talexander
/
freebsd_amp_hwpstate
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

libcrypto: Work around strict aliasing violations in bn_nist.c 

This file is full of strict aliasing violations. Previously it was only
optimised in ways that broke the code by CHERI LLVM, but now it appears
that the in-tree LLVM also breaks it for RISC-V, resulting in broken
ECDSA signature validation with error messages like the following:

  root@unmatched:/usr/src # ssh-keygen -l -f /etc/ssh/ssh_host_ecdsa_key
  /etc/ssh/ssh_host_ecdsa_key is not a key file.
  root@unmatched:/usr/src # git fetch
  fatal: unable to access 'https://git.FreeBSD.org/src.git/': error:1012606B:elliptic curve routines:EC_POINT_set_affine_coordinates:point is not on curve

Reviewed by:	dim, jkim
Obtained from:	CheriBSD
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D35885
This commit is contained in:
Jessica Clarke 2022-07-25 18:17:50 +01:00
parent 8bc3673847
commit 3b41ae3212
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
secure/lib/libcrypto/Makefile
View File

@ -121,6 +121,11 @@ SRCS+= ppc.S ppc-mont.S
SRCS+= bn_asm.c
.endif
# Full of strict aliasing violations that LLVM has been seen to break with
# optimisations, which can lead to ECDSA signatures not working. See
# https://github.com/openssl/openssl/issues/12247 for the upstream bug report.
CFLAGS.bn_nist.c+= -fno-strict-aliasing
# buffer
SRCS+= buf_err.c buffer.c