Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 29 Jan 2023 07:15:20 +0000
From:      bugzilla-noreply@freebsd.org
To:        bugs@FreeBSD.org
Subject:   [Bug 269219] cryptographic operations are not constant time anymore for armv8.4+ and amd64/icelake
Message-ID:  <bug-269219-227-j3xxWki7mk@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-269219-227@https.bugs.freebsd.org/bugzilla/>
References:  <bug-269219-227@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D269219

--- Comment #1 from Michael Paepcke <bugs.fbsd@paepcke.de> ---
Hi,
not sure where to track this, this might require some architecture decision,
not only a simple patch.

Summary:
Since introduction of the armv8.4 ISA (and all following) and x86/icelake I=
SA
(impacts: skylake,cannonlake,cabbylake, ...) many base instructions (used by
openssl,openssh,libcrypt,ossl in base/kernel/userland/ports) including AES-=
NI
(WTH?) are not guaranteed constant time anymore.

 *
https://www.intel.com/content/www/us/en/developer/articles/technical/softwa=
re-security-guidance/best-practices/data-operand-independent-timing-isa-gui=
dance.html

 *
https://developer.arm.com/documentation/ddi0595/2021-06/AArch64-Registers/D=
IT--Data-Independent-Timing

It is possible to ensure constant time execution again via setting CPU spec=
ific
register. I might be wrong but as fare as I can see, we do not even have the
infrastructure yet, to address this (here)?

 * https://cgit.freebsd.org/src/tree/sys/x86/include/specialreg.h

The Linux Team seems tend to disable this features by default (my personal
favorite) as solution and allow to re-enable it via build-time-optimization
switch. (Discussion about runtime sysctl/syscall/procfs still ongoing)

 *
https://lore.kernel.org/lkml/YxCQzZqLZ49gLlrH@hirez.programming.kicks-ass.n=
et/

Is someone already working in this. Ideas? Personal Preferences?

Thank you!
Michael

--=20
You are receiving this mail because:
You are the assignee for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-269219-227-j3xxWki7mk>