rpms/libgcrypt
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Use upstream patches for CF protection fixes

Browse Source 
Related: RHEL-58736
This commit is contained in:
Jakub Jelen 2024-08-06 11:49:48 +02:00
parent f42f9ae0b1
commit 617e4c5f4c
1 changed files with 146 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

155
libgcrypt-1.11.0-cf-protection.patch
View File

@ -1,12 +1,55 @@
From de3a04203b33c2248400392b535d2ab133bcd752 Mon Sep 17 00:00:00 2001 From 7ee2e73495d051ca09dd57c90132a7a9cc53bc62 Mon Sep 17 00:00:00 2001
From: Jussi Kivilinna <jussi.kivilinna@iki.fi>
Date: Fri, 26 Jul 2024 11:00:30 +0300
Subject: [PATCH] asm-common-amd64: add missing CFI directives for large memory
model code
* cipher/asm-common-amd64.h [__code_model_large__]
(GET_EXTERN_POINTER): Add CFI_PUSH/CFI_POP directives.
--
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
---
cipher/asm-common-amd64.h | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/cipher/asm-common-amd64.h b/cipher/asm-common-amd64.h
index 870fef9a..3fa065e8 100644
--- a/cipher/asm-common-amd64.h
+++ b/cipher/asm-common-amd64.h
@@ -59,14 +59,18 @@
# ifdef __code_model_large__
# define GET_EXTERN_POINTER(name, reg) \
pushq %r15; \
+ CFI_PUSH(%r15); \
pushq %r14; \
+ CFI_PUSH(%r14); \
1: leaq 1b(%rip), reg; \
movabsq $_GLOBAL_OFFSET_TABLE_-1b, %r14; \
movabsq $name@GOT, %r15; \
addq %r14, reg; \
popq %r14; \
+ CFI_POP(%r14); \
movq (reg, %r15), reg; \
- popq %r15;
+ popq %r15; \
+ CFI_POP(%r15);
# else
# define GET_EXTERN_POINTER(name, reg) movq name@GOTPCREL(%rip), reg
# endif
--
2.45.2
From dd42a4e03e066c49a6d83e0d3a07e4261d77121a Mon Sep 17 00:00:00 2001
From: Jussi Kivilinna <jussi.kivilinna@iki.fi> From: Jussi Kivilinna <jussi.kivilinna@iki.fi>
Date: Sat, 27 Jul 2024 08:16:56 +0300 Date: Sat, 27 Jul 2024 08:16:56 +0300
Subject: [PATCH] Do not build rijndael-vaes-avx2-i386 on x86-64 Subject: [PATCH] Do not build i386 assembly on x86-64
* configure.ac: Enable building i386 "rijndael-vaes" only * configure.ac: Enable building i386 "rijndael-vaes" only
on i?86 host instead of x86 MPI arch ("i?86 + x86-64"). on i?86 host instead of x86 MPI arch ("i?86 + x86-64").
-- --
GnuPG-bug-id: 7220
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi> Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
--- ---
configure.ac | 9 +++++---- configure.ac | 9 +++++----
@ -40,19 +83,112 @@ index d3dffb4b..1e182552 100644
esac esac
fi fi
-- --
2.43.0 2.45.2
From 5797d75e3b916caf504bed73a8629c6c168be58d Mon Sep 17 00:00:00 2001
From: Jussi Kivilinna <jussi.kivilinna@iki.fi>
Date: Sat, 27 Jul 2024 08:50:57 +0300
Subject: [PATCH] Do not build amd64 assembly on i386
From 9178af96038acd295d02a4c405c19435dce92ad8 Mon Sep 17 00:00:00 2001 * configure.ac: Build "serpent-avx2-amd64" and
"camellia-*-amd64" only on x86-64.
--
GnuPG-bug-id: 7220
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
---
configure.ac | 50 +++++++++++++++++++++++++++-----------------------
1 file changed, 27 insertions(+), 23 deletions(-)
diff --git a/configure.ac b/configure.ac
index 1e182552..191aa38d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -3133,14 +3133,14 @@ if test "$found" = "1" ; then
x86_64-*-*)
# Build with the SSE2 implementation
GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS serpent-sse2-amd64.lo"
+
+ if test x"$avx2support" = xyes ; then
+ # Build with the AVX2 implementation
+ GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS serpent-avx2-amd64.lo"
+ fi
;;
esac
- if test x"$avx2support" = xyes ; then
- # Build with the AVX2 implementation
- GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS serpent-avx2-amd64.lo"
- fi
-
if test x"$avx512support" = xyes ; then
# Build with the AVX512 implementation
GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS serpent-avx512-x86.lo"
@@ -3186,28 +3186,32 @@ if test "$found" = "1" ; then
;;
esac
- if test x"$avxsupport" = xyes ; then
