From 890905f946d1ec4d5549161d9db27b165fcf548a Mon Sep 17 00:00:00 2001
From: Frank Denis <124872+jedisct1@users.noreply.github.com>
Date: Wed, 19 Jul 2023 18:27:36 +0200
Subject: [PATCH] Add proper CET support (followup to #1290) (#1291)
---
.../msvc/vs2010/libsodium/libsodium.vcxproj | 1 +
.../libsodium/libsodium.vcxproj.filters | 3 +++
.../msvc/vs2012/libsodium/libsodium.vcxproj | 1 +
.../libsodium/libsodium.vcxproj.filters | 3 +++
.../msvc/vs2013/libsodium/libsodium.vcxproj | 1 +
.../libsodium/libsodium.vcxproj.filters | 3 +++
.../msvc/vs2015/libsodium/libsodium.vcxproj | 1 +
.../libsodium/libsodium.vcxproj.filters | 3 +++
.../msvc/vs2017/libsodium/libsodium.vcxproj | 1 +
.../libsodium/libsodium.vcxproj.filters | 3 +++
.../msvc/vs2019/libsodium/libsodium.vcxproj | 1 +
.../libsodium/libsodium.vcxproj.filters | 3 +++
.../msvc/vs2022/libsodium/libsodium.vcxproj | 1 +
.../libsodium/libsodium.vcxproj.filters | 3 +++
configure.ac | 1 +
libsodium.vcxproj | 1 +
libsodium.vcxproj.filters | 3 +++
src/libsodium/Makefile.am | 1 +
.../curve25519/sandy2x/fe51_mul.S | 3 +++
.../curve25519/sandy2x/fe51_nsquare.S | 2 ++
.../curve25519/sandy2x/fe51_pack.S | 2 ++
.../curve25519/sandy2x/ladder.S | 2 ++
.../curve25519/sandy2x/sandy2x.S | 18 ---------------
.../salsa20/xmm6/salsa20_xmm6-asm.S | 22 ++++---------------
.../include/sodium/private/asm_cet.h | 11 ++++++++++
25 files changed, 58 insertions(+), 36 deletions(-)
create mode 100644 src/libsodium/include/sodium/private/asm_cet.h
diff --git a/builds/msvc/vs2010/libsodium/libsodium.vcxproj b/builds/msvc/vs2010/libsodium/libsodium.vcxproj
index a7678bd5..4b491d42 100644
--- a/builds/msvc/vs2010/libsodium/libsodium.vcxproj
+++ b/builds/msvc/vs2010/libsodium/libsodium.vcxproj
@@ -268,6 +268,7 @@
+
diff --git a/builds/msvc/vs2010/libsodium/libsodium.vcxproj.filters b/builds/msvc/vs2010/libsodium/libsodium.vcxproj.filters
index c6048360..3c4c2d8b 100644
--- a/builds/msvc/vs2010/libsodium/libsodium.vcxproj.filters
+++ b/builds/msvc/vs2010/libsodium/libsodium.vcxproj.filters
@@ -623,6 +623,9 @@
include\sodium\private
+
+ include\sodium\private
+
include\sodium\private
diff --git a/builds/msvc/vs2012/libsodium/libsodium.vcxproj b/builds/msvc/vs2012/libsodium/libsodium.vcxproj
index 3e51e4c7..97e42c28 100644
--- a/builds/msvc/vs2012/libsodium/libsodium.vcxproj
+++ b/builds/msvc/vs2012/libsodium/libsodium.vcxproj
@@ -268,6 +268,7 @@
+
diff --git a/builds/msvc/vs2012/libsodium/libsodium.vcxproj.filters b/builds/msvc/vs2012/libsodium/libsodium.vcxproj.filters
index c6048360..3c4c2d8b 100644
--- a/builds/msvc/vs2012/libsodium/libsodium.vcxproj.filters
+++ b/builds/msvc/vs2012/libsodium/libsodium.vcxproj.filters
@@ -623,6 +623,9 @@
include\sodium\private
+
+ include\sodium\private
+
include\sodium\private
diff --git a/builds/msvc/vs2013/libsodium/libsodium.vcxproj b/builds/msvc/vs2013/libsodium/libsodium.vcxproj
index bd1a2ebb..8ed0ef2b 100644
--- a/builds/msvc/vs2013/libsodium/libsodium.vcxproj
