NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: port-sparc64/57472: OpenSSL broken, affects ecdsa keys in OpenSSH
The following reply was made to PR port-sparc64/57472; it has been noted by GNATS.
From: Harold Gutch <logix%foobar.franken.de@localhost>
To: gnats-bugs%netbsd.org@localhost
Cc:
Subject: Re: port-sparc64/57472: OpenSSL broken, affects ecdsa keys in OpenSSH
Date: Thu, 22 Jun 2023 15:35:30 +0200
--N/GrjenRD+RJfyz+
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
On Sun, Jun 18, 2023 at 10:10:02AM +0000, Martin Husemann wrote:
> I verified that the test works against a native openssl build (their
> main branch at commit 6c0ecc2bce64cc86948a51f80f832b5e48a9ebea).
Same here, the official OpenSSL 3.0.9 release built on sparc64 works
for me. That was really helpful because it allowed comparing various
states there with the crossbuilt one.
First, OPENSSL_NO_EC_NISTP_64_GCC_128 is defined in the
native build and setting this fixes two of the three problematic
curves, secp224r1 and secp521r1. That leaves prime256v1, and the key
difference there between the native build and the cross build is:
native build:
sizeof(BN_ULONG) = 4
BN_BYTES = 4
cross build:
sizeof(BN_ULONG) = 8
BN_BYTES = 8
which down the line causes various conversions from and to BIGNUM to
fail, as the crosscompiled one byteswaps in 8 byte chunks whereas the
native one byteswaps in 4 byte chunks.
BN_ULONG is defined in .../dist/include/openssl/bn.h . For a quick
test I just patched .../dist/include/openssl/configuration.h (see the
attached diff), but this should actually go somewhere else, probably
also somehow in .../bsd/openssl/lib/libcrypto/arch/sparc64 .
I'll have a look where to fit this in, but if somebody else wants to
pick up from here, go for it!
Harold
--N/GrjenRD+RJfyz+
Content-Type: text/x-diff; charset=us-ascii
Content-Disposition: attachment; filename="openssl_sparc64.diff"
--- lib/libcrypto/arch/sparc64/ec.inc.orig 2023-05-25 17:52:29.000000000 +0200
+++ lib/libcrypto/arch/sparc64/ec.inc 2023-06-22 15:15:53.972571594 +0200
@@ -1,7 +1,7 @@
.PATH.S: ${.PARSEDIR}
EC_SRCS += \
ecp_nistz256-sparcv9.S
-ECCPPFLAGS+= -DECP_NISTZ256_ASM
+ECCPPFLAGS+= -DECP_NISTZ256_ASM -DOPENSSL_NO_EC_NISTP_64_GCC_128
ECNI = yes
.include "../../ec.inc"
--- include/openssl/configuration.h.orig 2023-05-11 16:36:11.000000000 +0200
+++ include/openssl/configuration.h 2023-06-22 13:59:35.382166208 +0200
@@ -116,6 +116,14 @@
/*
* The following are cipher-specific, but are part of the public API.
*/
+#ifdef __sparc__
+# undef BN_LLONG
+# undef SIXTY_FOUR_BIT
+# undef SIXTY_FOUR_BIT_LONG
+# define THIRTY_TWO_BIT
+# undef _LP64
+# undef _ILP64
+#else
# if !defined(OPENSSL_SYS_UEFI)
# undef BN_LLONG
/* Only one for the following should be defined */
@@ -128,6 +136,7 @@
# define THIRTY_TWO_BIT
# endif
# endif
+#endif
# define RC4_INT unsigned int
--N/GrjenRD+RJfyz+--
Home |
Main Index |
Thread Index |
Old Index