On Tue, Jun 03, 2025 at 12:17:26AM +0000, Shawn Webb wrote: > On Mon, Jun 02, 2025 at 11:33:01PM +0000, Robert Clausecker wrote: > > The branch main has been updated by fuz: > > > > URL: > > https://cgit.FreeBSD.org/src/commit/?id=e698e4a537736f6a7dd9a386e00997d7fb08e83f > > > > commit e698e4a537736f6a7dd9a386e00997d7fb08e83f > > Author: Robert Clausecker <f...@freebsd.org> > > AuthorDate: 2025-06-02 22:54:32 +0000 > > Commit: Robert Clausecker <f...@freebsd.org> > > CommitDate: 2025-06-02 23:27:00 +0000 > > > > lib/libmd: disable SHA1 AVX2 kernel > > > > Seems like there is a bug lurking somewhere in the code. This was not > > caught during my testing. Disable the affected kernel for now while I > > figure out what is wrong with it. > > > > To reproduce, run > > > > jot -s '' -b 'a' -n 1000000 | sha1 > > > > This should yield 34aa973cd4c4daa4f61eeb2bdbad27316534016f, but gives > > fe161a71d7941e3d63a9cacadc4f20716a721944 with the broken code. Only the > > amd64/avx2 kernel is affected, the others seem to operate correctly. > > Out of curiosity, how would one best determine whether they're > affected? Would it be a part of the CPU features shown in > /var/run/dmesg.boot?
Nevermind, running your reproducer above is sufficient. And, it appears that one of my Intel laptops is affected. I do see the following line in /var/run/dmesg.boot: Structured Extended Features=0x1407a9<FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,RDSEED,SMAP> Sorry for the noise. -- Shawn Webb Cofounder / Security Engineer HardenedBSD Signal Username: shawn_webb.74 Tor-ified Signal: +1 303-901-1600 / shawn_webb_opsec.50 https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
signature.asc
Description: PGP signature