+++ b/builds/msvc/vs2013/libsodium/libsodium.vcxproj
@@ -268,6 +268,7 @@
+
diff --git a/builds/msvc/vs2013/libsodium/libsodium.vcxproj.filters b/builds/msvc/vs2013/libsodium/libsodium.vcxproj.filters
index c6048360..3c4c2d8b 100644
--- a/builds/msvc/vs2013/libsodium/libsodium.vcxproj.filters
+++ b/builds/msvc/vs2013/libsodium/libsodium.vcxproj.filters
@@ -623,6 +623,9 @@
include\sodium\private
+
+ include\sodium\private
+
include\sodium\private
diff --git a/builds/msvc/vs2015/libsodium/libsodium.vcxproj b/builds/msvc/vs2015/libsodium/libsodium.vcxproj
index 451eda2f..5882ae94 100644
--- a/builds/msvc/vs2015/libsodium/libsodium.vcxproj
+++ b/builds/msvc/vs2015/libsodium/libsodium.vcxproj
@@ -268,6 +268,7 @@
+
diff --git a/builds/msvc/vs2015/libsodium/libsodium.vcxproj.filters b/builds/msvc/vs2015/libsodium/libsodium.vcxproj.filters
index c6048360..3c4c2d8b 100644
--- a/builds/msvc/vs2015/libsodium/libsodium.vcxproj.filters
+++ b/builds/msvc/vs2015/libsodium/libsodium.vcxproj.filters
@@ -623,6 +623,9 @@
include\sodium\private
+
+ include\sodium\private
+
include\sodium\private
diff --git a/builds/msvc/vs2017/libsodium/libsodium.vcxproj b/builds/msvc/vs2017/libsodium/libsodium.vcxproj
index 5f897ec1..ffd72001 100644
--- a/builds/msvc/vs2017/libsodium/libsodium.vcxproj
+++ b/builds/msvc/vs2017/libsodium/libsodium.vcxproj
@@ -268,6 +268,7 @@
+
diff --git a/builds/msvc/vs2017/libsodium/libsodium.vcxproj.filters b/builds/msvc/vs2017/libsodium/libsodium.vcxproj.filters
index c6048360..3c4c2d8b 100644
--- a/builds/msvc/vs2017/libsodium/libsodium.vcxproj.filters
+++ b/builds/msvc/vs2017/libsodium/libsodium.vcxproj.filters
@@ -623,6 +623,9 @@
include\sodium\private
+
+ include\sodium\private
+
include\sodium\private
diff --git a/builds/msvc/vs2019/libsodium/libsodium.vcxproj b/builds/msvc/vs2019/libsodium/libsodium.vcxproj
index f929f050..bdd5e5d5 100644
--- a/builds/msvc/vs2019/libsodium/libsodium.vcxproj
+++ b/builds/msvc/vs2019/libsodium/libsodium.vcxproj
@@ -292,6 +292,7 @@
+
diff --git a/builds/msvc/vs2019/libsodium/libsodium.vcxproj.filters b/builds/msvc/vs2019/libsodium/libsodium.vcxproj.filters
index c6048360..3c4c2d8b 100644
--- a/builds/msvc/vs2019/libsodium/libsodium.vcxproj.filters
+++ b/builds/msvc/vs2019/libsodium/libsodium.vcxproj.filters
@@ -623,6 +623,9 @@
include\sodium\private
+
+ include\sodium\private
+
include\sodium\private
diff --git a/builds/msvc/vs2022/libsodium/libsodium.vcxproj b/builds/msvc/vs2022/libsodium/libsodium.vcxproj
index 80034433..20e434f9 100644
--- a/builds/msvc/vs2022/libsodium/libsodium.vcxproj
+++ b/builds/msvc/vs2022/libsodium/libsodium.vcxproj
@@ -221,6 +221,7 @@
+
diff --git a/builds/msvc/vs2022/libsodium/libsodium.vcxproj.filters b/builds/msvc/vs2022/libsodium/libsodium.vcxproj.filters
index c6048360..3c4c2d8b 100644
--- a/builds/msvc/vs2022/libsodium/libsodium.vcxproj.filters
+++ b/builds/msvc/vs2022/libsodium/libsodium.vcxproj.filters
@@ -623,6 +623,9 @@
include\sodium\private
