NetBSD Problem Report #53838

From www@NetBSD.org  Sun Jan  6 21:22:54 2019
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
	by mollari.NetBSD.org (Postfix) with ESMTPS id 56D0D7A177
	for <gnats-bugs@gnats.NetBSD.org>; Sun,  6 Jan 2019 21:22:54 +0000 (UTC)
Message-Id: <20190106212253.6B1DD7A219@mollari.NetBSD.org>
Date: Sun,  6 Jan 2019 21:22:53 +0000 (UTC)
From: scole_mail@gmx.com
Reply-To: scole_mail@gmx.com
To: gnats-bugs@NetBSD.org
Subject: openssl lib OPENSSL_rdtsc() fails on macppc ppc601
X-Send-Pr-Version: www-1.0

>Number:         53838
>Category:       lib
>Synopsis:       openssl lib OPENSSL_rdtsc() fails on macppc ppc601
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    lib-bug-people
>State:          closed
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Jan 06 21:25:00 +0000 2019
>Closed-Date:    Tue Jan 08 20:23:55 +0000 2019
>Last-Modified:  Tue Jan 08 20:23:55 +0000 2019
>Originator:     scole_mail
>Release:        current
>Organization:
none
>Environment:
NetBSD pm7200-rtk 8.99.30 NetBSD 8.99.30 (GENERIC-$Revision: 1.22 $) #0: Thu Jan  3 16:46:59 PST 2019  scole@dstar:/home/scole/nbsd/cvs/src/sys/arch/macppc/compile/obj/GENERIC_601 macppc
>Description:
OPENSSL_rdtsc() from src/crypto/external/bsd/openssl in
 src/crypto/external/bsd/openssl/dist/crypto/rand/rand_lib.c#61
 src/crypto/external/bsd/openssl/dist/crypto/rand/rand_unix.c#645
is crashing because the powerpc 601 doesn't have the same timebuffer registers as other powerpc's.

I  think OPENSSL_rdtsc() is reading a time counter for randomness, and the powerpc code uses mftbu and mftb for access.  The 601is different than other powerpcs.  It doesn't have a time base register (TBR), but a real time clock (RTC) so it needs to use different calls like mfrtcu/mfrtcl instead.

Program's such as /usr/bin/login and /usr/bin/ssh-keygen are crashing because of this issue:

# gdb /usr/bin/login login.core
GNU gdb (GDB) 8.0.1
...
[New process 1]
Core was generated by `login'.
Program terminated with signal SIGILL, Illegal instruction.
#0  0xfd7d79b0 in OPENSSL_rdtsc () from /usr/lib/libcrypto.so.14
(gdb) bt
#0  0xfd7d79b0 in OPENSSL_rdtsc () from /usr/lib/libcrypto.so.14
#1  0xfd6ec028 in rand_pool_add_additional_data ()
   from /usr/lib/libcrypto.so.14
#2  0xfd6ec650 in rand_drbg_get_additional_data ()
   from /usr/lib/libcrypto.so.14
#3  0xfd6ee660 in RAND_DRBG_bytes () from /usr/lib/libcrypto.so.14
#4  0xfd6ef40c in ?? () from /usr/lib/libcrypto.so.14
#5  0xfd6ed484 in RAND_bytes () from /usr/lib/libcrypto.so.14
#6  0xfda6c7dc in krb5_generate_random () from /usr/lib/libkrb5.so.27
#7  0xfda6c0f8 in krb5_init_context () from /usr/lib/libkrb5.so.27
#8  0xfdac1dcc in pam_sm_authenticate () from /usr/lib/security/pam_krb5.so.4
#9  0xfde74bb8 in openpam_dispatch () from /usr/lib/libpam.so.4
#10 0xfde738c8 in pam_authenticate () from /usr/lib/libpam.so.4
#11 0x018025a4 in main ()


>How-To-Repeat:
boot current and try to login or run ssh-keygen
>Fix:
Here are 2 patches  that worked for me on my powermac 7200.

