On Mon, 2020-03-09 at 08:33 -0700, H.J. Lu wrote: > On Mon, Mar 9, 2020 at 5:36 AM Simo Sorce <[email protected]> wrote: > > On Sat, 2020-03-07 at 17:49 +0100, Niels Möller wrote: > > > "H.J. Lu" <[email protected]> writes: > > > > > > > Intel Control-flow Enforcement Technology (CET): > > > > > > > > https://software.intel.com/en-us/articles/intel-sdm > > > > > > > > contains shadow stack (SHSTK) and indirect branch tracking (IBT). When > > > > CET is enabled, ELF object files must be marked with .note.gnu.property > > > > section. Also when IBT is enabled, all indirect branch targets must > > > > start with ENDBR instruction. > > > > > > > > This patch adds X86_ENDBR and the CET marker to config.m4.in when CET > > > > is enabled. It updates PROLOGUE with X86_ENDBR. > > > > > > I'd like to have a look at what gcc produces. How is it enabled with > > > gcc? In the docs, I find > > > > > > -mshstk > > > > > > The -mshstk option enables shadow stack built-in functions from x86 > > > Control-flow Enforcement Technology (CET). > > > > > > but when I try compiling a trivial function, > > > > > > $ cat foo-cet.c > > > int foo(void) {return 0;} > > > $ gcc -save-temps -c -mshstk foo-cet.c > > > > > > I get no endbr instruction and no note in the foo-cet.s. I'm using > > > gcc-8.3. I do get an > > > > > > .section .note.GNU-stack,"",@progbits > > > > > > corresponding to Nettle's ASM_MARK_NOEXEC_STACK > > > > > > > --- a/config.m4.in > > > > +++ b/config.m4.in > > > > @@ -8,6 +8,10 @@ define(<ALIGN_LOG>, <@ASM_ALIGN_LOG@>)dnl > > > > define(<W64_ABI>, <@W64_ABI@>)dnl > > > > define(<RODATA>, <@ASM_RODATA@>)dnl > > > > define(<WORDS_BIGENDIAN>, <@ASM_WORDS_BIGENDIAN@>)dnl > > > > +define(<X86_ENDBR>,<@X86_ENDBR@>)dnl > > > > +divert(1) > > > > +@X86_GNU_PROPERTY@ > > > > +divert > > > > divert(1) > > > > @ASM_MARK_NOEXEC_STACK@ > > > > divert > > > > > > You can put the two properties in the same m4 divert. Also, please > > > rename the autoconf substitutions with ASM_ prefix, and something more > > > descriptive than X64_GNU_PROPERTY. E.g., ASM_X86_ENDBR and > > > ASM_X86_MARK_CET. > > > > > > > diff --git a/configure.ac b/configure.ac > > > > index ba3ab7c6..e9ed630c 100644 > > > > --- a/configure.ac > > > > +++ b/configure.ac > > > > @@ -803,6 +803,82 @@ EOF > > > > ASM_ALIGN_LOG="$nettle_cv_asm_align_log" > > > > fi > > > > > > > > +dnl Define > > > > +dnl 1. X86_ENDBR for endbr32/endbr64. > > > > +dnl 2. X86_GNU_PROPERTY to add a .note.gnu.property section to mark > > > > +dnl Intel CET support if needed. > > > > +dnl .section ".note.gnu.property", "a" > > > > +dnl .p2align POINTER-ALIGN > > > > +dnl .long 1f - 0f > > > > +dnl .long 4f - 1f > > > > +dnl .long 5 > > > > +dnl 0: > > > > +dnl .asciz "GNU" > > > > +dnl 1: > > > > +dnl .p2align POINTER-ALIGN > > > > +dnl .long 0xc0000002 > > > > +dnl .long 3f - 2f > > > > +dnl 2: > > > > +dnl .long 3 > > > > +dnl 3: > > > > +dnl .p2align POINTER-ALIGN > > > > +dnl 4: > > > > > > No need to repeat the definition in full in this comment. And as I think > > > I've said before, I'm a bit surprised that it needs to be this verbose. > > > > > > > +AC_CACHE_CHECK([if Intel CET is enabled], > > > > + [nettle_cv_asm_x86_intel_cet], > > > > + [AC_TRY_COMPILE([ > > > > +#ifndef __CET__ > > > > +#error Intel CET is not enabled > > > > +#endif > > > > + ], [], > > > > + [nettle_cv_asm_x86_intel_cet=yes], > > > > + [nettle_cv_asm_x86_intel_cet=no])]) > > > > +if test "$nettle_cv_asm_x86_intel_cet" = yes; then > > > > + case $ABI in > > > > + 32|standard) > > > > + X86_ENDBR=endbr32 > > > > + p2align=2 > > > > + ;; > > > > + 64) > > > > + X86_ENDBR=endbr64 > > > > + p2align=3 > > > > + ;; > > > > + x32) > > > > + X86_ENDBR=endbr64 > > > > + p2align=2 > > > > + ;; > > > > + esac > > > > + AC_CACHE_CHECK([if .note.gnu.property section is needed], > > > > + [nettle_cv_asm_x86_gnu_property], > > > > + [AC_TRY_COMPILE([ > > > > +#if !defined __ELF__ || !defined __CET__ > > > > +#error GNU property is not needed > > > > +#endif > > > > + ], [], > > > > + [nettle_cv_asm_x86_gnu_property=yes], > > > > + [nettle_cv_asm_x86_gnu_property=no])]) > > > > +else > > > > + nettle_cv_asm_x86_gnu_property=no > > > > +fi > > > > +if test "$nettle_cv_asm_x86_gnu_property" = yes; then > > > > + X86_GNU_PROPERTY=" > > > > + .section \".note.gnu.property\", \"a\" > > > > + .p2align $p2align > > > > + .long 1f - 0f > > > > + .long 4f - 1f > > > > + .long 5 > > > > +0: > > > > + .asciz \"GNU\" > > > > +1: > > > > + .p2align $p2align > > > > + .long 0xc0000002 > > > > + .long 3f - 2f > > > > +2: > > > > + .long 3 > > > > +3: > > > > + .p2align $p2align > > > > +4:" > > > > +fi > > > > > > Maybe a bit easier to read if you use single quotes for > > > X86_GNU_PROPERTY='...', don't escape the inner double