- if test x"$aesnisupport" = xyes ; then
- # Build with the AES-NI/AVX implementation
- GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS camellia-aesni-avx-amd64.lo"
- fi
- fi
+ case "${host}" in
+ x86_64-*-*)
+ if test x"$avxsupport" = xyes ; then
+ if test x"$aesnisupport" = xyes ; then
+ # Build with the AES-NI/AVX implementation
+ GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS camellia-aesni-avx-amd64.lo"
+ fi
+ fi
- if test x"$avx2support" = xyes ; then
- if test x"$aesnisupport" = xyes ; then
- # Build with the AES-NI/AVX2 implementation
- GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS camellia-aesni-avx2-amd64.lo"
+ if test x"$avx2support" = xyes ; then
+ if test x"$aesnisupport" = xyes ; then
+ # Build with the AES-NI/AVX2 implementation
+ GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS camellia-aesni-avx2-amd64.lo"
- # Build with the VAES/AVX2 implementation
- GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS camellia-vaes-avx2-amd64.lo"
+ # Build with the VAES/AVX2 implementation
+ GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS camellia-vaes-avx2-amd64.lo"
- # Build with the GFNI/AVX2 implementation
- GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS camellia-gfni-avx2-amd64.lo"
+ # Build with the GFNI/AVX2 implementation
+ GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS camellia-gfni-avx2-amd64.lo"
- # Build with the GFNI/AVX512 implementation
- GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS camellia-gfni-avx512-amd64.lo"
- fi
- fi
+ # Build with the GFNI/AVX512 implementation
+ GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS camellia-gfni-avx512-amd64.lo"
+ fi
+ fi
+ ;;
+ esac
fi
LIST_MEMBER(idea, $enabled_ciphers)
--
2.45.2
From d69e6a29b986cf1cb21e09d337a0de2564ef34f2 Mon Sep 17 00:00:00 2001
From: Jussi Kivilinna <jussi.kivilinna@iki.fi> From: Jussi Kivilinna <jussi.kivilinna@iki.fi>
Date: Fri, 26 Jul 2024 10:59:12 +0300 Date: Fri, 26 Jul 2024 10:59:12 +0300
Subject: [PATCH 1/2] Add CET support for x86-64 assembly Subject: [PATCH] Add CET support for x86-64 assembly
* cipher/asm-common-amd64.h (ENDBRANCH): New. * cipher/asm-common-amd64.h (ENDBRANCH): New.
(CFI_STARTPROC): Add ENDBRANCH. (CFI_STARTPROC): Add ENDBRANCH.
[__CET__] (note.gnu.property): Add CET property section. [__CET__] (note.gnu.property): Add CET property section.
-- --
GnuPG-bug-id: 7220
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi> Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
--- ---
cipher/asm-common-amd64.h | 30 ++++++++++++++++++++++++++++-- cipher/asm-common-amd64.h | 30 ++++++++++++++++++++++++++++--
@ -114,18 +250,19 @@ index 3fa065e8..465ef62b 100644
+ +
#endif /* GCRY_ASM_COMMON_AMD64_H */ #endif /* GCRY_ASM_COMMON_AMD64_H */
-- --
2.43.0 2.45.2
From e7c81e64b1a81455ce72c54607ce6ab35c24f407 Mon Sep 17 00:00:00 2001 From 64ec13d11b08fbe31cc6f83e9464e7e251d41019 Mon Sep 17 00:00:00 2001
From: Jussi Kivilinna <jussi.kivilinna@iki.fi> From: Jussi Kivilinna <jussi.kivilinna@iki.fi>
Date: Fri, 26 Jul 2024 11:09:37 +0300 Date: Fri, 26 Jul 2024 11:09:37 +0300
Subject: [PATCH 2/2] Add CET support for i386 assembly Subject: [PATCH] Add CET support for i386 assembly
* cipher/asm-common-i386.h (ENDBRANCH): New. * cipher/asm-common-i386.h (ENDBRANCH): New.
(CFI_STARTPROC): Add ENDBRANCH. (CFI_STARTPROC): Add ENDBRANCH.
[__CET__] (note.gnu.property): Add CET property section. [__CET__] (note.gnu.property): Add CET property section.
-- --
GnuPG-bug-id: 7220
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi> Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
--- ---
cipher/asm-common-i386.h | 30 ++++++++++++++++++++++++++++-- cipher/asm-common-i386.h | 30 ++++++++++++++++++++++++++++--
@ -187,5 +324,5 @@ index d746ebc4..346a8ff2 100644
+ +
#endif /* GCRY_ASM_COMMON_AMD64_H */ #endif /* GCRY_ASM_COMMON_AMD64_H */
-- --
2.43.0 2.45.2