I'm not sure about the 2nd one, maybe that should be for upstream as it didn't affect the normal make process anywhere as far as I could tell.  It might be a good idea to test on a non-ppc601 or qemu also

Summary of changes:  (A/? = New, R/D = Removed, M = Modified)
=============================================================
M ppccpuid.S

Apply patch with "cd .../src/crypto/external/bsd/openssl/lib/libcrypto/arch/powerpc ; patch -s -p0 < .../patchfile"

Index: ppccpuid.S
===================================================================
RCS file: /cvsroot/src/crypto/external/bsd/openssl/lib/libcrypto/arch/powerpc/ppccpuid.S,v
retrieving revision 1.10
diff -b -u -r1.10 ppccpuid.S
--- ppccpuid.S	4 Mar 2018 03:25:18 -0000	1.10
+++ ppccpuid.S	6 Jan 2019 21:18:04 -0000
@@ -106,11 +106,22 @@
 .type	OPENSSL_rdtsc,@function
 .align	4
 OPENSSL_rdtsc:
+	mfspr	0,287
+	srwi	0,0,0x10
+	cmplwi	0,0x1
+	bgt	.Loop_rdtsc
+.Loop_rdtsc_601:	
+	mfrtcu	5
+	mfrtcl	3
+	mfrtcu	4
+	cmplw	4,5
+	bne	.Loop_rdtsc_601
+	blr
 .Loop_rdtsc:
 	mftbu	5
 	mftb	3
 	mftbu	4
-	.long	0x7c042840
+	.long	0x7c042840	/* XXX what? why not cmplw 4,5 ? */
 	bne	.Loop_rdtsc
 	blr	
 .long	0


Summary of changes:  (A/? = New, R/D = Removed, M = Modified)
=============================================================
M ppccpuid.pl

Apply patch with "cd .../src/crypto/external/bsd/openssl/dist/crypto ; patch -s -p0 < .../patchfile"

Index: ppccpuid.pl
===================================================================
RCS file: /cvsroot/src/crypto/external/bsd/openssl/dist/crypto/ppccpuid.pl,v
retrieving revision 1.6
diff -b -u -r1.6 ppccpuid.pl
--- ppccpuid.pl	8 Feb 2018 21:51:24 -0000	1.6
+++ ppccpuid.pl	6 Jan 2019 21:19:13 -0000
@@ -132,6 +132,17 @@
 	mftb	r3
 ___
 $code.=<<___	if ($flavour !~ /64/);
+	mfspr	r0,287
+	srwi	r0,r0,0x10
+	cmplwi	r0,0x1
+	bgt	.Loop_rdtsc
+.Loop_rdtsc_601:	
+	mfrtcu	r5
+	mfrtcl	r3
+	mfrtcu	r4
+	cmplw	r4,r5
+	bne	.Loop_rdtsc_601
+	blr
 Loop_rdtsc:
 	mftbu	r5
 	mftb	r3

>Release-Note:

>Audit-Trail:
From: "Christos Zoulas" <christos@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/53838 CVS commit: src/crypto/external/bsd/openssl/dist/crypto
Date: Sun, 6 Jan 2019 17:20:50 -0500

 Module Name:	src
 Committed By:	christos
 Date:		Sun Jan  6 22:20:50 UTC 2019

 Modified Files:
 	src/crypto/external/bsd/openssl/dist/crypto: ppccpuid.pl

 Log Message:
 PR/53838: Scole Mail: OPENSSL_rdtsc() is reading a time counter
 for randomness, and the powerpc code uses mftbu and mftb for access.
 The 601 is different than other powerpcs. It doesn't have a time
 base register (TBR), but a real time clock (RTC) so it needs to
 use different calls like mfrtcu/mfrtcl instead.


 To generate a diff of this commit:
 cvs rdiff -u -r1.6 -r1.7 \
     src/crypto/external/bsd/openssl/dist/crypto/ppccpuid.pl

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

From: scole_mail <scole_mail@gmx.com>
To: gnats-bugs@NetBSD.org
Cc: 
Subject: Re: lib/53838: openssl lib OPENSSL_rdtsc() fails on macppc ppc601
Date: Tue, 08 Jan 2019 11:49:55 -0800

 I rebuilt and reinstalled with the changes you checked in. Everything
 seems to work on my ppc601, including sha256 & sha512 commands:
  echo "something" | openssl dgst -sha256
 Feel free to close this PR as you desire.

 Thanks

State-Changed-From-To: open->closed
State-Changed-By: christos@NetBSD.org
State-Changed-When: Tue, 08 Jan 2019 15:23:55 -0500
State-Changed-Why:
submitter verified problem is fixed. thanks!


>Unformatted:
NetBSD Home
NetBSD PR Database Search
(Contact us) $NetBSD: query-full-pr,v 1.43 2018/01/16 07:36:43 maya Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2017 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.