quotes. That > > > leaves the expansion of $p2align, maybe it's better to define a separate > > > substituted variable for pointer alignment? (If there's no easier way to > > > enforce pointer-alignment). > > > > Niels, > > I sent patches longa few months ago on the list to enable CET, they > > already went through review, any reason why we are looking at a > > different set and restarting review from scratch now? > > > > (sorry for not catching earlier, we seem to be having some delivery > > issues and sometimes mailing list post are not reaching me, please keep > > me in direct CC for now, hopefully that will help :-/ ) > > > > Hi Simo, > > master branch doesn't contain any CET support. Can you share your patch > with me? I will give it a try on CET processor. > > Thanks.
The patchset i solder than I did remember, April 2019 But I recall running at least one version of it on our CET emulator @ Red Hat. HTH, Simo. -- Simo Sorce RHEL Crypto Team Red Hat, Inc
From dcf9de29114bb4137b12787685cebfcfd962ad5f Mon Sep 17 00:00:00 2001 From: Simo Sorce <[email protected]> Date: Fri, 26 Apr 2019 13:12:53 -0400 Subject: [PATCH 1/4] Add missing EPILOGUEs in assembly files Signed-off-by: Simo Sorce <[email protected]> --- x86_64/poly1305-internal.asm | 1 + x86_64/serpent-decrypt.asm | 1 + x86_64/serpent-encrypt.asm | 1 + 3 files changed, 3 insertions(+) diff --git a/x86_64/poly1305-internal.asm b/x86_64/poly1305-internal.asm index c780d122..98159ad3 100644 --- a/x86_64/poly1305-internal.asm +++ b/x86_64/poly1305-internal.asm @@ -182,4 +182,5 @@ define(<T1>, <%rax>) mov XREG(%rax), P1305_H2 (CTX) W64_EXIT(2, 0) ret +EPILOGUE(nettle_poly1305_digest) diff --git a/x86_64/serpent-decrypt.asm b/x86_64/serpent-decrypt.asm index ee4bf9ad..031c41c8 100644 --- a/x86_64/serpent-decrypt.asm +++ b/x86_64/serpent-decrypt.asm @@ -713,3 +713,4 @@ PROLOGUE(nettle_serpent_decrypt) pop %rbx W64_EXIT(4, 13) ret +EPILOGUE(nettle_serpent_decrypt) diff --git a/x86_64/serpent-encrypt.asm b/x86_64/serpent-encrypt.asm index d6636537..99cba00c 100644 --- a/x86_64/serpent-encrypt.asm +++ b/x86_64/serpent-encrypt.asm @@ -748,3 +748,4 @@ C parallell. pop %rbx W64_EXIT(4, 13) ret +EPILOGUE(nettle_serpent_encrypt) -- 2.20.1
From af9b9379fdad760589acddb186620dcc7d994e8e Mon Sep 17 00:00:00 2001 From: Simo Sorce <[email protected]> Date: Wed, 24 Apr 2019 16:13:59 -0400 Subject: [PATCH 2/4] Fix generation of build notes if supported This is needed to build correctly on platfroms that use hardening flags and build notes on .c files. Signed-off-by: Simo Sorce <[email protected]> --- Makefile.in | 4 +++- configure.ac | 22 ++++++++++++++++++++++ 2 files changed, 25 insertions(+), 1 deletion(-) diff --git a/Makefile.in b/Makefile.in index 440de9f7..4e603047 100644 --- a/Makefile.in +++ b/Makefile.in @@ -17,6 +17,8 @@ OPT_HOGWEED_OBJS = @OPT_HOGWEED_OBJS@ OPT_NETTLE_SOURCES = @OPT_NETTLE_SOURCES@ +ASM_GEN_BUILD_NOTES = @ASM_GEN_BUILD_NOTES@ + SUBDIRS = tools testsuite examples include config.make @@ -396,7 +398,7 @@ ecc-25519.$(OBJEXT): ecc-25519.h .asm.$(OBJEXT): $(srcdir)/asm.m4 machine.m4 config.m4 $(M4) $(srcdir)/asm.m4 machine.m4 config.m4 $< >$*.s - $(COMPILE) -c $*.s + $(COMPILE) -c $*.s $(ASM_GEN_BUILD_NOTES) @echo "$@ : $< $(srcdir)/asm.m4 machine.m4 config.m4" >[email protected] # Texinfo rules diff --git a/configure.ac b/configure.ac index 00d2bf5d..ac921df0 100644 --- a/configure.ac +++ b/configure.ac @@ -702,6 +702,7 @@ ASM_TYPE_FUNCTION='@function' ASM_TYPE_PROGBITS='@progbits' ASM_MARK_NOEXEC_STACK='' ASM_ALIGN_LOG='' +ASM_GEN_BUILD_NOTES='' if test x$enable_assembler = xyes ; then AC_CACHE_CHECK([if globals are prefixed by underscore], @@ -812,6 +813,26 @@ EOF [nettle_cv_asm_align_log=yes], [nettle_cv_asm_align_log=no])]) ASM_ALIGN_LOG="$nettle_cv_asm_align_log" + + AC_CACHE_CHECK([if --generate-missing-build-notes is supported], + nettle_cv_asm_build_notes, + [ # Default + nettle_cv_asm_build_notes=no + + cat >conftest.s << EOF +.text +EOF + FLAG="-Wa,--generate-missing-build-notes=yes" + nettle_assemble="$CC $CFLAGS $CPPFLAGS -c conftest.s $FLAG >conftest.out 2>&1" + if AC_TRY_EVAL(nettle_assemble); then + nettle_cv_asm_build_notes=yes + else + nettle_cv_asm_build_notes=no + fi + rm -f conftest.*]) + if test x$nettle_cv_asm_build_notes = xyes ; then + ASM_GEN_BUILD_NOTES='-Wa,--generate-missing-build-notes=yes' + fi fi AC_SUBST(ASM_SYMBOL_PREFIX) @@ -823,6 +844,7 @@ AC_SUBST(ASM_MARK_NOEXEC_STACK) AC_SUBST(ASM_ALIGN_LOG) AC_SUBST(W64_ABI) AC_SUBST(ASM_WORDS_BIGENDIAN) +AC_SUBST(ASM_GEN_BUILD_NOTES) AC_SUBST(EMULATOR) AC_SUBST(LIBNETTLE_MAJOR) -- 2.20.1
From a11dd90fc89767609be7729973bf9be0f8809d20 Mon Sep 17 00:00:00 2001 From: Simo Sorce <[email protected]> Date: Tue, 23 Apr 2019 18:03:35 -0400 Subject: [PATCH 3/4] Add Intel CET protection support In upcoming processors Intel will make available Control-Flow Enforcement Technology, which is comprised of two hardware countermeasures against Return-Oriented Programming attacks. The first is called Shadow Stack and checks that return from function calls are not tampered with by keeping a shadow stack that cannot be modified by applications. This measure requires no code changes (except for code that intentionally modifies the return pointer on the stack). The second is called Indirect Branch Tracking and is used to insure only targets of indirect jumps are actually jumped to. This requires modification of code to insert a special instruction that identifies a valid indirect jump target. When enforcement is turned on, if an indirect jump does not end on this special instruction the cpu raises an exception. These instructions are noops on older CPU models so it is safe to use them in all x86(_64) code. To enable these protections GCC also introduces a new GNU property note section that marks a piece of code as CET ready. If the note is in place the dynamic linker will be able to confirm that all loaded libraries support CET and will turn on CET protection for the binary. The changes here consist mostly in adding the GNU property note section to all x86(_64) assembly files and the proper ENDBRANCH instruction for the function entrypoints which is where other code calls into via indirect call. Signed-off-by: Simo Sorce <[email protected]> --- asm.m4 | 3 ++- config.m4.in | 2 ++ configure.ac | 17 +++++++++++++ x86/aes-decrypt-internal.asm | 1 + x86/aes-encrypt-internal.asm | 1 + x86/arcfour-crypt.asm | 1 + x86/camellia-crypt-internal.asm | 1 + x86/machine.m4 | 35 +++++++++++++++++++++++++++ x86/md5-compress.asm | 1 + x86/sha1-compress.asm | 1 + x86_64/aes-decrypt-internal.asm | 1 + x86_64/aes-encrypt-internal.asm | 1 + x86_64/aesni/aes-decrypt-internal.asm | 1 + x86_64/aesni/aes-encrypt-internal.asm | 1 + x86_64/camellia-crypt-internal.asm | 1 + x86_64/chacha-core-internal.asm | 1 + x86_64/fat/cpuid.asm | 2 +- x86_64/gcm-hash8.asm | 1 + x86_64/machine.m4 | 35 +++++++++++++++++++++++++++ x86_64/md5-compress.asm | 1 + x86_64/memxor.asm | 1 + x86_64/memxor3.asm | 1 + x86_64/poly1305-internal.asm | 1 + x86_64/salsa20-core-internal.asm | 1 + x86_64/salsa20-crypt.asm | 1 + x86_64/serpent-decrypt.asm | 1 + x86_64/serpent-encrypt.asm | 1 + x86_64/sha1-compress.asm | 1 + x86_64/sha256-compress.asm | 1 + x86_64/sha3-permute.asm | 1 + x86_64/sha512-compress.asm | 1 + x86_64/sha_ni/sha1-compress.asm | 1 + x86_64/sha_ni/sha256-compress.asm | 1 + x86_64/umac-nh-n.asm | 1 + x86_64/umac-nh.asm | 1 + 35 files changed, 121 insertions(+), 2 deletions(-) diff --git a/asm.m4 b/asm.m4 index 8da47201..5a5d4ac2 100644 --- a/asm.m4 +++ b/asm.m4 @@ -32,7 +32,8 @@ define(<GMP_NUMB_BITS>,<>)dnl define(<PROLOGUE>, <.globl C_NAME($1) DECLARE_FUNC(C_NAME($1)) -C_NAME($1):>) +C_NAME($1): +CET_ENDBR>) define(<EPILOGUE>, <ifelse(ELF_STYLE,yes, diff --git a/config.m4.in b/config.m4.in index 11f90a40..c3ebad60 100644 --- a/config.m4.in +++ b/config.m4.in @@ -8,6 +8,8 @@ define(<ALIGN_LOG>, <@ASM_ALIGN_LOG@>)dnl define(<W64_ABI>, <@W64_ABI@>)dnl define(<RODATA>, <@ASM_RODATA@>)dnl define(<WORDS_BIGENDIAN>, <@ASM_WORDS_BIGENDIAN@>)dnl +define(<CET_PROTECTION>, <@ASM_CET_PROTECTION@>)dnl +define(<CET_ENDBR>, <@ASM_CET_ENDBR@>)dnl divert(1) @ASM_MARK_NOEXEC_STACK@ divert diff --git a/configure.ac b/configure.ac index ac921df0..7beb35d9 100644 --- a/configure.ac +++ b/configure.ac @@ -93,6 +93,10 @@ AC_ARG_ENABLE(mini-gmp, AC_HELP_STRING([--enable-mini-gmp], [Enable mini-gmp, used instead of libgmp.]),, [enable_mini_gmp=no]) +AC_ARG_ENABLE(cet-protection, + AC_HELP_STRING([--enable-cet-protection], [Enable intel CET protection instructions. (default=no)]),, + [enable_cet_protection=no]) + if test "x$enable_mini_gmp" = xyes ; then NETTLE_USE_MINI_GMP=1 HOGWEED_EXTRA_SYMBOLS="mpz_*;gmp_*;mpn_*;mp_*;" @@ -701,6 +705,8 @@ ASM_COFF_STYLE='no' ASM_TYPE_FUNCTION='@function' ASM_TYPE_PROGBITS='@progbits' ASM_MARK_NOEXEC_STACK='' +ASM_CET_PROTECTION='no' +ASM_CET_ENDBR='' ASM_ALIGN_LOG='' ASM_GEN_BUILD_NOTES='' @@ -833,6 +839,15 @@ EOF if test x$nettle_cv_asm_build_notes = xyes ; then ASM_GEN_BUILD_NOTES='-Wa,--generate-missing-build-notes=yes' fi + + if test "x$enable_cet_protection" = xyes ; then + ASM_CET_PROTECTION=yes + if test "$ABI" = 64 ; then + ASM_CET_ENDBR=endbr64 + else + ASM_CET_ENDBR=endbr32 + fi + fi fi AC_SUBST(ASM_SYMBOL_PREFIX) @@ -845,6 +860,8 @@ AC_SUBST(ASM_ALIGN_LOG) AC_SUBST(W64_ABI) AC_SUBST(ASM_WORDS_BIGENDIAN) AC_SUBST(ASM_GEN_BUILD_NOTES) +AC_SUBST(ASM_CET_PROTECTION) +AC_SUBST(ASM_CET_ENDBR) AC_SUBST(EMULATOR) AC_SUBST(LIBNETTLE_MAJOR) diff --git a/x86/aes-decrypt-internal.asm b/x86/aes-decrypt-internal.asm index ff535b6a..1d16f6db 