Port OpenSSL assembly routines to Morello #2120
Conversation
|
Currently the default host keys for sshd (ed25519) do not work. sshd doesn't crash, the keys just fail to validate, and ssh-keygen can't read them. I'm sure this is a bug in one of the files I've not been able to test yet. |
ed25519 keys should now work, my attempt to clear carry was setting carry instead. |
|
Want to merge the patches at the end to fix cryptocheck and kernel TLS separately before this, but am marking as ready to that CI can run. |
| @@ -1115,13 +1127,13 @@ | |||
| rev64 $acc_lb, $acc_lb | |||
There was a problem hiding this comment.
A few lines above this is the potential out of bounds store referenced in the commit log. In practice, calling code stores the 16 byte tag after the end of the plain/cipher text, so the extra preserved bytes happen to always be in bounds as they are part of the tag in existing code. The tail sections of all of the enc/dec routines in this file follow the same pattern.
|
More of the ecp_nistz256_* routines are probably exercised by sshd than I've marked so far. |
OpenSSL 3.0+ doesn't support an IV size of 8 either for the Chacha20 stream cipher or the AEAD combination with Poly1305. This did work previously with OpenSSL 1.1. Reviewed by: markj Sponsored by: AFRL, DARPA Differential Revision: https://reviews.freebsd.org/D45280 (cherry picked from commit 4ebf794)
- PTR(n) can be used to select either x0-x30 or c0-c30. - PTRN(n) can be used for to select either sp or csp. - PTR_WIDTH is the size of a pointer in bytes.
NB: This just fixes pointers operands to be capability registers, it does not yet address out of bounds stores at the end of a buffer when the length is not a multiple of the block size.
So far I've been able to validate the following routines in userspace:
For kernel testing will do the following on a purecap kernel: