git: 2b7b51c479c4 - stable/13 - libcrypto: Work around strict aliasing violations in bn_nist.c
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 31 Jan 2023 01:51:51 UTC
The branch stable/13 has been updated by jrtc27:
URL: https://cgit.FreeBSD.org/src/commit/?id=2b7b51c479c44e60b37821783487bfc5dc0471f4
commit 2b7b51c479c44e60b37821783487bfc5dc0471f4
Author: Jessica Clarke <jrtc27@FreeBSD.org>
AuthorDate: 2022-07-25 17:17:50 +0000
Commit: Jessica Clarke <jrtc27@FreeBSD.org>
CommitDate: 2023-01-31 01:50:27 +0000
libcrypto: Work around strict aliasing violations in bn_nist.c
This file is full of strict aliasing violations. Previously it was only
optimised in ways that broke the code by CHERI LLVM, but now it appears
that the in-tree LLVM also breaks it for RISC-V, resulting in broken
ECDSA signature validation with error messages like the following:
root@unmatched:/usr/src # ssh-keygen -l -f /etc/ssh/ssh_host_ecdsa_key
/etc/ssh/ssh_host_ecdsa_key is not a key file.
root@unmatched:/usr/src # git fetch
fatal: unable to access 'https://git.FreeBSD.org/src.git/': error:1012606B:elliptic curve routines:EC_POINT_set_affine_coordinates:point is not on curve
Reviewed by: dim, jkim
Obtained from: CheriBSD
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D35885
(cherry picked from commit 3b41ae32124ad7b61b2297b2e7f3aa5d76b30c53)
---
secure/lib/libcrypto/Makefile | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/secure/lib/libcrypto/Makefile b/secure/lib/libcrypto/Makefile
index 8a38f0f563a0..d8b8f454122c 100644
--- a/secure/lib/libcrypto/Makefile
+++ b/secure/lib/libcrypto/Makefile
@@ -122,6 +122,11 @@ SRCS+= ppc.S ppc-mont.S
SRCS+= bn_asm.c
.endif
+# Full of strict aliasing violations that LLVM has been seen to break with
+# optimisations, which can lead to ECDSA signatures not working. See
+# https://github.com/openssl/openssl/issues/12247 for the upstream bug report.
+CFLAGS.bn_nist.c+= -fno-strict-aliasing
+
# buffer
SRCS+= buf_err.c buffer.c