libcrypto: Work around strict aliasing violations in bn_nist.c

This file is full of strict aliasing violations. Previously it was only
optimised in ways that broke the code by CHERI LLVM, but now it appears
that the in-tree LLVM also breaks it for RISC-V, resulting in broken
ECDSA signature validation with error messages like the following:

  root@unmatched:/usr/src # ssh-keygen -l -f /etc/ssh/ssh_host_ecdsa_key
  /etc/ssh/ssh_host_ecdsa_key is not a key file.
  root@unmatched:/usr/src # git fetch
  fatal: unable to access 'https://git.FreeBSD.org/src.git/': error:1012606B:elliptic curve routines:EC_POINT_set_affine_coordinates:point is not on curve

Reviewed by:	dim, jkim
Obtained from:	CheriBSD
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D35885

main

Jessica Clarke 2 weeks ago

parent

8bc3673847

commit

3b41ae3212

1 changed files with 5 additions and 0 deletions

Split View

								
									5

secure/lib/libcrypto/Makefile

								Unescape
								Escape
							
									View File
								
					@ -121,6 +121,11 @@ SRCS+=	ppc.S ppc-mont.S
					
					SRCS+=	bn_asm.c

					.endif
				
					# Full of strict aliasing violations that LLVM has been seen to break with

					# optimisations, which can lead to ECDSA signatures not working. See

					# https://github.com/openssl/openssl/issues/12247 for the upstream bug report.

					CFLAGS.bn_nist.c+=	-fno-strict-aliasing

					# buffer

					SRCS+=	buf_err.c buffer.c

libcrypto: Work around strict aliasing violations in bn_nist.c

5 secure/lib/libcrypto/Makefile Unescape Escape View File

5

secure/lib/libcrypto/Makefile

Unescape Escape View File