diff options
| author | jsing <> | 2025-05-24 07:07:18 +0000 |
|---|---|---|
| committer | jsing <> | 2025-05-24 07:07:18 +0000 |
| commit | 3cfae66703ed572e7cf2f91e206ec0193019c094 (patch) | |
| tree | 236cfffcebf0e6f3642a69eda1a0bf667229950e /src | |
| parent | 0f302b0e0b33ce6709a2f0a3273bfd51b6e76309 (diff) | |
| download | openbsd-3cfae66703ed572e7cf2f91e206ec0193019c094.tar.gz openbsd-3cfae66703ed572e7cf2f91e206ec0193019c094.tar.bz2 openbsd-3cfae66703ed572e7cf2f91e206ec0193019c094.zip | |
Disable libcrypto assembly on arm.
The arm CPU capability detection is uses SIGILL and is unsafe to call from
some contexts. Furthermore, this is only useful to detect NEON support,
which is then unused on OpenBSD due to __STRICT_ALIGNMENT. Requiring a
minimum of ARMv7+VFP+NEON is also not unreasonable.
The SHA-1, SHA-256 and SHA-512 (non-NEON) C code performs within ~5% of
the assembly, as does RSA when using the C based Montgomery multiplication.
The C versions of AES and GHASH code are around ~40-50% of the assembly,
howeer if you care about performance you really want to use
Chacha20Poly1305 on this platform.
This will enable further clean up to proceed.
ok joshua@ kinjiro@ tb@
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libcrypto/arch/arm/Makefile.inc | 27 | ||||
| -rw-r--r-- | src/lib/libcrypto/arch/arm/arm_arch.h | 59 | ||||
| -rw-r--r-- | src/lib/libcrypto/arch/arm/armcap.c | 88 | ||||
| -rw-r--r-- | src/lib/libcrypto/arch/arm/armv4cpuid.S | 69 | ||||
| -rw-r--r-- | src/lib/libcrypto/arch/arm/crypto_arch.h | 16 |
5 files changed, 2 insertions, 257 deletions
diff --git a/src/lib/libcrypto/arch/arm/Makefile.inc b/src/lib/libcrypto/arch/arm/Makefile.inc index e078c51d98..271dff04f6 100644 --- a/src/lib/libcrypto/arch/arm/Makefile.inc +++ b/src/lib/libcrypto/arch/arm/Makefile.inc | |||
| @@ -1,28 +1,3 @@ | |||
| 1 | # $oPenBSD: Makefile.inc,v 1.2 2014/05/02 18:21:39 miod Exp $ | 1 | # $OpenBSD: Makefile.inc,v 1.20 2025/05/24 07:07:18 jsing Exp $ |
| 2 | 2 | ||
| 3 | # arm-specific libcrypto build rules | 3 | # arm-specific libcrypto build rules |
| 4 | |||
| 5 | # aes | ||
| 6 | CFLAGS+= -DAES_ASM | ||
| 7 | SSLASM+= aes aes-armv4 | ||
| 8 | # bn | ||
| 9 | CFLAGS+= -DOPENSSL_BN_ASM_MONT | ||
| 10 | SSLASM+= bn armv4-mont | ||
| 11 | # modes | ||
| 12 | CFLAGS+= -DGHASH_ASM | ||
| 13 | SSLASM+= modes ghash-armv4 | ||
| 14 | # sha | ||
| 15 | SSLASM+= sha sha1-armv4-large | ||
| 16 | SSLASM+= sha sha256-armv4 | ||
