On 2015-01-01, Miod Vallat <m...@online.fr> wrote: >> > I should have also specified that I didn't just go ahead and enable them >> > because I wasn't sure if they're considered safe. I like abiding by >> > OpenBSD's crypto best practices when possible. >> > >> > Is there any reason why they're disabled by default? >> >> Compiler bugs generate incorrect code for 128 bit integers. > > In slightly more words, we have tried enabling this code, and found out > the hard way that, when compiled by the system compiler under OpenBSD, > it would generate slightly wrong code, and cause computations to be > subtly wrong. > > Until someone spends enough time checking the various compiler versions > around to check which are safe to use, and which are not, this code will > remain disabled in LibreSSL.
The specific failure we saw was in openssh; "key_parse_private_pem: bad ECDSA key" when reading a saved id_ecdsa.