-
Notifications
You must be signed in to change notification settings - Fork 61
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Port OpenSSL assembly routines to Morello #2120
base: dev
Are you sure you want to change the base?
Conversation
Currently the default host keys for sshd (ed25519) do not work. sshd doesn't crash, the keys just fail to validate, and ssh-keygen can't read them. I'm sure this is a bug in one of the files I've not been able to test yet. |
ed25519 keys should now work, my attempt to clear carry was setting carry instead. |
Want to merge the patches at the end to fix cryptocheck and kernel TLS separately before this, but am marking as ready to that CI can run. |
@@ -1115,13 +1127,13 @@ | |||
rev64 $acc_lb, $acc_lb |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A few lines above this is the potential out of bounds store referenced in the commit log. In practice, calling code stores the 16 byte tag after the end of the plain/cipher text, so the extra preserved bytes happen to always be in bounds as they are part of the tag in existing code. The tail sections of all of the enc/dec routines in this file follow the same pattern.
More of the ecp_nistz256_* routines are probably exercised by sshd than I've marked so far. |
OpenSSL 3.0+ doesn't support an IV size of 8 either for the Chacha20 stream cipher or the AEAD combination with Poly1305. This did work previously with OpenSSL 1.1. Reviewed by: markj Sponsored by: AFRL, DARPA Differential Revision: https://reviews.freebsd.org/D45280 (cherry picked from commit 4ebf794)
- PTR(n) can be used to select either x0-x30 or c0-c30. - PTRN(n) can be used for to select either sp or csp. - PTR_WIDTH is the size of a pointer in bytes.
NB: This just fixes pointers operands to be capability registers, it does not yet address out of bounds stores at the end of a buffer when the length is not a multiple of the block size.
So far I've been able to validate the following routines in userspace:
For kernel testing will do the following on a purecap kernel: