diff mbox series

[kirkstone] openssl: fix crash on aarch64 if BTI is enabled but no Crypto instructions

Message ID 20240327111523.855715-1-ross.burton@arm.com
State Changes Requested
Delegated to: Steve Sakoman
Headers show
Series [kirkstone] openssl: fix crash on aarch64 if BTI is enabled but no Crypto instructions | expand

Commit Message

Ross Burton March 27, 2024, 11:15 a.m. UTC 
From: Ross Burton <ross.burton@arm.com>

On aarch64, if the processor doesn't have the Crypto instructions then
OpenSSL will fall back onto the "bit-sliced" assembler routines. When
branch protection (BTI) was enabled in OpenSSL these routines were
missed, so if BTI is available libssl will immediately abort when it
enters this assembler.

Backport a patch submitted upstream to add the required call target
annotations so that BTI doesn't believe the code is being exploited.

Signed-off-by: Ross Burton <ross.burton@arm.com>
---
 .../openssl/openssl/bti.patch                 | 58 +++++++++++++++++++
 .../openssl/openssl_3.0.13.bb                 |  1 +
 2 files changed, 59 insertions(+)
 create mode 100644 meta/recipes-connectivity/openssl/openssl/bti.patch

Comments

Vivek Kumbhar March 29, 2024, 3:51 a.m. UTC | #1 
*Kirkstone-nut openssl compile error:*

*Error Log* :

ERROR: openssl-3.0.13-r0 do_patch: Applying patch 'bti.patch' on target directory '/home/vkumbhar/kirkstone-nut/ build/tmp-glibc/work/core2-64- oe-linux/openssl/3.0.13-r0/ openssl-3.0.13'
CmdError('quilt --quiltrc /home/vkumbhar/kirkstone-nut/ build/tmp-glibc/work/core2-64- oe-linux/openssl/3.0.13-r0/ recipe-sysroot-native/etc/ quiltrc push', 0, "stdout: Applying patch bti.patch
can't find file to patch at input line 23
Perhaps you used the wrong -p or --strip option?
The text leading up to this was:
--------------------------
|From ba8a599395f8b770c76316b5f5b0f3 838567014f Mon Sep 17 00:00:00 2001
|From: Tom Cosgrove < tom.cosgrove@arm.com >
|Date: Tue, 26 Mar 2024 13:18:00 +0000
|Subject: [PATCH] aarch64: fix BTI in bsaes assembly code
|
|In Arm systems where BTI is enabled but the Crypto extensions are not (more
|likely in FVPs than in real hardware), the bit-sliced assembler code will
|be used. However, this wasn't annotated with BTI instructions when BTI was
|enabled, so the moment libssl jumps into this code it (correctly) aborts.
|
|Solve this by adding the missing BTI landing pads.
|
|Upstream-Status: Submitted [ https://github.com/openssl/ openssl/pull/23982 ( https://github.com/openssl/openssl/pull/23982 ) ]
|Signed-off-by: Ross Burton < ross.burton@arm.com >
|---
| crypto/aes/asm/ bsaes-armv8.pl ( http://bsaes-armv8.pl/ ) | 5 ++++-
| 1 file changed, 4 insertions(+), 1 deletion(-)
|
|diff --git a/crypto/aes/asm/ bsaes-armv8. pl ( http://bsaes-armv8.pl/ ) b/crypto/aes/asm/ bsaes-armv8. pl ( http://bsaes-armv8.pl/ )
|index b3c97e439f..c3c5ff3e05 100644
|--- a/crypto/aes/asm/ bsaes-armv8. pl ( http://bsaes-armv8.pl/ )
|+++ b/crypto/aes/asm/ bsaes-armv8. pl ( http://bsaes-armv8.pl/ )
--------------------------
No file to patch.  Skipping patch.
4 out of 4 hunks ignored
Patch bti.patch does not apply (enforce with -f)

stderr: ")
ERROR: Logfile of failure stored in: /home/vkumbhar/kirkstone-nut/ build/tmp-glibc/work/core2-64- oe-linux/openssl/3.0.13-r0/ temp/log.do_patch.152571
ERROR: Task (/home/vkumbhar/kirkstone-nut/ meta/recipes-connectivity/ openssl/openssl_3.0.13.bb:do_ patch) failed with exit code '1'
Steve Sakoman March 29, 2024, 1:31 p.m. UTC | #2 
Sorry for the delayed response, but I found the same issue with the
kirkstone version that Vivek did.

Awaiting a V2 :-)

Steve

On Thu, Mar 28, 2024 at 5:51 PM Vivek Kumbhar via
lists.openembedded.org <vkumbhar=mvista.com@lists.openembedded.org>
wrote:
>
> Kirkstone-nut openssl compile error:
>
> Error Log:
>
> ERROR: openssl-3.0.13-r0 do_patch: Applying patch 'bti.patch' on target directory '/home/vkumbhar/kirkstone-nut/build/tmp-glibc/work/core2-64-oe-linux/openssl/3.0.13-r0/openssl-3.0.13'
> CmdError('quilt --quiltrc /home/vkumbhar/kirkstone-nut/build/tmp-glibc/work/core2-64-oe-linux/openssl/3.0.13-r0/recipe-sysroot-native/etc/quiltrc push', 0, "stdout: Applying patch bti.patch
> can't find file to patch at input line 23
> Perhaps you used the wrong -p or --strip option?
> The text leading up to this was:
> --------------------------
> |From ba8a599395f8b770c76316b5f5b0f3838567014f Mon Sep 17 00:00:00 2001
> |From: Tom Cosgrove <tom.cosgrove@arm.com>
> |Date: Tue, 26 Mar 2024 13:18:00 +0000
> |Subject: [PATCH] aarch64: fix BTI in bsaes assembly code
> |
> |In Arm systems where BTI is enabled but the Crypto extensions are not (more
> |likely in FVPs than in real hardware), the bit-sliced assembler code will
> |be used. However, this wasn't annotated with BTI instructions when BTI was
> |enabled, so the moment libssl jumps into this code it (correctly) aborts.
> |
> |Solve this by adding the missing BTI landing pads.
> |
> |Upstream-Status: Submitted [https://github.com/openssl/openssl/pull/23982]
> |Signed-off-by: Ross Burton <ross.burton@arm.com>
> |---
> | crypto/aes/asm/bsaes-armv8.pl | 5 ++++-
> | 1 file changed, 4 insertions(+), 1 deletion(-)
> |
> |diff --git a/crypto/aes/asm/bsaes-armv8.pl b/crypto/aes/asm/bsaes-armv8.pl
> |index b3c97e439f..c3c5ff3e05 100644
> |--- a/crypto/aes/asm/bsaes-armv8.pl
> |+++ b/crypto/aes/asm/bsaes-armv8.pl
> --------------------------
> No file to patch.  Skipping patch.
> 4 out of 4 hunks ignored
> Patch bti.patch does not apply (enforce with -f)
>
> stderr: ")
> ERROR: Logfile of failure stored in: /home/vkumbhar/kirkstone-nut/build/tmp-glibc/work/core2-64-oe-linux/openssl/3.0.13-r0/temp/log.do_patch.152571
> ERROR: Task (/home/vkumbhar/kirkstone-nut/meta/recipes-connectivity/openssl/openssl_3.0.13.bb:do_patch) failed with exit code '1'
>
>
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#197620): https://lists.openembedded.org/g/openembedded-core/message/197620
> Mute This Topic: https://lists.openembedded.org/mt/105174962/3620601
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [steve@sakoman.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
Ross Burton April 16, 2024, 12:42 p.m. UTC | #3 
On 29 Mar 2024, at 13:31, Steve Sakoman <steve@sakoman.com> wrote:
> 
> Sorry for the delayed response, but I found the same issue with the
> kirkstone version that Vivek did.

Sorry for the very delayed response, I somehow missed this reply in my inbox.

