out,$inp),$inout5); + &cmp ($inp,$len); # done yet? +- &jb (&label("grandloop")); ++ &jbe (&label("grandloop")); + + &set_label("short"); + &add ($len,16*6); +@@ -2453,7 +2453,7 @@ my ($l_,$block,$i1,$i3,$i5) = ($rounds_,$key_,$rounds,$len,$out); + &pxor ($rndkey1,$inout5); + &movdqu (&QWP(-16*1,$out,$inp),$inout5); + &cmp ($inp,$len); # done yet? +- &jb (&label("grandloop")); ++ &jbe (&label("grandloop")); + + &set_label("short"); + &add ($len,16*6); \ No newline at end of file