+
+ include\sodium\private
+
include\sodium\private
diff --git a/configure.ac b/configure.ac
index 7a75b8a4..31a726fe 100644
--- a/configure.ac
+++ b/configure.ac
@@ -612,6 +612,7 @@ AC_SUBST(CFLAGS_RDRAND)
AC_CHECK_HEADERS([sys/mman.h sys/param.h sys/random.h intrin.h sys/auxv.h])
AC_CHECK_HEADERS([CommonCrypto/CommonRandom.h])
+AC_CHECK_HEADERS([cet.h])
AC_MSG_CHECKING([if _xgetbv() is available])
AC_LINK_IFELSE(
diff --git a/libsodium.vcxproj b/libsodium.vcxproj
index c7d79c18..269d5895 100644
--- a/libsodium.vcxproj
+++ b/libsodium.vcxproj
@@ -516,6 +516,7 @@
+
diff --git a/libsodium.vcxproj.filters b/libsodium.vcxproj.filters
index f3537044..fd03d1b9 100644
--- a/libsodium.vcxproj.filters
+++ b/libsodium.vcxproj.filters
@@ -614,6 +614,9 @@
Header Files
+
+ Header Files
+
Header Files
diff --git a/src/libsodium/Makefile.am b/src/libsodium/Makefile.am
index b892b92a..1b493a11 100644
--- a/src/libsodium/Makefile.am
+++ b/src/libsodium/Makefile.am
@@ -94,6 +94,7 @@ libsodium_la_SOURCES = \
crypto_stream/salsa20/stream_salsa20.h \
crypto_stream/xsalsa20/stream_xsalsa20.c \
crypto_verify/sodium/verify.c \
+ include/sodium/private/asm_cet.h \
include/sodium/private/chacha20_ietf_ext.h \
include/sodium/private/common.h \
include/sodium/private/ed25519_ref10.h \
diff --git a/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe51_mul.S b/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe51_mul.S
index b659c6c7..e869fdf1 100644
--- a/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe51_mul.S
+++ b/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe51_mul.S
@@ -3,6 +3,7 @@
/*
This file is basically amd64-51/fe25519_mul.s.
*/
+#include "private/asm_cet.h"
#include "fe51_namespace.h"
#include "consts_namespace.h"
.text
@@ -19,6 +20,8 @@ ASM_HIDE_SYMBOL _fe51_mul
#endif
fe51_mul:
_fe51_mul:
+
+_CET_ENDBR
mov %rsp,%r11
and $31,%r11
add $96,%r11
diff --git a/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe51_nsquare.S b/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe51_nsquare.S
index 41c30548..75465b0b 100644
--- a/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe51_nsquare.S
+++ b/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe51_nsquare.S
@@ -4,6 +4,7 @@
This file is adapted from amd64-51/fe25519_square.s:
Adding loop to perform n squares.
*/
+#include "private/asm_cet.h"
#include "fe51_namespace.h"
#include "consts_namespace.h"
.p2align 5
@@ -21,6 +22,7 @@ ASM_HIDE_SYMBOL _fe51_nsquare
fe51_nsquare:
_fe51_nsquare:
+_CET_ENDBR
mov %rsp,%r11
and $31,%r11
add $64,%r11
diff --git a/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe51_pack.S b/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe51_pack.S
index 500c8584..fb7a39a5 100644
--- a/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe51_pack.S
+++ b/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe51_pack.S
@@ -4,6 +4,7 @@
This file is the result of merging
amd64-51/fe25519_pack.c and amd64-51/fe25519_freeze.s.
