From 890905f946d1ec4d5549161d9db27b165fcf548a Mon Sep 17 00:00:00 2001 From: Frank Denis <124872+jedisct1@users.noreply.github.com> Date: Wed, 19 Jul 2023 18:27:36 +0200 Subject: [PATCH] Add proper CET support (followup to #1290) (#1291) --- .../msvc/vs2010/libsodium/libsodium.vcxproj | 1 + .../libsodium/libsodium.vcxproj.filters | 3 +++ .../msvc/vs2012/libsodium/libsodium.vcxproj | 1 + .../libsodium/libsodium.vcxproj.filters | 3 +++ .../msvc/vs2013/libsodium/libsodium.vcxproj | 1 + .../libsodium/libsodium.vcxproj.filters | 3 +++ .../msvc/vs2015/libsodium/libsodium.vcxproj | 1 + .../libsodium/libsodium.vcxproj.filters | 3 +++ .../msvc/vs2017/libsodium/libsodium.vcxproj | 1 + .../libsodium/libsodium.vcxproj.filters | 3 +++ .../msvc/vs2019/libsodium/libsodium.vcxproj | 1 + .../libsodium/libsodium.vcxproj.filters | 3 +++ .../msvc/vs2022/libsodium/libsodium.vcxproj | 1 + .../libsodium/libsodium.vcxproj.filters | 3 +++ configure.ac | 1 + libsodium.vcxproj | 1 + libsodium.vcxproj.filters | 3 +++ src/libsodium/Makefile.am | 1 + .../curve25519/sandy2x/fe51_mul.S | 3 +++ .../curve25519/sandy2x/fe51_nsquare.S | 2 ++ .../curve25519/sandy2x/fe51_pack.S | 2 ++ .../curve25519/sandy2x/ladder.S | 2 ++ .../curve25519/sandy2x/sandy2x.S | 18 --------------- .../salsa20/xmm6/salsa20_xmm6-asm.S | 22 ++++--------------- .../include/sodium/private/asm_cet.h | 11 ++++++++++ 25 files changed, 58 insertions(+), 36 deletions(-) create mode 100644 src/libsodium/include/sodium/private/asm_cet.h diff --git a/builds/msvc/vs2010/libsodium/libsodium.vcxproj b/builds/msvc/vs2010/libsodium/libsodium.vcxproj index a7678bd5..4b491d42 100644 --- a/builds/msvc/vs2010/libsodium/libsodium.vcxproj +++ b/builds/msvc/vs2010/libsodium/libsodium.vcxproj @@ -268,6 +268,7 @@ + diff --git a/builds/msvc/vs2010/libsodium/libsodium.vcxproj.filters b/builds/msvc/vs2010/libsodium/libsodium.vcxproj.filters index c6048360..3c4c2d8b 100644 --- a/builds/msvc/vs2010/libsodium/libsodium.vcxproj.filters +++ b/builds/msvc/vs2010/libsodium/libsodium.vcxproj.filters @@ -623,6 +623,9 @@ include\sodium\private + + include\sodium\private + include\sodium\private diff --git a/builds/msvc/vs2012/libsodium/libsodium.vcxproj b/builds/msvc/vs2012/libsodium/libsodium.vcxproj index 3e51e4c7..97e42c28 100644 --- a/builds/msvc/vs2012/libsodium/libsodium.vcxproj +++ b/builds/msvc/vs2012/libsodium/libsodium.vcxproj @@ -268,6 +268,7 @@ + diff --git a/builds/msvc/vs2012/libsodium/libsodium.vcxproj.filters b/builds/msvc/vs2012/libsodium/libsodium.vcxproj.filters index c6048360..3c4c2d8b 100644 --- a/builds/msvc/vs2012/libsodium/libsodium.vcxproj.filters +++ b/builds/msvc/vs2012/libsodium/libsodium.vcxproj.filters @@ -623,6 +623,9 @@ include\sodium\private + + include\sodium\private + include\sodium\private diff --git a/builds/msvc/vs2013/libsodium/libsodium.vcxproj b/builds/msvc/vs2013/libsodium/libsodium.vcxproj index bd1a2ebb..8ed0ef2b 100644 --- a/builds/msvc/vs2013/libsodium/libsodium.vcxproj +++ b/builds/msvc/vs2013/libsodium/libsodium.vcxproj @@ -268,6 +268,7 @@ + diff --git a/builds/msvc/vs2013/libsodium/libsodium.vcxproj.filters b/builds/msvc/vs2013/libsodium/libsodium.vcxproj.filters index c6048360..3c4c2d8b 100644 --- a/builds/msvc/vs2013/libsodium/libsodium.vcxproj.filters +++ b/builds/msvc/vs2013/libsodium/libsodium.vcxproj.filters @@ -623,6 +623,9 @@ include\sodium\private + + include\sodium\private + include\sodium\private diff --git a/builds/msvc/vs2015/libsodium/libsodium.vcxproj b/builds/msvc/vs2015/libsodium/libsodium.vcxproj index 451eda2f..5882ae94 100644 --- a/builds/msvc/vs2015/libsodium/libsodium.vcxproj +++ b/builds/msvc/vs2015/libsodium/libsodium.vcxproj @@ -268,6 +268,7 @@ + diff --git a/builds/msvc/vs2015/libsodium/libsodium.vcxproj.filters b/builds/msvc/vs2015/libsodium/libsodium.vcxproj.filters index c6048360..3c4c2d8b 100644 --- a/builds/msvc/vs2015/libsodium/libsodium.vcxproj.filters +++ b/builds/msvc/vs2015/libsodium/libsodium.vcxproj.filters @@ -623,6 +623,9 @@ include\sodium\private + + include\sodium\private + include\sodium\private diff --git a/builds/msvc/vs2017/libsodium/libsodium.vcxproj b/builds/msvc/vs2017/libsodium/libsodium.vcxproj index 5f897ec1..ffd72001 100644 --- a/builds/msvc/vs2017/libsodium/libsodium.vcxproj +++ b/builds/msvc/vs2017/libsodium/libsodium.vcxproj @@ -268,6 +268,7 @@ + diff --git a/builds/msvc/vs2017/libsodium/libsodium.vcxproj.filters b/builds/msvc/vs2017/libsodium/libsodium.vcxproj.filters index c6048360..3c4c2d8b 100644 --- a/builds/msvc/vs2017/libsodium/libsodium.vcxproj.filters +++ b/builds/msvc/vs2017/libsodium/libsodium.vcxproj.filters @@ -623,6 +623,9 @@ include\sodium\private + + include\sodium\private + include\sodium\private diff --git a/builds/msvc/vs2019/libsodium/libsodium.vcxproj b/builds/msvc/vs2019/libsodium/libsodium.vcxproj index f929f050..bdd5e5d5 100644 --- a/builds/msvc/vs2019/libsodium/libsodium.vcxproj +++ b/builds/msvc/vs2019/libsodium/libsodium.vcxproj @@ -292,6 +292,7 @@ + diff --git a/builds/msvc/vs2019/libsodium/libsodium.vcxproj.filters b/builds/msvc/vs2019/libsodium/libsodium.vcxproj.filters index c6048360..3c4c2d8b 100644 --- a/builds/msvc/vs2019/libsodium/libsodium.vcxproj.filters +++ b/builds/msvc/vs2019/libsodium/libsodium.vcxproj.filters @@ -623,6 +623,9 @@ include\sodium\private + + include\sodium\private + include\sodium\private diff --git a/builds/msvc/vs2022/libsodium/libsodium.vcxproj b/builds/msvc/vs2022/libsodium/libsodium.vcxproj index 80034433..20e434f9 100644 --- a/builds/msvc/vs2022/libsodium/libsodium.vcxproj +++ b/builds/msvc/vs2022/libsodium/libsodium.vcxproj @@ -221,6 +221,7 @@ + diff --git a/builds/msvc/vs2022/libsodium/libsodium.vcxproj.filters b/builds/msvc/vs2022/libsodium/libsodium.vcxproj.filters index c6048360..3c4c2d8b 100644 --- a/builds/msvc/vs2022/libsodium/libsodium.vcxproj.filters +++ b/builds/msvc/vs2022/libsodium/libsodium.vcxproj.filters @@ -623,6 +623,9 @@ include\sodium\private + + include\sodium\private + include\sodium\private diff --git a/configure.ac b/configure.ac index 7a75b8a4..31a726fe 100644 --- a/configure.ac +++ b/configure.ac @@ -612,6 +612,7 @@ AC_SUBST(CFLAGS_RDRAND) AC_CHECK_HEADERS([sys/mman.h sys/param.h sys/random.h intrin.h sys/auxv.h]) AC_CHECK_HEADERS([CommonCrypto/CommonRandom.h]) +AC_CHECK_HEADERS([cet.h]) AC_MSG_CHECKING([if _xgetbv() is available]) AC_LINK_IFELSE( diff --git a/libsodium.vcxproj b/libsodium.vcxproj index c7d79c18..269d5895 100644 --- a/libsodium.vcxproj +++ b/libsodium.vcxproj @@ -516,6 +516,7 @@ + diff --git a/libsodium.vcxproj.filters b/libsodium.vcxproj.filters index f3537044..fd03d1b9 100644 --- a/libsodium.vcxproj.filters +++ b/libsodium.vcxproj.filters @@ -614,6 +614,9 @@ Header Files + + Header Files + Header Files diff --git a/src/libsodium/Makefile.am b/src/libsodium/Makefile.am index b892b92a..1b493a11 100644 --- a/src/libsodium/Makefile.am +++ b/src/libsodium/Makefile.am @@ -94,6 +94,7 @@ libsodium_la_SOURCES = \ crypto_stream/salsa20/stream_salsa20.h \ crypto_stream/xsalsa20/stream_xsalsa20.c \ crypto_verify/sodium/verify.c \ + include/sodium/private/asm_cet.h \ include/sodium/private/chacha20_ietf_ext.h \ include/sodium/private/common.h \ include/sodium/private/ed25519_ref10.h \ diff --git a/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe51_mul.S b/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe51_mul.S index b659c6c7..e869fdf1 100644 --- a/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe51_mul.S +++ b/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe51_mul.S @@ -3,6 +3,7 @@ /* This file is basically amd64-51/fe25519_mul.s. */ +#include "private/asm_cet.h" #include "fe51_namespace.h" #include "consts_namespace.h" .text @@ -19,6 +20,8 @@ ASM_HIDE_SYMBOL _fe51_mul #endif fe51_mul: _fe51_mul: + +_CET_ENDBR mov %rsp,%r11 and $31,%r11 add $96,%r11 diff --git a/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe51_nsquare.S b/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe51_nsquare.S index 41c30548..75465b0b 100644 --- a/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe51_nsquare.S +++ b/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe51_nsquare.S @@ -4,6 +4,7 @@ This file is adapted from amd64-51/fe25519_square.s: Adding loop to perform n squares. */ +#include "private/asm_cet.h" #include "fe51_namespace.h" #include "consts_namespace.h" .p2align 5 @@ -21,6 +22,7 @@ ASM_HIDE_SYMBOL _fe51_nsquare fe51_nsquare: _fe51_nsquare: +_CET_ENDBR mov %rsp,%r11 and $31,%r11 add $64,%r11 diff --git a/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe51_pack.S b/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe51_pack.S index 500c8584..fb7a39a5 100644 --- a/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe51_pack.S +++ b/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe51_pack.S @@ -4,6 +4,7 @@ This file is the result of merging