| 17 | SSLASM+= sha sha512-armv4 | ||
| 18 | |||
| 19 | .for dir f in ${SSLASM} | ||
| 20 | SRCS+= ${f}.S | ||
| 21 | GENERATED+=${f}.S | ||
| 22 | ${f}.S: ${LCRYPTO_SRC}/${dir}/asm/${f}.pl | ||
| 23 | /usr/bin/perl \ | ||
| 24 | ${LCRYPTO_SRC}/${dir}/asm/${f}.pl void ${.TARGET} > ${.TARGET} | ||
| 25 | .endfor | ||
| 26 | |||
| 27 | CFLAGS+= -DOPENSSL_CPUID_OBJ | ||
| 28 | SRCS+= armv4cpuid.S armcap.c | ||
diff --git a/src/lib/libcrypto/arch/arm/arm_arch.h b/src/lib/libcrypto/arch/arm/arm_arch.h deleted file mode 100644 index 5ac3b935f1..0000000000 --- a/src/lib/libcrypto/arch/arm/arm_arch.h +++ /dev/null | |||
| @@ -1,59 +0,0 @@ | |||
| 1 | /* $OpenBSD: arm_arch.h,v 1.1 2022/03/23 15:13:31 tb Exp $ */ | ||
| 2 | #ifndef __ARM_ARCH_H__ | ||
| 3 | #define __ARM_ARCH_H__ | ||
| 4 | |||
| 5 | #if !defined(__ARM_ARCH__) | ||
| 6 | # if defined(__CC_ARM) | ||
| 7 | # define __ARM_ARCH__ __TARGET_ARCH_ARM | ||
| 8 | # if defined(__BIG_ENDIAN) | ||
| 9 | # define __ARMEB__ | ||
| 10 | # else | ||
| 11 | # define __ARMEL__ | ||
| 12 | # endif | ||
| 13 | # elif defined(__GNUC__) | ||
| 14 | /* | ||
| 15 | * Why doesn't gcc define __ARM_ARCH__? Instead it defines | ||
| 16 | * bunch of below macros. See all_architectures[] table in | ||
| 17 | * gcc/config/arm/arm.c. On a side note it defines | ||
| 18 | * __ARMEL__/__ARMEB__ for little-/big-endian. | ||
| 19 | */ | ||
| 20 | # if defined(__ARM_ARCH) | ||
| 21 | # define __ARM_ARCH__ __ARM_ARCH | ||
| 22 | # elif defined(__ARM_ARCH_8A__) | ||
| 23 | # define __ARM_ARCH__ 8 | ||
| 24 | # elif defined(__ARM_ARCH_7__) || defined(__ARM_ARCH_7A__) || \ | ||
| 25 | defined(__ARM_ARCH_7R__)|| defined(__ARM_ARCH_7M__) || \ | ||
| 26 | defined(__ARM_ARCH_7EM__) | ||
| 27 | # define __ARM_ARCH__ 7 | ||
| 28 | # elif defined(__ARM_ARCH_6__) || defined(__ARM_ARCH_6J__) || \ | ||
| 29 | defined(__ARM_ARCH_6K__)|| defined(__ARM_ARCH_6M__) || \ | ||
| 30 | defined(__ARM_ARCH_6Z__)|| defined(__ARM_ARCH_6ZK__) || \ | ||
| 31 | defined(__ARM_ARCH_6T2__) | ||
| 32 | # define __ARM_ARCH__ 6 | ||
| 33 | # elif defined(__ARM_ARCH_5__) || defined(__ARM_ARCH_5T__) || \ | ||
| 34 | defined(__ARM_ARCH_5E__)|| defined(__ARM_ARCH_5TE__) || \ | ||
| 35 | defined(__ARM_ARCH_5TEJ__) | ||
| 36 | # define __ARM_ARCH__ 5 | ||
| 37 | # elif defined(__ARM_ARCH_4__) || defined(__ARM_ARCH_4T__) | ||
| 38 | # define __ARM_ARCH__ 4 | ||
| 39 | # else | ||
| 40 | # error "unsupported ARM architecture" | ||
| 41 | # endif | ||