*/
+#include "private/asm_cet.h"
#include "fe51_namespace.h"
#include "consts_namespace.h"
.p2align 5
@@ -21,6 +22,7 @@ ASM_HIDE_SYMBOL _fe51_pack
fe51_pack:
_fe51_pack:
+_CET_ENDBR
mov %rsp,%r11
and $31,%r11
add $32,%r11
diff --git a/src/libsodium/crypto_scalarmult/curve25519/sandy2x/ladder.S b/src/libsodium/crypto_scalarmult/curve25519/sandy2x/ladder.S
index c5c06021..a25e57b3 100644
--- a/src/libsodium/crypto_scalarmult/curve25519/sandy2x/ladder.S
+++ b/src/libsodium/crypto_scalarmult/curve25519/sandy2x/ladder.S
@@ -1,5 +1,6 @@
#ifdef IN_SANDY2X
+#include "private/asm_cet.h"
#include "ladder_namespace.h"
#include "consts_namespace.h"
.p2align 5
@@ -17,6 +18,7 @@ ASM_HIDE_SYMBOL _ladder
ladder:
_ladder:
+_CET_ENDBR
mov %rsp,%r11
and $31,%r11
add $1856,%r11
diff --git a/src/libsodium/crypto_scalarmult/curve25519/sandy2x/sandy2x.S b/src/libsodium/crypto_scalarmult/curve25519/sandy2x/sandy2x.S
index 65c3e793..1e4659b6 100644
--- a/src/libsodium/crypto_scalarmult/curve25519/sandy2x/sandy2x.S
+++ b/src/libsodium/crypto_scalarmult/curve25519/sandy2x/sandy2x.S
@@ -9,24 +9,6 @@
#include "ladder.S"
#if defined(__linux__) && defined(__ELF__)
-#if defined(__CET__)
-.section .note.gnu.property,"a"
-.p2align 3
-.long 1f - 0f
-.long 4f - 1f
-.long 5
-0:
-.string "GNU"
-1:
-.p2align 3
-.long 0xc0000002
-.long 3f - 2f
-2:
-.long __CET__
-3:
-.p2align 3
-4:
-#endif
.section .note.GNU-stack,"",%progbits
#endif
diff --git a/src/libsodium/crypto_stream/salsa20/xmm6/salsa20_xmm6-asm.S b/src/libsodium/crypto_stream/salsa20/xmm6/salsa20_xmm6-asm.S
index 7bc0c119..9fe30fc0 100644
--- a/src/libsodium/crypto_stream/salsa20/xmm6/salsa20_xmm6-asm.S
+++ b/src/libsodium/crypto_stream/salsa20/xmm6/salsa20_xmm6-asm.S
@@ -1,5 +1,6 @@
#ifdef HAVE_AMD64_ASM
+#include "private/asm_cet.h"
#include "salsa20_xmm6-asm_namespace.h"
.text
@@ -17,6 +18,8 @@ ASM_HIDE_SYMBOL _stream_salsa20_xmm6
#endif
stream_salsa20_xmm6:
_stream_salsa20_xmm6:
+
+_CET_ENDBR
mov %rsp,%r11
and $31,%r11
add $512,%r11
@@ -58,6 +61,7 @@ ASM_HIDE_SYMBOL _stream_salsa20_xmm6_xor_ic
stream_salsa20_xmm6_xor_ic:
_stream_salsa20_xmm6_xor_ic:
+_CET_ENDBR
mov %rsp,%r11
and $31,%r11
add $512,%r11
@@ -958,23 +962,5 @@ jmp ._bytesbetween1and255
#endif
#if defined(__linux__) && defined(__ELF__)
-#if defined(__CET__)
-.section .note.gnu.property,"a"
-.p2align 3
-.long 1f - 0f
-.long 4f - 1f
-.long 5
-0:
-.string "GNU"
-1:
-.p2align 3
-.long 0xc0000002
-.long 3f - 2f
-2:
-.long __CET__
-3:
-.p2align 3
-4:
-#endif
.section .note.GNU-stack,"",%progbits
#endif
diff --git a/src/libsodium/include/sodium/private/asm_cet.h b/src/libsodium/include/sodium/private/asm_cet.h
new file mode 100644
index 00000000..4428c97f
--- /dev/null
+++ b/src/libsodium/include/sodium/private/asm_cet.h
@@ -0,0 +1,11 @@
+#ifndef asm_cet_H
+#define asm_cet_H 1
+
+#if HAVE_CET_H
+# include
+#endif
+#ifndef _CET_ENDBR
+# define _CET_ENDBR
+#endif
+
+#endif