git: 3b41ae32124a - main - libcrypto: Work around strict aliasing violations in bn_nist.c
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 25 Jul 2022 17:20:44 UTC
The branch main has been updated by jrtc27: URL: https://cgit.FreeBSD.org/src/commit/?id=3b41ae32124ad7b61b2297b2e7f3aa5d76b30c53 commit 3b41ae32124ad7b61b2297b2e7f3aa5d76b30c53 Author: Jessica Clarke <jrtc27@FreeBSD.org> AuthorDate: 2022-07-25 17:17:50 +0000 Commit: Jessica Clarke <jrtc27@FreeBSD.org> CommitDate: 2022-07-25 17:17:50 +0000 libcrypto: Work around strict aliasing violations in bn_nist.c This file is full of strict aliasing violations. Previously it was only optimised in ways that broke the code by CHERI LLVM, but now it appears that the in-tree LLVM also breaks it for RISC-V, resulting in broken ECDSA signature validation with error messages like the following: root@unmatched:/usr/src # ssh-keygen -l -f /etc/ssh/ssh_host_ecdsa_key /etc/ssh/ssh_host_ecdsa_key is not a key file. root@unmatched:/usr/src # git fetch fatal: unable to access 'https://git.FreeBSD.org/src.git/': error:1012606B:elliptic curve routines:EC_POINT_set_affine_coordinates:point is not on curve Reviewed by: dim, jkim Obtained from: CheriBSD MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D35885 --- secure/lib/libcrypto/Makefile | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/secure/lib/libcrypto/Makefile b/secure/lib/libcrypto/Makefile index cf9259a19e16..e318179120ce 100644 --- a/secure/lib/libcrypto/Makefile +++ b/secure/lib/libcrypto/Makefile @@ -121,6 +121,11 @@ SRCS+= ppc.S ppc-mont.S SRCS+= bn_asm.c .endif +# Full of strict aliasing violations that LLVM has been seen to break with +# optimisations, which can lead to ECDSA signatures not working. See +# https://github.com/openssl/openssl/issues/12247 for the upstream bug report. +CFLAGS.bn_nist.c+= -fno-strict-aliasing + # buffer SRCS+= buf_err.c buffer.c