Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 25 Jul 2022 17:20:44 GMT
From:      Jessica Clarke <jrtc27@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org
Subject:   git: 3b41ae32124a - main - libcrypto: Work around strict aliasing violations in bn_nist.c
Message-ID:  <202207251720.26PHKiWT001046@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
The branch main has been updated by jrtc27:

URL: https://cgit.FreeBSD.org/src/commit/?id=3b41ae32124ad7b61b2297b2e7f3aa5d76b30c53

commit 3b41ae32124ad7b61b2297b2e7f3aa5d76b30c53
Author:     Jessica Clarke <jrtc27@FreeBSD.org>
AuthorDate: 2022-07-25 17:17:50 +0000
Commit:     Jessica Clarke <jrtc27@FreeBSD.org>
CommitDate: 2022-07-25 17:17:50 +0000

    libcrypto: Work around strict aliasing violations in bn_nist.c
    
    This file is full of strict aliasing violations. Previously it was only
    optimised in ways that broke the code by CHERI LLVM, but now it appears
    that the in-tree LLVM also breaks it for RISC-V, resulting in broken
    ECDSA signature validation with error messages like the following:
    
      root@unmatched:/usr/src # ssh-keygen -l -f /etc/ssh/ssh_host_ecdsa_key
      /etc/ssh/ssh_host_ecdsa_key is not a key file.
      root@unmatched:/usr/src # git fetch
      fatal: unable to access 'https://git.FreeBSD.org/src.git/': error:1012606B:elliptic curve routines:EC_POINT_set_affine_coordinates:point is not on curve
    
    Reviewed by:    dim, jkim
    Obtained from:  CheriBSD
    MFC after:      1 week
    Differential Revision:  https://reviews.freebsd.org/D35885
---
 secure/lib/libcrypto/Makefile | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/secure/lib/libcrypto/Makefile b/secure/lib/libcrypto/Makefile
index cf9259a19e16..e318179120ce 100644
--- a/secure/lib/libcrypto/Makefile
+++ b/secure/lib/libcrypto/Makefile
@@ -121,6 +121,11 @@ SRCS+=	ppc.S ppc-mont.S
 SRCS+=	bn_asm.c
 .endif
 
+# Full of strict aliasing violations that LLVM has been seen to break with
+# optimisations, which can lead to ECDSA signatures not working. See
+# https://github.com/openssl/openssl/issues/12247 for the upstream bug report.
+CFLAGS.bn_nist.c+=	-fno-strict-aliasing
+
 # buffer
 SRCS+=	buf_err.c buffer.c

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202207251720.26PHKiWT001046>