r1.8 fix openssl CVE-2022-2097

This commit is contained in:
emmmmtang 2022-07-07 11:00:39 +08:00
parent 69aa258eb2
commit 39907e875b
2 changed files with 26 additions and 0 deletions

View File

@ -29,6 +29,7 @@ if(BUILD_LITE)
PATCHES ${OPENSSL_PATCH_ROOT}/CVE-2021-3711.patch PATCHES ${OPENSSL_PATCH_ROOT}/CVE-2021-3711.patch
PATCHES ${OPENSSL_PATCH_ROOT}/CVE-2021-3712.patch PATCHES ${OPENSSL_PATCH_ROOT}/CVE-2021-3712.patch
PATCHES ${OPENSSL_PATCH_ROOT}/CVE-2022-0778.patch PATCHES ${OPENSSL_PATCH_ROOT}/CVE-2022-0778.patch
PATCHES ${OPENSSL_PATCH_ROOT}/CVE-2022-2097.patch
) )
elseif(PLATFORM_ARM32 AND ANDROID_NDK_TOOLCHAIN_INCLUDED) elseif(PLATFORM_ARM32 AND ANDROID_NDK_TOOLCHAIN_INCLUDED)
set(openssl_USE_STATIC_LIBS OFF) set(openssl_USE_STATIC_LIBS OFF)
@ -46,6 +47,7 @@ if(BUILD_LITE)
PATCHES ${OPENSSL_PATCH_ROOT}/CVE-2021-3711.patch PATCHES ${OPENSSL_PATCH_ROOT}/CVE-2021-3711.patch
PATCHES ${OPENSSL_PATCH_ROOT}/CVE-2021-3712.patch PATCHES ${OPENSSL_PATCH_ROOT}/CVE-2021-3712.patch
PATCHES ${OPENSSL_PATCH_ROOT}/CVE-2022-0778.patch PATCHES ${OPENSSL_PATCH_ROOT}/CVE-2022-0778.patch
PATCHES ${OPENSSL_PATCH_ROOT}/CVE-2022-2097.patch
) )
elseif(${CMAKE_SYSTEM_NAME} MATCHES "Linux" OR APPLE) elseif(${CMAKE_SYSTEM_NAME} MATCHES "Linux" OR APPLE)
set(openssl_CFLAGS -fvisibility=hidden) set(openssl_CFLAGS -fvisibility=hidden)
@ -58,6 +60,7 @@ if(BUILD_LITE)
PATCHES ${OPENSSL_PATCH_ROOT}/CVE-2021-3711.patch PATCHES ${OPENSSL_PATCH_ROOT}/CVE-2021-3711.patch
PATCHES ${OPENSSL_PATCH_ROOT}/CVE-2021-3712.patch PATCHES ${OPENSSL_PATCH_ROOT}/CVE-2021-3712.patch
PATCHES ${OPENSSL_PATCH_ROOT}/CVE-2022-0778.patch PATCHES ${OPENSSL_PATCH_ROOT}/CVE-2022-0778.patch
PATCHES ${OPENSSL_PATCH_ROOT}/CVE-2022-2097.patch
) )
else() else()
MESSAGE(FATAL_ERROR "openssl does not support compilation for the current environment.") MESSAGE(FATAL_ERROR "openssl does not support compilation for the current environment.")
@ -77,6 +80,7 @@ else()
PATCHES ${OPENSSL_PATCH_ROOT}/CVE-2021-3711.patch PATCHES ${OPENSSL_PATCH_ROOT}/CVE-2021-3711.patch
PATCHES ${OPENSSL_PATCH_ROOT}/CVE-2021-3712.patch PATCHES ${OPENSSL_PATCH_ROOT}/CVE-2021-3712.patch
PATCHES ${OPENSSL_PATCH_ROOT}/CVE-2022-0778.patch PATCHES ${OPENSSL_PATCH_ROOT}/CVE-2022-0778.patch
PATCHES ${OPENSSL_PATCH_ROOT}/CVE-2022-2097.patch
) )
include_directories(${openssl_INC}) include_directories(${openssl_INC})
add_library(mindspore::ssl ALIAS openssl::ssl) add_library(mindspore::ssl ALIAS openssl::ssl)

View File

@ -0,0 +1,22 @@
diff --git a/crypto/aes/asm/aesni-x86.pl b/crypto/aes/asm/aesni-x86.pl
index fe2b26542a..812758e02e 100644
--- a/crypto/aes/asm/aesni-x86.pl
+++ b/crypto/aes/asm/aesni-x86.pl
@@ -2027,7 +2027,7 @@ my ($l_,$block,$i1,$i3,$i5) = ($rounds_,$key_,$rounds,$len,$out);
&movdqu (&QWP(-16*2,$out,$inp),$inout4);
&movdqu (&QWP(-16*1,$out,$inp),$inout5);
&cmp ($inp,$len); # done yet?
- &jb (&label("grandloop"));
+ &jbe (&label("grandloop"));
&set_label("short");
&add ($len,16*6);
@@ -2453,7 +2453,7 @@ my ($l_,$block,$i1,$i3,$i5) = ($rounds_,$key_,$rounds,$len,$out);
&pxor ($rndkey1,$inout5);
&movdqu (&QWP(-16*1,$out,$inp),$inout5);
&cmp ($inp,$len); # done yet?
- &jb (&label("grandloop"));
+ &jbe (&label("grandloop"));
&set_label("short");
&add ($len,16*6);