Browse Source

libcrypto: Work around strict aliasing violations in bn_nist.c

This file is full of strict aliasing violations. Previously it was only
optimised in ways that broke the code by CHERI LLVM, but now it appears
that the in-tree LLVM also breaks it for RISC-V, resulting in broken
ECDSA signature validation with error messages like the following:

  root@unmatched:/usr/src # ssh-keygen -l -f /etc/ssh/ssh_host_ecdsa_key
  /etc/ssh/ssh_host_ecdsa_key is not a key file.
  root@unmatched:/usr/src # git fetch
  fatal: unable to access 'https://git.FreeBSD.org/src.git/': error:1012606B:elliptic curve routines:EC_POINT_set_affine_coordinates:point is not on curve

Reviewed by:	dim, jkim
Obtained from:	CheriBSD
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D35885
main
Jessica Clarke 2 weeks ago
parent
commit
3b41ae3212
  1. 5
      secure/lib/libcrypto/Makefile

5
secure/lib/libcrypto/Makefile

@ -121,6 +121,11 @@ SRCS+= ppc.S ppc-mont.S
SRCS+= bn_asm.c
.endif
# Full of strict aliasing violations that LLVM has been seen to break with
# optimisations, which can lead to ECDSA signatures not working. See
# https://github.com/openssl/openssl/issues/12247 for the upstream bug report.
CFLAGS.bn_nist.c+= -fno-strict-aliasing
# buffer
SRCS+= buf_err.c buffer.c

Loading…
Cancel
Save