|
 |
dc908e |
diff --git a/asm.m4 b/asm.m4
|
|
|
dc908e |
index 8da47201..59d64098 100644
|
|
|
dc908e |
--- a/asm.m4
|
|
|
dc908e |
+++ b/asm.m4
|
|
|
dc908e |
@@ -32,7 +32,7 @@ define(<GMP_NUMB_BITS>,<>)dnl
|
|
|
dc908e |
define(<PROLOGUE>,
|
|
|
dc908e |
<.globl C_NAME($1)
|
|
|
dc908e |
DECLARE_FUNC(C_NAME($1))
|
|
|
dc908e |
-C_NAME($1):>)
|
|
|
dc908e |
+C_NAME($1): ASM_X86_ENDBR>)
|
|
|
dc908e |
|
|
|
dc908e |
define(<EPILOGUE>,
|
|
|
dc908e |
|
|
|
dc908e |
--- a/config.m4.in 2018-12-04 21:56:06.000000000 +0100
|
|
|
dc908e |
+++ b/config.m4.in 2020-05-15 11:25:42.350465132 +0200
|
|
|
dc908e |
@@ -7,6 +7,9 @@
|
|
|
dc908e |
define(<ALIGN_LOG>, <@ASM_ALIGN_LOG@>)dnl
|
|
|
dc908e |
define(<W64_ABI>, <@W64_ABI@>)dnl
|
|
|
dc908e |
define(<RODATA>, <@ASM_RODATA@>)dnl
|
|
|
dc908e |
+define(<ASM_X86_ENDBR>,<@ASM_X86_ENDBR@>)dnl
|
|
|
dc908e |
+define(<ASM_X86_MARK_CET_ALIGN>,<@ASM_X86_MARK_CET_ALIGN@>)dnl
|
|
|
dc908e |
divert(1)
|
|
|
dc908e |
+@ASM_X86_MARK_CET@
|
|
|
dc908e |
@ASM_MARK_NOEXEC_STACK@
|
|
|
dc908e |
divert
|
|
|
dc908e |
--- a/configure.ac 2018-12-04 21:56:06.000000000 +0100
|
|
|
dc908e |
+++ b/configure.ac 2020-05-15 11:46:39.152373137 +0200
|
|
|
dc908e |
@@ -787,6 +787,68 @@
|
|
|
dc908e |
ASM_ALIGN_LOG="$nettle_cv_asm_align_log"
|
|
|
dc908e |
fi
|
|
|
dc908e |
|
|
|
dc908e |
+dnl Define
|
|
|
dc908e |
+dnl 1. ASM_X86_ENDBR for endbr32/endbr64.
|
|
|
dc908e |
+dnl 2. ASM_X86_MARK_CET to add a .note.gnu.property section to mark
|
|
|
dc908e |
+dnl Intel CET support if needed.
|
|
|
dc908e |
+dnl 3. ASM_X86_MARK_CET_ALIGN to align ASM_X86_MARK_CET.
|
|
|
dc908e |
+AC_CACHE_CHECK([if Intel CET is enabled],
|
|
|
dc908e |
+ [nettle_cv_asm_x86_intel_cet],
|
|
|
dc908e |
+ [AC_TRY_COMPILE([
|
|
|
dc908e |
+#ifndef __CET__
|
|
|
dc908e |
+#error Intel CET is not enabled
|
|
|
dc908e |
+#endif
|
|
|
dc908e |
+ ], [],
|
|
|
dc908e |
+ [nettle_cv_asm_x86_intel_cet=yes],
|
|
|
dc908e |
+ [nettle_cv_asm_x86_intel_cet=no])])
|
|
|
dc908e |
+if test "$nettle_cv_asm_x86_intel_cet" = yes; then
|
|
|
dc908e |
+ case $ABI in
|
|
|
dc908e |
+ 32|standard)
|
|
|
dc908e |
+ ASM_X86_ENDBR=endbr32
|
|
|
dc908e |
+ ASM_X86_MARK_CET_ALIGN=2
|
|
|
dc908e |
+ ;;
|
|
|
dc908e |
+ 64)
|
|
|
dc908e |
+ ASM_X86_ENDBR=endbr64
|
|
|
dc908e |
+ ASM_X86_MARK_CET_ALIGN=3
|
|
|
dc908e |
+ ;;
|
|
|
dc908e |
+ x32)
|
|
|
dc908e |
+ ASM_X86_ENDBR=endbr64
|
|
|
dc908e |
+ ASM_X86_MARK_CET_ALIGN=2
|
|
|
dc908e |
+ ;;
|
|
|
dc908e |
+ esac
|
|
|
dc908e |
+ AC_CACHE_CHECK([if .note.gnu.property section is needed],
|
|
|
dc908e |
+ [nettle_cv_asm_x86_gnu_property],
|
|
|
dc908e |
+ [AC_TRY_COMPILE([
|
|
|
dc908e |
+#if !defined __ELF__ || !defined __CET__
|
|
|
dc908e |