100644 --- a/x86/aes-decrypt-internal.asm +++ b/x86/aes-decrypt-internal.asm @@ -175,3 +175,4 @@ PROLOGUE(_nettle_aes_decrypt) popl %ebx ret EPILOGUE(_nettle_aes_decrypt) +GNU_CET_SECTION() diff --git a/x86/aes-encrypt-internal.asm b/x86/aes-encrypt-internal.asm index 934158f7..d9579e04 100644 --- a/x86/aes-encrypt-internal.asm +++ b/x86/aes-encrypt-internal.asm @@ -175,3 +175,4 @@ PROLOGUE(_nettle_aes_encrypt) popl %ebx ret EPILOGUE(_nettle_aes_encrypt) +GNU_CET_SECTION() diff --git a/x86/arcfour-crypt.asm b/x86/arcfour-crypt.asm index df3fe869..11f592e7 100644 --- a/x86/arcfour-crypt.asm +++ b/x86/arcfour-crypt.asm @@ -123,3 +123,4 @@ C .Lloop_done: popl %ebx ret EPILOGUE(nettle_arcfour_crypt) +GNU_CET_SECTION() diff --git a/x86/camellia-crypt-internal.asm b/x86/camellia-crypt-internal.asm index ce8c57f0..afac1fcc 100644 --- a/x86/camellia-crypt-internal.asm +++ b/x86/camellia-crypt-internal.asm @@ -223,3 +223,4 @@ PROLOGUE(_nettle_camellia_crypt) popl %ebx ret EPILOGUE(_nettle_camellia_crypt) +GNU_CET_SECTION() diff --git a/x86/machine.m4 b/x86/machine.m4 index 38bee366..1153c757 100644 --- a/x86/machine.m4 +++ b/x86/machine.m4 @@ -14,3 +14,38 @@ define(<HREG>,<ifelse( $1, %ebx, %bh, $1, %ecx, %ch, $1, %edx, %dh)>)dnl + +dnl GNU properties section to enable CET protections macros +dnl For more info on the technology: +dnl https://software.intel.com/sites/default/files/managed/4d/2a/control-flow-enforcement-technology-preview.pdf + +dnl GNU Poperty type +define(<NT_GNU_PROPERTY_TYPE_0>, <5>) +dnl GNU Program Property Type range +define(GNU_PROPERTY_X86_UINT32_AND_LO, <0xc0000002>) +dnl Indirect Branch Tracking +define(<GNU_PROPERTY_X86_FEATURE_1_IBT>, <0x01>) +dnl Shadow Stack +define(<GNU_PROPERTY_X86_FEATURE_1_SHSTK>, <0x02>) + +dnl NOTE: GNU Property sections MUST have alignment of 8 +define(<GNU_CET_SECTION>, +<ifelse(CET_PROTECTION,yes, +<.pushsection .note.gnu.property,"a" +ALIGN(8) +.long 1f - 0f +.long 4f - 1f +.long NT_GNU_PROPERTY_TYPE_0() +0: +.string "GNU" +1: +ALIGN(8) +.long GNU_PROPERTY_X86_UINT32_AND_LO() +.long 3f - 2f +2: +.long eval(GNU_PROPERTY_X86_FEATURE_1_IBT() | GNU_PROPERTY_X86_FEATURE_1_SHSTK()) +3: +ALIGN(8) +4: +.popsection +>,<>)>) diff --git a/x86/md5-compress.asm b/x86/md5-compress.asm index c849c082..6293f052 100644 --- a/x86/md5-compress.asm +++ b/x86/md5-compress.asm @@ -185,3 +185,4 @@ PROLOGUE(nettle_md5_compress) popl %ebx ret EPILOGUE(nettle_md5_compress) +GNU_CET_SECTION() diff --git a/x86/sha1-compress.asm b/x86/sha1-compress.asm index 03bdcdc9..4e1f121c 100644 --- a/x86/sha1-compress.asm +++ b/x86/sha1-compress.asm @@ -1541,6 +1541,7 @@ C ROUND_F2(SB, SC, SD, SE, SA, 79, K4VALUE) popl %ebx ret EPILOGUE(nettle_sha1_compress) +GNU_CET_SECTION() C TODO: diff --git a/x86_64/aes-decrypt-internal.asm b/x86_64/aes-decrypt-internal.asm index 43f2f394..eedfaaf0 100644 --- a/x86_64/aes-decrypt-internal.asm +++ b/x86_64/aes-decrypt-internal.asm @@ -150,3 +150,4 @@ PROLOGUE(_nettle_aes_decrypt) W64_EXIT(6, 0) ret EPILOGUE(_nettle_aes_decrypt) +GNU_CET_SECTION() diff --git a/x86_64/aes-encrypt-internal.asm b/x86_64/aes-encrypt-internal.asm index dfb498f5..3a5a1e86 100644 --- a/x86_64/aes-encrypt-internal.asm +++ b/x86_64/aes-encrypt-internal.asm @@ -151,3 +151,4 @@ PROLOGUE(_nettle_aes_encrypt) W64_EXIT(6, 0) ret EPILOGUE(_nettle_aes_encrypt) +GNU_CET_SECTION() diff --git a/x86_64/aesni/aes-decrypt-internal.asm b/x86_64/aesni/aes-decrypt-internal.asm index 3d6d6e30..1b1a1a4d 100644 --- a/x86_64/aesni/aes-decrypt-internal.asm +++ b/x86_64/aesni/aes-decrypt-internal.asm @@ -132,3 +132,4 @@ PROLOGUE(_nettle_aes_decrypt) W64_EXIT(6, 16) ret EPILOGUE(_nettle_aes_decrypt) +GNU_CET_SECTION() diff --git a/x86_64/aesni/aes-encrypt-internal.asm b/x86_64/aesni/aes-encrypt-internal.asm index 99caf1f8..f7338ef6 100644 --- a/x86_64/aesni/aes-encrypt-internal.asm +++ b/x86_64/aesni/aes-encrypt-internal.asm @@ -132,3 +132,4 @@ PROLOGUE(_nettle_aes_encrypt) W64_EXIT(6, 16) ret EPILOGUE(_nettle_aes_encrypt) +GNU_CET_SECTION() diff --git a/x86_64/camellia-crypt-internal.asm b/x86_64/camellia-crypt-internal.asm index 040e030f..71750172 100644 --- a/x86_64/camellia-crypt-internal.asm +++ b/x86_64/camellia-crypt-internal.asm @@ -200,3 +200,4 @@ PROLOGUE(_nettle_camellia_crypt) W64_EXIT(6, 0) ret EPILOGUE(_nettle_camellia_crypt) +GNU_CET_SECTION() diff --git a/x86_64/chacha-core-internal.asm b/x86_64/chacha-core-internal.asm index 9e5dc394..3125dee7 100644 --- a/x86_64/chacha-core-internal.asm +++ b/x86_64/chacha-core-internal.asm @@ -126,3 +126,4 @@ PROLOGUE(_nettle_chacha_core) W64_EXIT(3, 6) ret EPILOGUE(_nettle_chacha_core) +GNU_CET_SECTION() diff --git a/x86_64/fat/cpuid.asm b/x86_64/fat/cpuid.asm index f317d56e..c4a5b538 100644 --- a/x86_64/fat/cpuid.asm +++ b/x86_64/fat/cpuid.asm @@ -56,4 +56,4 @@ PROLOGUE(_nettle_cpuid) W64_EXIT(2) ret EPILOGUE(_nettle_cpuid) - +GNU_CET_SECTION() diff --git a/x86_64/gcm-hash8.asm b/x86_64/gcm-hash8.asm index bfaa6ef8..54608ae8 100644 --- a/x86_64/gcm-hash8.asm +++ b/x86_64/gcm-hash8.asm @@ -199,6 +199,7 @@ ALIGN(16) jnz .Lread_loop ret EPILOGUE(_nettle_gcm_hash8) +GNU_CET_SECTION() define(<W>, <0x$2$1>) RODATA diff --git a/x86_64/machine.m4 b/x86_64/machine.m4 index 397e9b25..a64241ce 100644 --- a/x86_64/machine.m4 +++ b/x86_64/machine.m4 @@ -171,3 +171,38 @@ define(<W64_EXIT>, < ]) changequote(<,>)dnl >) + +dnl GNU properties section to enable CET protections macros +dnl For more info on the technology: +dnl https://software.intel.com/sites/default/files/managed/4d/2a/control-flow-enforcement-technology-preview.pdf + +dnl GNU Poperty type +define(<NT_GNU_PROPERTY_TYPE_0>, <5>) +dnl GNU Program Property Type range +define(GNU_PROPERTY_X86_UINT32_AND_LO, <0xc0000002>) +dnl Indirect Branch Tracking +define(<GNU_PROPERTY_X86_FEATURE_1_IBT>, <0x01>) +dnl Shadow Stack +define(<GNU_PROPERTY_X86_FEATURE_1_SHSTK>, <0x02>) + +dnl NOTE: GNU Property sections MUST have alignment of 8 +define(<GNU_CET_SECTION>, +<ifelse(CET_PROTECTION,yes, +<.pushsection .note.gnu.property,"a" +ALIGN(8) +.long 1f - 0f +.long 4f - 1f +.long NT_GNU_PROPERTY_TYPE_0() +0: +.string "GNU" +1: +ALIGN(8) +.long GNU_PROPERTY_X86_UINT32_AND_LO() +.long 3f - 2f +2: +.long eval(GNU_PROPERTY_X86_FEATURE_1_IBT() | GNU_PROPERTY_X86_FEATURE_1_SHSTK()) +3: +ALIGN(8) +4: +.popsection +>,<>)>) diff --git a/x86_64/md5-compress.asm b/x86_64/md5-compress.asm index 182b8f18..ef1fcb89 100644 --- a/x86_64/md5-compress.asm +++ b/x86_64/md5-compress.asm @@ -174,3 +174,4 @@ PROLOGUE(nettle_md5_compress) ret EPILOGUE(nettle_md5_compress) +GNU_CET_SECTION() diff --git a/x86_64/memxor.asm b/x86_64/memxor.asm index f07f0017..a0ea94b4 100644 --- a/x86_64/memxor.asm +++ b/x86_64/memxor.asm @@ -171,3 +171,4 @@ ifdef(<USE_SSE2>, < >) EPILOGUE(nettle_memxor) +GNU_CET_SECTION() diff --git a/x86_64/memxor3.asm b/x86_64/memxor3.asm index 8ff3e79c..b0c0e35c 100644 --- a/x86_64/memxor3.asm +++ b/x86_64/memxor3.asm @@ -261,3 +261,4 @@ ifelse(USE_SSE2, yes, < EPILOGUE(nettle_memxor3) +GNU_CET_SECTION() diff --git a/x86_64/poly1305-internal.asm b/x86_64/poly1305-internal.asm index 98159ad3..3737450f 100644 --- a/x86_64/poly1305-internal.asm +++ b/x86_64/poly1305-internal.asm @@ -184,3 +184,4 @@ define(<T1>, <%rax>) ret EPILOGUE(nettle_poly1305_digest) +GNU_CET_SECTION() diff --git a/x86_64/salsa20-core-internal.asm b/x86_64/salsa20-core-internal.asm index 4ef07be0..c1690880 100644 --- a/x86_64/salsa20-core-internal.asm +++ b/x86_64/salsa20-core-internal.asm @@ -109,3 +109,4 @@ PROLOGUE(_nettle_salsa20_core) W64_EXIT(3, 9) ret EPILOGUE(_nettle_salsa20_core) +GNU_CET_SECTION() diff --git a/x86_64/salsa20-crypt.asm b/x86_64/salsa20-crypt.asm index cc1d58ca..e0348956 100644 --- a/x86_64/salsa20-crypt.asm +++ b/x86_64/salsa20-crypt.asm @@ -245,3 +245,4 @@ PROLOGUE(nettle_salsa20_crypt) ret EPILOGUE(nettle_salsa20_crypt) +GNU_CET_SECTION() diff --git a/x86_64/serpent-decrypt.asm b/x86_64/serpent-decrypt.asm index 031c41c8..5f03fa4b 100644 --- a/x86_64/serpent-decrypt.asm +++ b/x86_64/serpent-decrypt.asm @@ -714,3 +714,4 @@ PROLOGUE(nettle_serpent_decrypt) W64_EXIT(4, 13) ret EPILOGUE(nettle_serpent_decrypt) +GNU_CET_SECTION() diff --git a/x86_64/serpent-encrypt.asm b/x86_64/serpent-encrypt.asm index 99cba00c..6bee5d18 100644 --- a/x86_64/serpent-encrypt.asm +++ b/x86_64/serpent-encrypt.asm @@ -749,3 +749,4 @@ C parallell. W64_EXIT(4, 13) ret EPILOGUE(nettle_serpent_encrypt) +GNU_CET_SECTION() diff --git a/x86_64/sha1-compress.asm b/x86_64/sha1-compress.asm index dd48de0e..54dfa313 100644 --- a/x86_64/sha1-compress.asm +++ b/x86_64/sha1-compress.asm @@ -305,3 +305,4 @@ PROLOGUE(nettle_sha1_compress) W64_EXIT(2, 0) ret EPILOGUE(nettle_sha1_compress) +GNU_CET_SECTION() diff --git a/x86_64/sha256-compress.asm b/x86_64/sha256-compress.asm index 5b7d0dcd..8dbccc5b 100644 --- a/x86_64/sha256-compress.asm +++ b/x86_64/sha256-compress.asm @@ -208,3 +208,4 @@ PROLOGUE(_nettle_sha256_compress) W64_EXIT(3, 0) ret EPILOGUE(_nettle_sha256_compress) +GNU_CET_SECTION() diff --git a/x86_64/sha3-permute.asm b/x86_64/sha3-permute.asm index 805b59af..a4d0cf0b 100644 --- a/x86_64/sha3-permute.asm +++ b/x86_64/sha3-permute.asm @@ -107,6 +107,7 @@ define(<ROTL64>, < C sha3_permute(struct sha3_state *ctx) .text +GNU_CET_SECTION() ALIGN(16) PROLOGUE(nettle_sha3_permute) W64_ENTRY(1, 16) diff --git a/x86_64/sha512-compress.asm b/x86_64/sha512-compress.asm index 4ff1f32a..37563e93 100644 --- a/x86_64/sha512-compress.asm +++ b/x86_64/sha512-compress.asm @@ -208,3 +208,4 @@ PROLOGUE(_nettle_sha512_compress) W64_EXIT(3, 0) ret EPILOGUE(_nettle_sha512_compress) +GNU_CET_SECTION() diff --git a/x86_64/sha_ni/sha1-compress.asm b/x86_64/sha_ni/sha1-compress.asm index ab848fdd..3cbca5e2 100644 --- a/x86_64/sha_ni/sha1-compress.asm +++ b/x86_64/sha_ni/sha1-compress.asm @@ -146,3 +146,4 @@ PROLOGUE(nettle_sha1_compress) W64_EXIT(2, 10) ret EPILOGUE(nettle_sha1_compress) +GNU_CET_SECTION() diff --git a/x86_64/sha_ni/sha256-compress.asm b/x86_64/sha_ni/sha256-compress.asm index f2a4bd32..f9fe3757 100644 --- a/x86_64/sha_ni/sha256-compress.asm +++ b/x86_64/sha_ni/sha256-compress.asm @@ -173,3 +173,4 @@ PROLOGUE(_nettle_sha256_compress) W64_EXIT(3, 10) ret EPILOGUE(_nettle_sha256_compress) +GNU_CET_SECTION() diff --git a/x86_64/umac-nh-n.asm b/x86_64/umac-nh-n.asm index ecb6396a..195d5886 100644 --- a/x86_64/umac-nh-n.asm +++ b/x86_64/umac-nh-n.asm @@ -273,3 +273,4 @@ PROLOGUE(_nettle_umac_nh_n) W64_EXIT(5, 14) ret EPILOGUE(_nettle_umac_nh_n) +GNU_CET_SECTION() diff --git a/x86_64/umac-nh.asm b/x86_64/umac-nh.asm index a6938e02..7bfc87ba 100644 --- a/x86_64/umac-nh.asm +++ b/x86_64/umac-nh.asm @@ -79,3 +79,4 @@ PROLOGUE(_nettle_umac_nh) W64_EXIT(3, 7) ret EPILOGUE(_nettle_umac_nh) +GNU_CET_SECTION() -- 2.20.1
From aab5f9215cb23da631c3c988c7765b1790079f41 Mon Sep 17 00:00:00 2001 From: Simo Sorce <[email protected]> Date: Sat, 27 Apr 2019 10:44:27 -0400 Subject: [PATCH 4/4] WIP --- arm/machine.m4 | 3 +++ asm.m4 | 2 +- config.m4.in | 2 +- configure.ac | 7 ------- sparc32/machine.m4 | 2 ++ sparc64/machine.m4 | 3 +++ x86/aes-decrypt-internal.asm | 1 - x86/aes-encrypt-internal.asm | 1 - x86/arcfour-crypt.asm | 1 - x86/camellia-crypt-internal.asm | 1 - x86/machine.m4 | 4 +++- x86/md5-compress.asm | 1 - x86/sha1-compress.asm | 1 - x86_64/aes-decrypt-internal.asm | 1 - x86_64/aes-encrypt-internal.asm | 1 - x86_64/aesni/aes-decrypt-internal.asm | 1 - x86_64/aesni/aes-encrypt-internal.asm | 1 - x86_64/camellia-crypt-internal.asm | 1 - x86_64/chacha-core-internal.asm | 1 - x86_64/fat/cpuid.asm | 2 +- x86_64/gcm-hash8.asm | 1 - x86_64/machine.m4 | 4 +++- x86_64/md5-compress.asm | 1 - x86_64/memxor.asm | 1 - x86_64/memxor3.asm | 1 - x86_64/poly1305-internal.asm | 1 - x86_64/salsa20-core-internal.asm | 1 - x86_64/salsa20-crypt.asm | 1 - x86_64/serpent-decrypt.asm | 1 - x86_64/serpent-encrypt.asm | 1 - x86_64/sha1-compress.asm | 1 - x86_64/sha256-compress.asm | 1 - x86_64/sha3-permute.asm | 1 - x86_64/sha512-compress.asm | 1 - x86_64/sha_ni/sha1-compress.asm | 1 - x86_64/sha_ni/sha256-compress.asm | 1 - x86_64/umac-nh-n.asm | 1 - x86_64/umac-nh.asm | 1 - 38 files changed, 17 insertions(+), 41 deletions(-) diff --git a/arm/machine.m4 b/arm/machine.m4 index f982a66a..6c4801ef 100644 --- a/arm/machine.m4 +++ b/arm/machine.m4 @@ -54,3 +54,6 @@ define(<D1REG>, <ifelse( $1, q14, d29, $1, q15, d31, <NO REGISTER>)>)dnl + +define(<GNU_PROPERTY_NOTES>, <>) +define(<CODEFROM>, <>) diff --git a/asm.m4 b/asm.m4 index 5a5d4ac2..cc31d97c 100644 --- a/asm.m4 +++ b/asm.m4 @@ -33,7 +33,7 @@ define(<PROLOGUE>, <.globl C_NAME($1) DECLARE_FUNC(C_NAME($1)) C_NAME($1): -CET_ENDBR>) +CODEFROM()>) define(<EPILOGUE>, <ifelse(ELF_STYLE,yes, diff --git a/config.m4.in b/config.m4.in index c3ebad60..90796f26 100644 --- a/config.m4.in +++ b/config.m4.in @@ -9,7 +9,7 @@ define(<W64_ABI>, <@W64_ABI@>)dnl define(<RODATA>, <@ASM_RODATA@>)dnl define(<WORDS_BIGENDIAN>, <@ASM_WORDS_BIGENDIAN@>)dnl define(<CET_PROTECTION>, <@ASM_CET_PROTECTION@>)dnl -define(<CET_ENDBR>, <@ASM_CET_ENDBR@>)dnl divert(1) @ASM_MARK_NOEXEC_STACK@ +GNU_PROPERTY_NOTES() divert diff --git a/configure.ac b/configure.ac index 7beb35d9..aba942ce 100644 --- a/configure.ac +++ b/configure.ac @@ -706,7 +706,6 @@ ASM_TYPE_FUNCTION='@function' ASM_TYPE_PROGBITS='@progbits' ASM_MARK_NOEXEC_STACK='' ASM_CET_PROTECTION='no' -ASM_CET_ENDBR='' ASM_ALIGN_LOG='' ASM_GEN_BUILD_NOTES='' @@ -842,11 +841,6 @@ EOF if test "x$enable_cet_protection" = xyes ; then ASM_CET_PROTECTION=yes - if test "$ABI" = 64 ; then - ASM_CET_ENDBR=endbr64 - else - ASM_CET_ENDBR=endbr32 - fi fi fi @@ -861,7 +855,6 @@ AC_SUBST(W64_ABI) AC_SUBST(ASM_WORDS_BIGENDIAN) AC_SUBST(ASM_GEN_BUILD_NOTES) AC_SUBST(ASM_CET_PROTECTION) -AC_SUBST(ASM_CET_ENDBR) AC_SUBST(EMULATOR) AC_SUBST(LIBNETTLE_MAJOR) diff --git a/sparc32/machine.m4 b/sparc32/machine.m4 index e69de29b..59b43f8a 100644 --- a/sparc32/machine.m4 +++ b/sparc32/machine.m4 @@ -0,0 +1,2 @@ +define(<GNU_PROPERTY_NOTES>, <>) +define(<CODEFROM>, <>) diff --git a/sparc64/machine.m4 b/sparc64/machine.m4 index 4c1c0e5a..fe5cf5ef 100644 --- a/sparc64/machine.m4 +++ b/sparc64/machine.m4 @@ -2,3 +2,6 @@ define(<BIAS>, 2047) C Magic stack bias for the Sparc64 ABI .register %g2,#scratch .register %g3,#scratch + +define(<GNU_PROPERTY_NOTES>, <>) +define(<CODEFROM>, <>) diff --git a/x86/aes-decrypt-internal.asm b/x86/aes-decrypt-internal.asm index 1d16f6db..ff535b6a 