> Date: Fri, 29 Dec 2017 21:21:04 +1100
> From: Jonathan Gray <j...@jsg.id.au>
>
> On Fri, Dec 29, 2017 at 10:47:06AM +0100, Mark Kettenis wrote:
> > The Aarch32 assembly code in libcrypto assumes that armv7 supports
> > unaligned access. It does, but only if you don't enable the bit that
> > makes it trap on unaligned access. And we enable that bit on OpenBSD.
> > So doing a SHA256 of an unaligned buffer (something ftp(1) ends up
> > doing) you SIGBUS.
> >
> > This currently isn't an issue since our base GCC does not advertise
> > that we're compiling for armv7 and up only. It barely knows about
> > armv7 at all. But with clang that is no longer true. And we really
> > want to build for armv7 and up only because that gives us proper
> > atomic operations and such.
> >
> > So here is a diff that avoids the unaligned access bits that matter
> > when compiling on OpenBSD.
> >
> > ok?
> >
> > P.S. Ports people might want to apply a similar diff to the OpenSSSL
> > port if we still have it.
>
> Any reason to not use __STRICT_ALIGNMENT for this?
The assembly code doesn't include the header file that defines
__STRICT_ALIGNMENT. But I could have arm_arch.h define it and use it
instead of __OpenBSD__. Makes things a little bit more obvious...
Any of the LibreSSL folks have an opinion about that?
> > Index: lib/libcrypto/aes/asm/aes-armv4.pl
> > ===================================================================
> > RCS file: /cvs/src/lib/libcrypto/aes/asm/aes-armv4.pl,v
> > retrieving revision 1.2
> > diff -u -p -r1.2 aes-armv4.pl
> > --- lib/libcrypto/aes/asm/aes-armv4.pl 9 Jul 2014 09:10:07 -0000
> > 1.2
> > +++ lib/libcrypto/aes/asm/aes-armv4.pl 29 Dec 2017 09:38:11 -0000
> > @@ -172,7 +172,7 @@ AES_encrypt:
> > mov $rounds,r0 @ inp
> > mov $key,r2
> > sub $tbl,r3,#AES_encrypt-AES_Te @ Te
> > -#if __ARM_ARCH__<7
> > +#if __ARM_ARCH__<7 || defined(__OpenBSD__)
> > ldrb $s0,[$rounds,#3] @ load input data in endian-neutral
> > ldrb $t1,[$rounds,#2] @ manner...
> > ldrb $t2,[$rounds,#1]
> > @@ -216,7 +216,7 @@ AES_encrypt:
> > bl _armv4_AES_encrypt
> >
> > ldr $rounds,[sp],#4 @ pop out
> > -#if __ARM_ARCH__>=7
> > +#if __ARM_ARCH__>=7 && !defined(__OpenBSD__)
> > #ifdef __ARMEL__
> > rev $s0,$s0
> > rev $s1,$s1
> > @@ -432,7 +432,7 @@ _armv4_AES_set_encrypt_key:
> > mov lr,r1 @ bits
> > mov $key,r2 @ key
> >
> > -#if __ARM_ARCH__<7
> > +#if __ARM_ARCH__<7 || defined(__OpenBSD__)
> > ldrb $s0,[$rounds,#3] @ load input data in endian-neutral
> > ldrb $t1,[$rounds,#2] @ manner...
> > ldrb $t2,[$rounds,#1]
> > @@ -517,7 +517,7 @@ _armv4_AES_set_encrypt_key:
> > b .Ldone
> >
> > .Lnot128:
> > -#if __ARM_ARCH__<7
> > +#if __ARM_ARCH__<7 || defined(__OpenBSD__)
> > ldrb $i2,[$rounds,#19]
> > ldrb $t1,[$rounds,#18]
> > ldrb $t2,[$rounds,#17]
> > @@ -588,7 +588,7 @@ _armv4_AES_set_encrypt_key:
> > b .L192_loop
> >
> > .Lnot192:
> > -#if __ARM_ARCH__<7
> > +#if __ARM_ARCH__<7 || defined(__OpenBSD__)
> > ldrb $i2,[$rounds,#27]
> > ldrb $t1,[$rounds,#26]
> > ldrb $t2,[$rounds,#25]
> > @@ -888,7 +888,7 @@ AES_decrypt:
> > mov $rounds,r0 @ inp
> > mov $key,r2
> > sub $tbl,r3,#AES_decrypt-AES_Td @ Td
> > -#if __ARM_ARCH__<7
> > +#if __ARM_ARCH__<7 || defined(__OpenBSD__)
> > ldrb $s0,[$rounds,#3] @ load input data in endian-neutral
> > ldrb $t1,[$rounds,#2] @ manner...
