[Bug 269219] cryptographic operations are not constant time anymore for armv8.4+ and amd64/icelake

From: <bugzilla-noreply_at_freebsd.org>
Date: Sun, 29 Jan 2023 07:15:20 UTC

--- Comment #1 from Michael Paepcke <bugs.fbsd@paepcke.de> ---
not sure where to track this, this might require some architecture decision,
not only a simple patch.

Since introduction of the armv8.4 ISA (and all following) and x86/icelake ISA
(impacts: skylake,cannonlake,cabbylake, ...) many base instructions (used by
openssl,openssh,libcrypt,ossl in base/kernel/userland/ports) including AES-NI
(WTH?) are not guaranteed constant time anymore.



It is possible to ensure constant time execution again via setting CPU specific
register. I might be wrong but as fare as I can see, we do not even have the
infrastructure yet, to address this (here)?

 * https://cgit.freebsd.org/src/tree/sys/x86/include/specialreg.h

The Linux Team seems tend to disable this features by default (my personal
favorite) as solution and allow to re-enable it via build-time-optimization
switch. (Discussion about runtime sysctl/syscall/procfs still ongoing)


Is someone already working in this. Ideas? Personal Preferences?

Thank you!

You are receiving this mail because:
You are the assignee for the bug.