100644 --- a/x86/aes-decrypt-internal.asm +++ b/x86/aes-decrypt-internal.asm @@ -175,4 +175,3 @@ PROLOGUE(_nettle_aes_decrypt) popl %ebx ret EPILOGUE(_nettle_aes_decrypt) -GNU_CET_SECTION() diff --git a/x86/aes-encrypt-internal.asm b/x86/aes-encrypt-internal.asm index d9579e04..934158f7 100644 --- a/x86/aes-encrypt-internal.asm +++ b/x86/aes-encrypt-internal.asm @@ -175,4 +175,3 @@ PROLOGUE(_nettle_aes_encrypt) popl %ebx ret EPILOGUE(_nettle_aes_encrypt) -GNU_CET_SECTION() diff --git a/x86/arcfour-crypt.asm b/x86/arcfour-crypt.asm index 11f592e7..df3fe869 100644 --- a/x86/arcfour-crypt.asm +++ b/x86/arcfour-crypt.asm @@ -123,4 +123,3 @@ C .Lloop_done: popl %ebx ret EPILOGUE(nettle_arcfour_crypt) -GNU_CET_SECTION() diff --git a/x86/camellia-crypt-internal.asm b/x86/camellia-crypt-internal.asm index afac1fcc..ce8c57f0 100644 --- a/x86/camellia-crypt-internal.asm +++ b/x86/camellia-crypt-internal.asm @@ -223,4 +223,3 @@ PROLOGUE(_nettle_camellia_crypt) popl %ebx ret EPILOGUE(_nettle_camellia_crypt) -GNU_CET_SECTION() diff --git a/x86/machine.m4 b/x86/machine.m4 index 1153c757..9341d837 100644 --- a/x86/machine.m4 +++ b/x86/machine.m4 @@ -29,7 +29,7 @@ dnl Shadow Stack define(<GNU_PROPERTY_X86_FEATURE_1_SHSTK>, <0x02>) dnl NOTE: GNU Property sections MUST have alignment of 8 -define(<GNU_CET_SECTION>, +define(<GNU_PROPERTY_NOTES>, <ifelse(CET_PROTECTION,yes, <.pushsection .note.gnu.property,"a" ALIGN(8) @@ -49,3 +49,5 @@ ALIGN(8) 4: .popsection >,<>)>) + +define(<CODEFROM>, <ifelse(CET_PROTECTION,yes,<endbr32>,<>)>) diff --git a/x86/md5-compress.asm b/x86/md5-compress.asm index 6293f052..c849c082 100644 --- a/x86/md5-compress.asm +++ b/x86/md5-compress.asm @@ -185,4 +185,3 @@ PROLOGUE(nettle_md5_compress) popl %ebx ret EPILOGUE(nettle_md5_compress) -GNU_CET_SECTION() diff --git a/x86/sha1-compress.asm b/x86/sha1-compress.asm index 4e1f121c..03bdcdc9 100644 --- a/x86/sha1-compress.asm +++ b/x86/sha1-compress.asm @@ -1541,7 +1541,6 @@ C ROUND_F2(SB, SC, SD, SE, SA, 79, K4VALUE) popl %ebx ret EPILOGUE(nettle_sha1_compress) -GNU_CET_SECTION() C TODO: diff --git a/x86_64/aes-decrypt-internal.asm b/x86_64/aes-decrypt-internal.asm index eedfaaf0..43f2f394 100644 --- a/x86_64/aes-decrypt-internal.asm +++ b/x86_64/aes-decrypt-internal.asm @@ -150,4 +150,3 @@ PROLOGUE(_nettle_aes_decrypt) W64_EXIT(6, 0) ret EPILOGUE(_nettle_aes_decrypt) -GNU_CET_SECTION() diff --git a/x86_64/aes-encrypt-internal.asm b/x86_64/aes-encrypt-internal.asm index 3a5a1e86..dfb498f5 100644 --- a/x86_64/aes-encrypt-internal.asm +++ b/x86_64/aes-encrypt-internal.asm @@ -151,4 +151,3 @@ PROLOGUE(_nettle_aes_encrypt) W64_EXIT(6, 0) ret EPILOGUE(_nettle_aes_encrypt) -GNU_CET_SECTION() diff --git a/x86_64/aesni/aes-decrypt-internal.asm b/x86_64/aesni/aes-decrypt-internal.asm index 1b1a1a4d..3d6d6e30 100644 --- a/x86_64/aesni/aes-decrypt-internal.asm +++ b/x86_64/aesni/aes-decrypt-internal.asm @@ -132,4 +132,3 @@ PROLOGUE(_nettle_aes_decrypt) W64_EXIT(6, 16) ret EPILOGUE(_nettle_aes_decrypt) -GNU_CET_SECTION() diff --git a/x86_64/aesni/aes-encrypt-internal.asm b/x86_64/aesni/aes-encrypt-internal.asm index f7338ef6..99caf1f8 100644 --- a/x86_64/aesni/aes-encrypt-internal.asm +++ b/x86_64/aesni/aes-encrypt-internal.asm @@ -132,4 +132,3 @@ PROLOGUE(_nettle_aes_encrypt) W64_EXIT(6, 16) ret EPILOGUE(_nettle_aes_encrypt) -GNU_CET_SECTION() diff --git a/x86_64/camellia-crypt-internal.asm b/x86_64/camellia-crypt-internal.asm index 71750172..040e030f 100644 --- a/x86_64/camellia-crypt-internal.asm +++ b/x86_64/camellia-crypt-internal.asm @@ -200,4 +200,3 @@ PROLOGUE(_nettle_camellia_crypt) W64_EXIT(6, 0) ret EPILOGUE(_nettle_camellia_crypt) -GNU_CET_SECTION() diff --git a/x86_64/chacha-core-internal.asm b/x86_64/chacha-core-internal.asm index 3125dee7..9e5dc394 100644 --- a/x86_64/chacha-core-internal.asm +++ b/x86_64/chacha-core-internal.asm @@ -126,4 +126,3 @@ PROLOGUE(_nettle_chacha_core) W64_EXIT(3, 6) ret EPILOGUE(_nettle_chacha_core) -GNU_CET_SECTION() diff --git a/x86_64/fat/cpuid.asm b/x86_64/fat/cpuid.asm index c4a5b538..f317d56e 100644 --- a/x86_64/fat/cpuid.asm +++ b/x86_64/fat/cpuid.asm @@ -56,4 +56,4 @@ PROLOGUE(_nettle_cpuid) W64_EXIT(2) ret EPILOGUE(_nettle_cpuid) -GNU_CET_SECTION() + diff --git a/x86_64/gcm-hash8.asm b/x86_64/gcm-hash8.asm index 54608ae8..bfaa6ef8 100644 --- a/x86_64/gcm-hash8.asm +++ b/x86_64/gcm-hash8.asm @@ -199,7 +199,6 @@ ALIGN(16) jnz .Lread_loop ret EPILOGUE(_nettle_gcm_hash8) -GNU_CET_SECTION() define(<W>, <0x$2$1>) RODATA diff --git a/x86_64/machine.m4 b/x86_64/machine.m4 index a64241ce..1c07665d 100644 --- a/x86_64/machine.m4 +++ b/x86_64/machine.m4 @@ -186,7 +186,7 @@ dnl Shadow Stack define(<GNU_PROPERTY_X86_FEATURE_1_SHSTK>, <0x02>) dnl NOTE: GNU Property sections MUST have alignment of 8 -define(<GNU_CET_SECTION>, +define(<GNU_PROPERTY_NOTES>, <ifelse(CET_PROTECTION,yes, <.pushsection .note.gnu.property,"a" ALIGN(8) @@ -206,3 +206,5 @@ ALIGN(8) 4: .popsection >,<>)>) + +define(<CODEFROM>, <ifelse(CET_PROTECTION,yes,<endbr64>,<>)>) diff --git a/x86_64/md5-compress.asm b/x86_64/md5-compress.asm index ef1fcb89..182b8f18 100644 --- a/x86_64/md5-compress.asm +++ b/x86_64/md5-compress.asm @@ -174,4 +174,3 @@ PROLOGUE(nettle_md5_compress) ret EPILOGUE(nettle_md5_compress) -GNU_CET_SECTION() diff --git a/x86_64/memxor.asm b/x86_64/memxor.asm index a0ea94b4..f07f0017 100644 --- a/x86_64/memxor.asm +++ b/x86_64/memxor.asm @@ -171,4 +171,3 @@ ifdef(<USE_SSE2>, < >) EPILOGUE(nettle_memxor) -GNU_CET_SECTION() diff --git a/x86_64/memxor3.asm b/x86_64/memxor3.asm index b0c0e35c..8ff3e79c 100644 --- a/x86_64/memxor3.asm +++ b/x86_64/memxor3.asm @@ -261,4 +261,3 @@ ifelse(USE_SSE2, yes, < EPILOGUE(nettle_memxor3) -GNU_CET_SECTION() diff --git a/x86_64/poly1305-internal.asm b/x86_64/poly1305-internal.asm index 3737450f..98159ad3 100644 --- a/x86_64/poly1305-internal.asm +++ b/x86_64/poly1305-internal.asm @@ -184,4 +184,3 @@ define(<T1>, <%rax>) ret EPILOGUE(nettle_poly1305_digest) -GNU_CET_SECTION() diff --git a/x86_64/salsa20-core-internal.asm b/x86_64/salsa20-core-internal.asm index c1690880..4ef07be0 100644 --- a/x86_64/salsa20-core-internal.asm +++ b/x86_64/salsa20-core-internal.asm @@ -109,4 +109,3 @@ PROLOGUE(_nettle_salsa20_core) W64_EXIT(3, 9) ret EPILOGUE(_nettle_salsa20_core) -GNU_CET_SECTION() diff --git a/x86_64/salsa20-crypt.asm b/x86_64/salsa20-crypt.asm index e0348956..cc1d58ca 100644 --- a/x86_64/salsa20-crypt.asm +++ b/x86_64/salsa20-crypt.asm @@ -245,4 +245,3 @@ PROLOGUE(nettle_salsa20_crypt) ret EPILOGUE(nettle_salsa20_crypt) -GNU_CET_SECTION() diff --git a/x86_64/serpent-decrypt.asm b/x86_64/serpent-decrypt.asm index 5f03fa4b..031c41c8 100644 --- a/x86_64/serpent-decrypt.asm +++ b/x86_64/serpent-decrypt.asm @@ -714,4 +714,3 @@ PROLOGUE(nettle_serpent_decrypt) W64_EXIT(4, 13) ret EPILOGUE(nettle_serpent_decrypt) -GNU_CET_SECTION() diff --git a/x86_64/serpent-encrypt.asm b/x86_64/serpent-encrypt.asm index 6bee5d18..99cba00c 100644 --- a/x86_64/serpent-encrypt.asm +++ b/x86_64/serpent-encrypt.asm @@ -749,4 +749,3 @@ C parallell. W64_EXIT(4, 13) ret EPILOGUE(nettle_serpent_encrypt) -GNU_CET_SECTION() diff --git a/x86_64/sha1-compress.asm b/x86_64/sha1-compress.asm index 54dfa313..dd48de0e 100644 --- a/x86_64/sha1-compress.asm +++ b/x86_64/sha1-compress.asm @@ -305,4 +305,3 @@ PROLOGUE(nettle_sha1_compress) W64_EXIT(2, 0) ret EPILOGUE(nettle_sha1_compress) -GNU_CET_SECTION() diff --git a/x86_64/sha256-compress.asm b/x86_64/sha256-compress.asm index 8dbccc5b..5b7d0dcd 100644 --- a/x86_64/sha256-compress.asm +++ b/x86_64/sha256-compress.asm @@ -208,4 +208,3 @@ PROLOGUE(_nettle_sha256_compress) W64_EXIT(3, 0) ret EPILOGUE(_nettle_sha256_compress) -GNU_CET_SECTION() diff --git a/x86_64/sha3-permute.asm b/x86_64/sha3-permute.asm index a4d0cf0b..805b59af 100644 --- a/x86_64/sha3-permute.asm +++ b/x86_64/sha3-permute.asm @@ -107,7 +107,6 @@ define(<ROTL64>, < C sha3_permute(struct sha3_state *ctx) .text -GNU_CET_SECTION() ALIGN(16) PROLOGUE(nettle_sha3_permute) W64_ENTRY(1, 16) diff --git a/x86_64/sha512-compress.asm b/x86_64/sha512-compress.asm index 37563e93..4ff1f32a 100644 --- a/x86_64/sha512-compress.asm +++ b/x86_64/sha512-compress.asm @@ -208,4 +208,3 @@ PROLOGUE(_nettle_sha512_compress) W64_EXIT(3, 0) ret EPILOGUE(_nettle_sha512_compress) -GNU_CET_SECTION() diff --git a/x86_64/sha_ni/sha1-compress.asm b/x86_64/sha_ni/sha1-compress.asm index 3cbca5e2..ab848fdd 100644 --- a/x86_64/sha_ni/sha1-compress.asm +++ b/x86_64/sha_ni/sha1-compress.asm @@ -146,4 +146,3 @@ PROLOGUE(nettle_sha1_compress) W64_EXIT(2, 10) ret EPILOGUE(nettle_sha1_compress) -GNU_CET_SECTION() diff --git a/x86_64/sha_ni/sha256-compress.asm b/x86_64/sha_ni/sha256-compress.asm index f9fe3757..f2a4bd32 100644 --- a/x86_64/sha_ni/sha256-compress.asm +++ b/x86_64/sha_ni/sha256-compress.asm @@ -173,4 +173,3 @@ PROLOGUE(_nettle_sha256_compress) W64_EXIT(3, 10) ret EPILOGUE(_nettle_sha256_compress) -GNU_CET_SECTION() diff --git a/x86_64/umac-nh-n.asm b/x86_64/umac-nh-n.asm index 195d5886..ecb6396a 100644 --- a/x86_64/umac-nh-n.asm +++ b/x86_64/umac-nh-n.asm @@ -273,4 +273,3 @@ PROLOGUE(_nettle_umac_nh_n) W64_EXIT(5, 14) ret EPILOGUE(_nettle_umac_nh_n) -GNU_CET_SECTION() diff --git a/x86_64/umac-nh.asm b/x86_64/umac-nh.asm index 7bfc87ba..a6938e02 100644 --- a/x86_64/umac-nh.asm +++ b/x86_64/umac-nh.asm @@ -79,4 +79,3 @@ PROLOGUE(_nettle_umac_nh) W64_EXIT(3, 7) ret EPILOGUE(_nettle_umac_nh) -GNU_CET_SECTION() -- 2.20.1
_______________________________________________ nettle-bugs mailing list [email protected] http://lists.lysator.liu.se/mailman/listinfo/nettle-bugs
