diff --git a/pkgs/development/libraries/openssl/3.0/rsa-fix-bn_reduce_once_in_place-call-for-rsaz_mod_exp_avx512_x2.patch b/pkgs/development/libraries/openssl/3.0/rsa-fix-bn_reduce_once_in_place-call-for-rsaz_mod_exp_avx512_x2.patch deleted file mode 100644 index e144a7188897..000000000000 --- a/pkgs/development/libraries/openssl/3.0/rsa-fix-bn_reduce_once_in_place-call-for-rsaz_mod_exp_avx512_x2.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 4d8a88c134df634ba610ff8db1eb8478ac5fd345 Mon Sep 17 00:00:00 2001 -From: Xi Ruoyao -Date: Wed, 22 Jun 2022 18:07:05 +0800 -Subject: [PATCH] rsa: fix bn_reduce_once_in_place call for - rsaz_mod_exp_avx512_x2 - -bn_reduce_once_in_place expects the number of BN_ULONG, but factor_size -is moduli bit size. - -Fixes #18625. - -Signed-off-by: Xi Ruoyao - -Reviewed-by: Tomas Mraz -Reviewed-by: Paul Dale -(Merged from https://github.com/openssl/openssl/pull/18626) ---- - crypto/bn/rsaz_exp_x2.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/crypto/bn/rsaz_exp_x2.c b/crypto/bn/rsaz_exp_x2.c -index 6b04486e3f56..f979cebd6fb7 100644 ---- a/crypto/bn/rsaz_exp_x2.c -+++ b/crypto/bn/rsaz_exp_x2.c -@@ -257,6 +257,9 @@ int ossl_rsaz_mod_exp_avx512_x2(BN_ULONG *res1, - from_words52(res1, factor_size, rr1_red); - from_words52(res2, factor_size, rr2_red); - -+ /* bn_reduce_once_in_place expects number of BN_ULONG, not bit size */ -+ factor_size /= sizeof(BN_ULONG) * 8; -+ - bn_reduce_once_in_place(res1, /*carry=*/0, m1, storage, factor_size); - bn_reduce_once_in_place(res2, /*carry=*/0, m2, storage, factor_size); - diff --git a/pkgs/development/libraries/openssl/default.nix b/pkgs/development/libraries/openssl/default.nix index db6e0101fec7..74e5d318bcb6 100644 --- a/pkgs/development/libraries/openssl/default.nix +++ b/pkgs/development/libraries/openssl/default.nix @@ -186,8 +186,8 @@ in { openssl_1_1 = common rec { - version = "1.1.1p"; - sha256 = "sha256-v2G2Kqpmx8djmUKpTeTJroKAwI8X1OrC5EZE2fyKzm8="; + version = "1.1.1q"; + sha256 = "sha256-15Oc5hQCnN/wtsIPDi5XAxWKSJpyslB7i9Ub+Mj9EMo="; patches = [ ./1.1/nix-ssl-cert-file.patch @@ -201,8 +201,8 @@ in { }; openssl_3 = common { - version = "3.0.4"; - sha256 = "sha256-KDGEPppmigq0eOcCCtY9LWXlH3KXdHLcc+/O+6/AwA8="; + version = "3.0.5"; + sha256 = "sha256-qn2Nm+9xrWUlxVuhHl9Dl4ic5Jwsk0nc6m0+TwsCSno="; patches = [ ./3.0/nix-ssl-cert-file.patch @@ -210,10 +210,6 @@ in { # This patch disables build-time detection. ./3.0/openssl-disable-kernel-detection.patch - # https://guidovranken.com/2022/06/27/notes-on-openssl-remote-memory-corruption/ - # https://github.com/openssl/openssl/commit/4d8a88c134df634ba610ff8db1eb8478ac5fd345.patch - 3.0/rsa-fix-bn_reduce_once_in_place-call-for-rsaz_mod_exp_avx512_x2.patch - (if stdenv.hostPlatform.isDarwin then ./use-etc-ssl-certs-darwin.patch else ./use-etc-ssl-certs.patch)