> > ldrb $t2,[$rounds,#1]
> > @@ -932,7 +932,7 @@ AES_decrypt:
> > bl _armv4_AES_decrypt
> >
> > ldr $rounds,[sp],#4 @ pop out
> > -#if __ARM_ARCH__>=7
> > +#if __ARM_ARCH__>=7 && !defined(__OpenBSD__)
> > #ifdef __ARMEL__
> > rev $s0,$s0
> > rev $s1,$s1
> > Index: lib/libcrypto/sha/asm/sha1-armv4-large.pl
> > ===================================================================
> > RCS file: /cvs/src/lib/libcrypto/sha/asm/sha1-armv4-large.pl,v
> > retrieving revision 1.1.1.4
> > diff -u -p -r1.1.1.4 sha1-armv4-large.pl
> > --- lib/libcrypto/sha/asm/sha1-armv4-large.pl 13 Apr 2014 15:16:35
> > -0000 1.1.1.4
> > +++ lib/libcrypto/sha/asm/sha1-armv4-large.pl 29 Dec 2017 09:38:11
> > -0000
> > @@ -95,7 +95,7 @@ ___
> > sub BODY_00_15 {
> > my ($a,$b,$c,$d,$e)=@_;
> > $code.=<<___;
> > -#if __ARM_ARCH__<7
> > +#if __ARM_ARCH__<7 || defined(__OpenBSD__)
> > ldrb $t1,[$inp,#2]
> > ldrb $t0,[$inp,#3]
> > ldrb $t2,[$inp,#1]
> > Index: lib/libcrypto/sha/asm/sha256-armv4.pl
> > ===================================================================
> > RCS file: /cvs/src/lib/libcrypto/sha/asm/sha256-armv4.pl,v
> > retrieving revision 1.1.1.3
> > diff -u -p -r1.1.1.3 sha256-armv4.pl
> > --- lib/libcrypto/sha/asm/sha256-armv4.pl 13 Oct 2012 21:23:43 -0000
> > 1.1.1.3
> > +++ lib/libcrypto/sha/asm/sha256-armv4.pl 29 Dec 2017 09:38:11 -0000
> > @@ -51,7 +51,7 @@ sub BODY_00_15 {
> > my ($i,$a,$b,$c,$d,$e,$f,$g,$h) = @_;
> >
> > $code.=<<___ if ($i<16);
> > -#if __ARM_ARCH__>=7
> > +#if __ARM_ARCH__>=7 && !defined(__OpenBSD__)
> > ldr $T1,[$inp],#4
> > #else
> > ldrb $T1,[$inp,#3] @ $i
> > @@ -70,7 +70,7 @@ $code.=<<___;
> > eor $t1,$f,$g
> > #if $i>=16
> > add $T1,$T1,$t3 @ from BODY_16_xx
> > -#elif __ARM_ARCH__>=7 && defined(__ARMEL__)
> > +#elif __ARM_ARCH__>=7 && defined(__ARMEL__) && !defined(__OpenBSD__)
> > rev $T1,$T1
> > #endif
> > #if $i==15
> > Index: lib/libcrypto/sha/asm/sha512-armv4.pl
> > ===================================================================
> > RCS file: /cvs/src/lib/libcrypto/sha/asm/sha512-armv4.pl,v
> > retrieving revision 1.1.1.3
> > diff -u -p -r1.1.1.3 sha512-armv4.pl
> > --- lib/libcrypto/sha/asm/sha512-armv4.pl 13 Oct 2012 21:23:43 -0000
> > 1.1.1.3
> > +++ lib/libcrypto/sha/asm/sha512-armv4.pl 29 Dec 2017 09:38:11 -0000
> > @@ -270,7 +270,7 @@ sha512_block_data_order:
> > str $Thi,[sp,#$Foff+4]
> >
> > .L00_15:
> > -#if __ARM_ARCH__<7
> > +#if __ARM_ARCH__<7 || defined(__OpenBSD__)
> > ldrb $Tlo,[$inp,#7]
> > ldrb $t0, [$inp,#6]
> > ldrb $t1, [$inp,#5]
> >
>