| 42 | # endif | ||
| 43 | #endif | ||
| 44 | |||
| 45 | #if !defined(__ASSEMBLER__) | ||
| 46 | extern unsigned int OPENSSL_armcap_P; | ||
| 47 | |||
| 48 | #define ARMV7_NEON (1<<0) | ||
| 49 | #define ARMV8_AES (1<<1) | ||
| 50 | #define ARMV8_SHA1 (1<<2) | ||
| 51 | #define ARMV8_SHA256 (1<<3) | ||
| 52 | #define ARMV8_PMULL (1<<4) | ||
| 53 | #endif | ||
| 54 | |||
| 55 | #if defined(__OpenBSD__) | ||
| 56 | #define __STRICT_ALIGNMENT | ||
| 57 | #endif | ||
| 58 | |||
| 59 | #endif | ||
diff --git a/src/lib/libcrypto/arch/arm/armcap.c b/src/lib/libcrypto/arch/arm/armcap.c deleted file mode 100644 index 0238195397..0000000000 --- a/src/lib/libcrypto/arch/arm/armcap.c +++ /dev/null | |||
| @@ -1,88 +0,0 @@ | |||
| 1 | /* $OpenBSD: armcap.c,v 1.3 2024/08/29 03:30:05 deraadt Exp $ */ | ||
| 2 | #include <stdio.h> | ||
| 3 | #include <stdlib.h> | ||
| 4 | #include <string.h> | ||
| 5 | #include <setjmp.h> | ||
| 6 | #include <signal.h> | ||
| 7 | #include <openssl/crypto.h> | ||
| 8 | |||
| 9 | #include "arm_arch.h" | ||
| 10 | |||
| 11 | unsigned int OPENSSL_armcap_P; | ||
| 12 | |||
| 13 | #if __ARM_ARCH__ >= 7 | ||
| 14 | static sigset_t all_masked; | ||
| 15 | |||
| 16 | static sigjmp_buf ill_jmp; | ||
| 17 | |||
| 18 | static void | ||
| 19 | ill_handler(int sig) | ||
| 20 | { | ||
| 21 | siglongjmp(ill_jmp, sig); | ||
| 22 | } | ||
| 23 | |||
| 24 | /* | ||
| 25 | * Following subroutines could have been inlined, but it's not all | ||
| 26 | * ARM compilers support inline assembler... | ||
| 27 | */ | ||
| 28 | void _armv7_neon_probe(void); | ||
| 29 | void _armv8_aes_probe(void); | ||
| 30 | void _armv8_sha1_probe(void); | ||
| 31 | void _armv8_sha256_probe(void); | ||
| 32 | void _armv8_pmull_probe(void); | ||
| 33 | #endif | ||
| 34 | |||
| 35 | void | ||
| 36 | OPENSSL_cpuid_setup(void) | ||
| 37 | { | ||
| 38 | #if __ARM_ARCH__ >= 7 | ||
| 39 | struct sigaction ill_oact, ill_act; | ||
| 40 | sigset_t oset; | ||
| 41 | #endif | ||
| 42 | static int trigger = 0; | ||
| 43 | |||
| 44 | if (trigger) | ||
| 45 | return; | ||
| 46 | trigger = 1; | ||
| 47 | |||
| 48 | OPENSSL_armcap_P = 0; | ||
| 49 | |||
| 50 | #if __ARM_ARCH__ >= 7 | ||
| 51 | sigfillset(&all_masked); | ||
| 52 | sigdelset(&all_masked, SIGILL); | ||
| 53 | sigdelset(&all_masked, SIGTRAP); | ||
| 54 | sigdelset(&all_masked, SIGFPE); | ||
| 55 | sigdelset(&all_masked, SIGBUS); | ||
| 56 | sigdelset(&all_masked, SIGSEGV); | ||
| 57 | |||