amd64-51/fe25519_pack.c and amd64-51/fe25519_freeze.s. */ +#include "private/asm_cet.h" #include "fe51_namespace.h" #include "consts_namespace.h" .p2align 5 @@ -21,6 +22,7 @@ ASM_HIDE_SYMBOL _fe51_pack fe51_pack: _fe51_pack: +_CET_ENDBR mov %rsp,%r11 and $31,%r11 add $32,%r11 diff --git a/src/libsodium/crypto_scalarmult/curve25519/sandy2x/ladder.S b/src/libsodium/crypto_scalarmult/curve25519/sandy2x/ladder.S index c5c06021..a25e57b3 100644 --- a/src/libsodium/crypto_scalarmult/curve25519/sandy2x/ladder.S +++ b/src/libsodium/crypto_scalarmult/curve25519/sandy2x/ladder.S @@ -1,5 +1,6 @@ #ifdef IN_SANDY2X +#include "private/asm_cet.h" #include "ladder_namespace.h" #include "consts_namespace.h" .p2align 5 @@ -17,6 +18,7 @@ ASM_HIDE_SYMBOL _ladder ladder: _ladder: +_CET_ENDBR mov %rsp,%r11 and $31,%r11 add $1856,%r11 diff --git a/src/libsodium/crypto_scalarmult/curve25519/sandy2x/sandy2x.S b/src/libsodium/crypto_scalarmult/curve25519/sandy2x/sandy2x.S index 65c3e793..1e4659b6 100644 --- a/src/libsodium/crypto_scalarmult/curve25519/sandy2x/sandy2x.S +++ b/src/libsodium/crypto_scalarmult/curve25519/sandy2x/sandy2x.S @@ -9,24 +9,6 @@ #include "ladder.S" #if defined(__linux__) && defined(__ELF__) -#if defined(__CET__) -.section .note.gnu.property,"a" -.p2align 3 -.long 1f - 0f -.long 4f - 1f -.long 5 -0: -.string "GNU" -1: -.p2align 3 -.long 0xc0000002 -.long 3f - 2f -2: -.long __CET__ -3: -.p2align 3 -4: -#endif .section .note.GNU-stack,"",%progbits #endif diff --git a/src/libsodium/crypto_stream/salsa20/xmm6/salsa20_xmm6-asm.S b/src/libsodium/crypto_stream/salsa20/xmm6/salsa20_xmm6-asm.S index 7bc0c119..9fe30fc0 100644 --- a/src/libsodium/crypto_stream/salsa20/xmm6/salsa20_xmm6-asm.S +++ b/src/libsodium/crypto_stream/salsa20/xmm6/salsa20_xmm6-asm.S @@ -1,5 +1,6 @@ #ifdef HAVE_AMD64_ASM +#include "private/asm_cet.h" #include "salsa20_xmm6-asm_namespace.h" .text @@ -17,6 +18,8 @@ ASM_HIDE_SYMBOL _stream_salsa20_xmm6 #endif stream_salsa20_xmm6: _stream_salsa20_xmm6: + +_CET_ENDBR mov %rsp,%r11 and $31,%r11 add $512,%r11 @@ -58,6 +61,7 @@ ASM_HIDE_SYMBOL _stream_salsa20_xmm6_xor_ic stream_salsa20_xmm6_xor_ic: _stream_salsa20_xmm6_xor_ic: +_CET_ENDBR mov %rsp,%r11 and $31,%r11 add $512,%r11 @@ -958,23 +962,5 @@ jmp ._bytesbetween1and255 #endif #if defined(__linux__) && defined(__ELF__) -#if defined(__CET__) -.section .note.gnu.property,"a" -.p2align 3 -.long 1f - 0f -.long 4f - 1f -.long 5 -0: -.string "GNU" -1: -.p2align 3 -.long 0xc0000002 -.long 3f - 2f -2: -.long __CET__ -3: -.p2align 3 -4: -#endif .section .note.GNU-stack,"",%progbits #endif diff --git a/src/libsodium/include/sodium/private/asm_cet.h b/src/libsodium/include/sodium/private/asm_cet.h new file mode 100644 index 00000000..4428c97f --- /dev/null +++ b/src/libsodium/include/sodium/private/asm_cet.h @@ -0,0 +1,11 @@ +#ifndef asm_cet_H +#define asm_cet_H 1 + +#if HAVE_CET_H +# include +#endif +#ifndef _CET_ENDBR +# define _CET_ENDBR +#endif + +#endif