+#error GNU property is not needed
|
|
|
dc908e |
+#endif
|
|
|
dc908e |
+ ], [],
|
|
|
dc908e |
+ [nettle_cv_asm_x86_gnu_property=yes],
|
|
|
dc908e |
+ [nettle_cv_asm_x86_gnu_property=no])])
|
|
|
dc908e |
+else
|
|
|
dc908e |
+ nettle_cv_asm_x86_gnu_property=no
|
|
|
dc908e |
+fi
|
|
|
dc908e |
+if test "$nettle_cv_asm_x86_gnu_property" = yes; then
|
|
|
dc908e |
+ ASM_X86_MARK_CET='
|
|
|
dc908e |
+ .pushsection ".note.gnu.property", "a"
|
|
|
dc908e |
+ .p2align ASM_X86_MARK_CET_ALIGN
|
|
|
dc908e |
+ .long 1f - 0f
|
|
|
dc908e |
+ .long 4f - 1f
|
|
|
dc908e |
+ .long 5
|
|
|
dc908e |
+0:
|
|
|
dc908e |
+ .asciz "GNU"
|
|
|
dc908e |
+1:
|
|
|
dc908e |
+ .p2align ASM_X86_MARK_CET_ALIGN
|
|
|
dc908e |
+ .long 0xc0000002
|
|
|
dc908e |
+ .long 3f - 2f
|
|
|
dc908e |
+2:
|
|
|
dc908e |
+ .long 3
|
|
|
dc908e |
+3:
|
|
|
dc908e |
+ .p2align ASM_X86_MARK_CET_ALIGN
|
|
|
dc908e |
+4:
|
|
|
dc908e |
+ .popsection'
|
|
|
dc908e |
+fi
|
|
|
dc908e |
+
|
|
|
dc908e |
AC_SUBST(ASM_SYMBOL_PREFIX)
|
|
|
dc908e |
AC_SUBST(ASM_ELF_STYLE)
|
|
|
dc908e |
AC_SUBST(ASM_COFF_STYLE)
|
|
|
dc908e |
@@ -796,6 +858,9 @@
|
|
|
dc908e |
AC_SUBST(ASM_ALIGN_LOG)
|
|
|
dc908e |
AC_SUBST(W64_ABI)
|
|
|
dc908e |
AC_SUBST(EMULATOR)
|
|
|
dc908e |
+AC_SUBST(ASM_X86_ENDBR)
|
|
|
dc908e |
+AC_SUBST(ASM_X86_MARK_CET)
|
|
|
dc908e |
+AC_SUBST(ASM_X86_MARK_CET_ALIGN)
|
|
|
dc908e |
|
|
|
dc908e |
AC_SUBST(LIBNETTLE_MAJOR)
|
|
|
dc908e |
AC_SUBST(LIBNETTLE_MINOR)
|
|
|
dc908e |
diff --git a/testsuite/.test-rules.make b/testsuite/.test-rules.make
|
|
|
dc908e |
index 922a2c7f..9de8f412 100644
|
|
|
dc908e |
--- a/testsuite/.test-rules.make
|
|
|
dc908e |
+++ b/testsuite/.test-rules.make
|
|
|
dc908e |
@@ -178,6 +178,9 @@ xts-test$(EXEEXT): xts-test.$(OBJEXT)
|
|
|
dc908e |
pbkdf2-test$(EXEEXT): pbkdf2-test.$(OBJEXT)
|
|
|
dc908e |
$(LINK) pbkdf2-test.$(OBJEXT) $(TEST_OBJS) -o pbkdf2-test$(EXEEXT)
|
|
|
dc908e |
|
|
|
dc908e |
+x86-ibt-test$(EXEEXT): x86-ibt-test.$(OBJEXT)
|
|
|
dc908e |
+ $(LINK) x86-ibt-test.$(OBJEXT) $(TEST_OBJS) -o x86-ibt-test$(EXEEXT)
|
|
|
dc908e |
+
|
|
|
dc908e |
sexp-test$(EXEEXT): sexp-test.$(OBJEXT)
|
|
|
dc908e |
$(LINK) sexp-test.$(OBJEXT) $(TEST_OBJS) -o sexp-test$(EXEEXT)
|
|
|
dc908e |
|
|
|
dc908e |
--- a/testsuite/Makefile.in 2018-12-04 21:56:06.000000000 +0100
|
|
|
dc908e |
+++ b/testsuite/Makefile.in 2020-05-15 11:21:15.673321598 +0200
|
|
|
dc908e |
@@ -31,7 +31,8 @@
|
|
|
dc908e |
hmac-test.c umac-test.c \
|
|
|
dc908e |
meta-hash-test.c meta-cipher-test.c\
|
|
|
dc908e |
meta-aead-test.c meta-armor-test.c \
|
|
|
dc908e |
- buffer-test.c yarrow-test.c pbkdf2-test.c
|
|
|
dc908e |
+ buffer-test.c yarrow-test.c pbkdf2-test.c \
|
|
|
dc908e |
+ x86-ibt-test.c
|
|
|
dc908e |