| 58 | memset(&ill_act, 0, sizeof(ill_act)); | ||
| 59 | ill_act.sa_handler = ill_handler; | ||
| 60 | ill_act.sa_mask = all_masked; | ||
| 61 | |||
| 62 | sigprocmask(SIG_SETMASK, &ill_act.sa_mask, &oset); | ||
| 63 | sigaction(SIGILL, &ill_act, &ill_oact); | ||
| 64 | |||
| 65 | if (sigsetjmp(ill_jmp, 1) == 0) { | ||
| 66 | _armv7_neon_probe(); | ||
| 67 | OPENSSL_armcap_P |= ARMV7_NEON; | ||
| 68 | if (sigsetjmp(ill_jmp, 1) == 0) { | ||
| 69 | _armv8_pmull_probe(); | ||
| 70 | OPENSSL_armcap_P |= ARMV8_PMULL | ARMV8_AES; | ||
| 71 | } else if (sigsetjmp(ill_jmp, 1) == 0) { | ||
| 72 | _armv8_aes_probe(); | ||
| 73 | OPENSSL_armcap_P |= ARMV8_AES; | ||
| 74 | } | ||
| 75 | if (sigsetjmp(ill_jmp, 1) == 0) { | ||
| 76 | _armv8_sha1_probe(); | ||
| 77 | OPENSSL_armcap_P |= ARMV8_SHA1; | ||
| 78 | } | ||
| 79 | if (sigsetjmp(ill_jmp, 1) == 0) { | ||
| 80 | _armv8_sha256_probe(); | ||
| 81 | OPENSSL_armcap_P |= ARMV8_SHA256; | ||
| 82 | } | ||
| 83 | } | ||
| 84 | |||
| 85 | sigaction (SIGILL, &ill_oact, NULL); | ||
| 86 | sigprocmask(SIG_SETMASK, &oset, NULL); | ||
| 87 | #endif | ||
| 88 | } | ||
diff --git a/src/lib/libcrypto/arch/arm/armv4cpuid.S b/src/lib/libcrypto/arch/arm/armv4cpuid.S deleted file mode 100644 index db0b54e496..0000000000 --- a/src/lib/libcrypto/arch/arm/armv4cpuid.S +++ /dev/null | |||
| @@ -1,69 +0,0 @@ | |||
| 1 | #include "arm_arch.h" | ||
| 2 | |||
| 3 | .text | ||
| 4 | #if defined(__thumb2__) && !defined(__APPLE__) | ||
| 5 | .syntax unified | ||
| 6 | .thumb | ||
| 7 | #else | ||
| 8 | .code 32 | ||
| 9 | #undef __thumb2__ | ||
| 10 | #endif | ||
| 11 | |||
| 12 | #if __ARM_ARCH__>=7 | ||
| 13 | .arch armv7-a | ||
| 14 | .fpu neon | ||
| 15 | |||
| 16 | .align 5 | ||
| 17 | .globl _armv7_neon_probe | ||
| 18 | .type _armv7_neon_probe,%function | ||
| 19 | _armv7_neon_probe: | ||
| 20 | vorr q0,q0,q0 | ||
| 21 | bx lr | ||
| 22 | .size _armv7_neon_probe,.-_armv7_neon_probe | ||
| 23 | |||
| 24 | .globl _armv8_aes_probe | ||
| 25 | .type _armv8_aes_probe,%function | ||
| 26 | _armv8_aes_probe: | ||
| 27 | #if defined(__thumb2__) && !defined(__APPLE__) | ||
| 28 | .byte 0xb0,0xff,0x00,0x03 @ aese.8 q0,q0 | ||
| 29 | #else | ||
| 30 | .byte 0x00,0x03,0xb0,0xf3 @ aese.8 q0,q0 | ||
| 31 | #endif | ||
| 32 | bx lr | ||
| 33 | .size _armv8_aes_probe,.-_armv8_aes_probe | ||
| 34 | |||
| 35 | .globl _armv8_sha1_probe | ||
| 36 | .type _armv8_sha1_probe,%function | ||
| 37 | _armv8_sha1_probe: | ||
| 38 | #if defined(__thumb2__) && !defined(__APPLE__) | ||