The patched code doesn’t exist in kirkstone so this isn’t needed, I thought I tested this patch before posting but maybe I did something stupid.

Sorry for the inconvenience,
Ross
diff mbox series

Patch

diff --git a/meta/recipes-connectivity/openssl/openssl/bti.patch b/meta/recipes-connectivity/openssl/openssl/bti.patch
new file mode 100644
index 00000000000..748576c30ca
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/bti.patch
@@ -0,0 +1,58 @@ 
+From ba8a599395f8b770c76316b5f5b0f3838567014f Mon Sep 17 00:00:00 2001
+From: Tom Cosgrove <tom.cosgrove@arm.com>
+Date: Tue, 26 Mar 2024 13:18:00 +0000
+Subject: [PATCH] aarch64: fix BTI in bsaes assembly code
+
+In Arm systems where BTI is enabled but the Crypto extensions are not (more
+likely in FVPs than in real hardware), the bit-sliced assembler code will
+be used. However, this wasn't annotated with BTI instructions when BTI was
+enabled, so the moment libssl jumps into this code it (correctly) aborts.
+
+Solve this by adding the missing BTI landing pads.
+
+Upstream-Status: Submitted [https://github.com/openssl/openssl/pull/23982]
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+---
+ crypto/aes/asm/bsaes-armv8.pl | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/crypto/aes/asm/bsaes-armv8.pl b/crypto/aes/asm/bsaes-armv8.pl
+index b3c97e439f..c3c5ff3e05 100644
+--- a/crypto/aes/asm/bsaes-armv8.pl
++++ b/crypto/aes/asm/bsaes-armv8.pl
+@@ -1018,6 +1018,7 @@ _bsaes_key_convert:
+ //   Initialisation vector overwritten with last quadword of ciphertext
+ //   No output registers, usual AAPCS64 register preservation
+ ossl_bsaes_cbc_encrypt:
++        AARCH64_VALID_CALL_TARGET
+         cmp     x2, #128
+         bhs     .Lcbc_do_bsaes
+         b       AES_cbc_encrypt
+@@ -1270,7 +1271,7 @@ ossl_bsaes_cbc_encrypt:
+ //   Output text filled in
+ //   No output registers, usual AAPCS64 register preservation
+ ossl_bsaes_ctr32_encrypt_blocks:
+-
++        AARCH64_VALID_CALL_TARGET
+         cmp     x2, #8                      // use plain AES for
+         blo     .Lctr_enc_short             // small sizes
+ 
+@@ -1476,6 +1477,7 @@ ossl_bsaes_ctr32_encrypt_blocks:
+ //   Output ciphertext filled in
+ //   No output registers, usual AAPCS64 register preservation
+ ossl_bsaes_xts_encrypt:
++        AARCH64_VALID_CALL_TARGET
+         // Stack layout:
+         // sp ->
+         //        nrounds*128-96 bytes: key schedule
+@@ -1921,6 +1923,7 @@ ossl_bsaes_xts_encrypt:
+ //   Output plaintext filled in
+ //   No output registers, usual AAPCS64 register preservation
+ ossl_bsaes_xts_decrypt:
++        AARCH64_VALID_CALL_TARGET
+         // Stack layout:
+         // sp ->
+         //        nrounds*128-96 bytes: key schedule
+-- 
+2.34.1
+
diff --git a/meta/recipes-connectivity/openssl/openssl_3.0.13.bb b/meta/recipes-connectivity/openssl/openssl_3.0.13.bb
index 5e43fdc2ded..d0910a7a32d 100644
--- a/meta/recipes-connectivity/openssl/openssl_3.0.13.bb
+++ b/meta/recipes-connectivity/openssl/openssl_3.0.13.bb
@@ -12,6 +12,7 @@  SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
            file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \
            file://afalg.patch \
            file://0001-Configure-do-not-tweak-mips-cflags.patch \
+           file://bti.patch \
            "
 
 SRC_URI:append:class-nativesdk = " \