|
|
|
dc908e |
TS_HOGWEED_SOURCES = sexp-test.c sexp-format-test.c \
|
|
|
dc908e |
rsa2sexp-test.c sexp2rsa-test.c \
|
|
|
dc908e |
diff --git a/testsuite/x86-ibt-test.c b/testsuite/x86-ibt-test.c
|
|
|
dc908e |
new file mode 100644
|
|
|
dc908e |
index 00000000..1f3d1d67
|
|
|
dc908e |
--- /dev/null
|
|
|
dc908e |
+++ b/testsuite/x86-ibt-test.c
|
|
|
dc908e |
@@ -0,0 +1,69 @@
|
|
|
dc908e |
+#include "testutils.h"
|
|
|
dc908e |
+#if defined(__GNUC__) && (defined(__i386__) || defined(__x86_64__)) \
|
|
|
dc908e |
+ && defined(__CET__) && defined(__linux__)
|
|
|
dc908e |
+#include <signal.h>
|
|
|
dc908e |
+
|
|
|
dc908e |
+static void
|
|
|
dc908e |
+segfault_handler(int signo)
|
|
|
dc908e |
+{
|
|
|
dc908e |
+ exit(0);
|
|
|
dc908e |
+}
|
|
|
dc908e |
+
|
|
|
dc908e |
+static void
|
|
|
dc908e |
+ibt_violation(void)
|
|
|
dc908e |
+{
|
|
|
dc908e |
+#ifdef __i386__
|
|
|
dc908e |
+ unsigned int reg;
|
|
|
dc908e |
+ asm volatile("lea 1f, %0\n\t"
|
|
|
dc908e |
+ "jmp *%0\n"
|
|
|
dc908e |
+ "1:" : "=r" (reg));
|
|
|
dc908e |
+#else
|
|
|
dc908e |
+ unsigned long long reg;
|
|
|
dc908e |
+ asm volatile("lea 1f(%%rip), %0\n\t"
|
|
|
dc908e |
+ "jmp *%0\n"
|
|
|
dc908e |
+ "1:" : "=r" (reg));
|
|
|
dc908e |
+#endif
|
|
|
dc908e |
+}
|
|
|
dc908e |
+
|
|
|
dc908e |
+#ifdef __i386__
|
|
|
dc908e |
+static unsigned int
|
|
|
dc908e |
+_get_ssp(void)
|
|
|
dc908e |
+{
|
|
|
dc908e |
+ unsigned int ssp;
|
|
|
dc908e |
+ asm volatile("xor %0, %0\n\trdsspd %0" : "=r" (ssp));
|
|
|
dc908e |
+ return ssp;
|
|
|
dc908e |
+}
|
|
|
dc908e |
+#else
|
|
|
dc908e |
+static unsigned long long
|
|
|
dc908e |
+_get_ssp(void)
|
|
|
dc908e |
+{
|
|
|
dc908e |
+ unsigned long long ssp;
|
|
|
dc908e |
+ asm volatile("xor %0, %0\n\trdsspq %0" : "=r" (ssp));
|
|
|
dc908e |
+ return ssp;
|
|
|
dc908e |
+}
|
|
|
dc908e |
+#endif
|
|
|
dc908e |
+
|
|
|
dc908e |
+void
|
|
|
dc908e |
+test_main(void)
|
|
|
dc908e |
+{
|
|
|
dc908e |
+ /* NB: This test should trigger SIGSEGV on CET platforms. _get_ssp
|
|
|
dc908e |
+ returns the address of shadow stack pointer. If the address of
|
|
|
dc908e |
+ shadow stack pointer is 0, SHSTK is disabled and we assume that
|
|
|
dc908e |
+ IBT is also disabled. */
|
|
|
dc908e |
+ if (_get_ssp() == 0)
|
|
|
dc908e |
+ {
|
|
|
dc908e |
+ ibt_violation();
|
|
|
dc908e |
+ SKIP();
|
|
|
dc908e |
+ }
|
|
|
dc908e |
+
|
|
|
dc908e |
+ signal(SIGSEGV, segfault_handler);
|
|
|
dc908e |
+ ibt_violation();
|
|
|
dc908e |
+ FAIL();
|
|
|
dc908e |
+}
|
|
|
dc908e |
+#else
|
|
|
dc908e |
+void
|
|
|
dc908e |
+test_main(void)
|
|
|
dc908e |
+{
|
|
|
dc908e |
+ SKIP();
|
|
|
dc908e |
+}
|
|
|
dc908e |
+#endif
|
|
|
dc908e |
--
|
|
|
dc908e |
2.25.4
|
|
|
dc908e |
|