| 39 | .byte 0x00,0xef,0x40,0x0c @ sha1c.32 q0,q0,q0 | ||
| 40 | #else | ||
| 41 | .byte 0x40,0x0c,0x00,0xf2 @ sha1c.32 q0,q0,q0 | ||
| 42 | #endif | ||
| 43 | bx lr | ||
| 44 | .size _armv8_sha1_probe,.-_armv8_sha1_probe | ||
| 45 | |||
| 46 | .globl _armv8_sha256_probe | ||
| 47 | .type _armv8_sha256_probe,%function | ||
| 48 | _armv8_sha256_probe: | ||
| 49 | #if defined(__thumb2__) && !defined(__APPLE__) | ||
| 50 | .byte 0x00,0xff,0x40,0x0c @ sha256h.32 q0,q0,q0 | ||
| 51 | #else | ||
| 52 | .byte 0x40,0x0c,0x00,0xf3 @ sha256h.32 q0,q0,q0 | ||
| 53 | #endif | ||
| 54 | bx lr | ||
| 55 | .size _armv8_sha256_probe,.-_armv8_sha256_probe | ||
| 56 | .globl _armv8_pmull_probe | ||
| 57 | .type _armv8_pmull_probe,%function | ||
| 58 | _armv8_pmull_probe: | ||
| 59 | #if defined(__thumb2__) && !defined(__APPLE__) | ||
| 60 | .byte 0xa0,0xef,0x00,0x0e @ vmull.p64 q0,d0,d0 | ||
| 61 | #else | ||
| 62 | .byte 0x00,0x0e,0xa0,0xf2 @ vmull.p64 q0,d0,d0 | ||
| 63 | #endif | ||
| 64 | bx lr | ||
| 65 | .size _armv8_pmull_probe,.-_armv8_pmull_probe | ||
| 66 | #endif | ||
| 67 | |||
| 68 | .comm OPENSSL_armcap_P,4,4 | ||
| 69 | .hidden OPENSSL_armcap_P | ||
diff --git a/src/lib/libcrypto/arch/arm/crypto_arch.h b/src/lib/libcrypto/arch/arm/crypto_arch.h index 07d7829fe3..732a59cf72 100644 --- a/src/lib/libcrypto/arch/arm/crypto_arch.h +++ b/src/lib/libcrypto/arch/arm/crypto_arch.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: crypto_arch.h,v 1.2 2025/02/14 12:01:58 jsing Exp $ */ | 1 | /* $OpenBSD: crypto_arch.h,v 1.3 2025/05/24 07:07:18 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2024 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2024 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -20,20 +20,6 @@ | |||
| 20 | 20 | ||
| 21 | #ifndef OPENSSL_NO_ASM | 21 | #ifndef OPENSSL_NO_ASM |
| 22 | 22 | ||
| 23 | #define HAVE_AES_SET_ENCRYPT_KEY_INTERNAL | ||
| 24 | #define HAVE_AES_SET_DECRYPT_KEY_INTERNAL | ||
| 25 | #define HAVE_AES_ENCRYPT_INTERNAL | ||
| 26 | #define HAVE_AES_DECRYPT_INTERNAL | ||
| 27 | |||
| 28 | #define HAVE_SHA1_BLOCK_DATA_ORDER | ||
| 29 | #define HAVE_SHA1_BLOCK_GENERIC | ||
| 30 | |||
| 31 | #define HAVE_SHA256_BLOCK_DATA_ORDER | ||
| 32 | #define HAVE_SHA256_BLOCK_GENERIC | ||
| 33 | |||
| 34 | #define HAVE_SHA512_BLOCK_DATA_ORDER | ||
| 35 | #define HAVE_SHA512_BLOCK_GENERIC | ||
| 36 | |||
| 37 | #endif | 23 | #endif |
| 38 | 24 | ||
| 39 | #endif | 25 | #endif |