Use upstream patches for CF protection fixes
Related: RHEL-58736
This commit is contained in:
parent
f42f9ae0b1
commit
617e4c5f4c
@ -1,12 +1,55 @@
|
||||
From de3a04203b33c2248400392b535d2ab133bcd752 Mon Sep 17 00:00:00 2001
|
||||
From 7ee2e73495d051ca09dd57c90132a7a9cc53bc62 Mon Sep 17 00:00:00 2001
|
||||
From: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
||||
Date: Fri, 26 Jul 2024 11:00:30 +0300
|
||||
Subject: [PATCH] asm-common-amd64: add missing CFI directives for large memory
|
||||
model code
|
||||
|
||||
* cipher/asm-common-amd64.h [__code_model_large__]
|
||||
(GET_EXTERN_POINTER): Add CFI_PUSH/CFI_POP directives.
|
||||
--
|
||||
|
||||
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
||||
---
|
||||
cipher/asm-common-amd64.h | 6 +++++-
|
||||
1 file changed, 5 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/cipher/asm-common-amd64.h b/cipher/asm-common-amd64.h
|
||||
index 870fef9a..3fa065e8 100644
|
||||
--- a/cipher/asm-common-amd64.h
|
||||
+++ b/cipher/asm-common-amd64.h
|
||||
@@ -59,14 +59,18 @@
|
||||
# ifdef __code_model_large__
|
||||
# define GET_EXTERN_POINTER(name, reg) \
|
||||
pushq %r15; \
|
||||
+ CFI_PUSH(%r15); \
|
||||
pushq %r14; \
|
||||
+ CFI_PUSH(%r14); \
|
||||
1: leaq 1b(%rip), reg; \
|
||||
movabsq $_GLOBAL_OFFSET_TABLE_-1b, %r14; \
|
||||
movabsq $name@GOT, %r15; \
|
||||
addq %r14, reg; \
|
||||
popq %r14; \
|
||||
+ CFI_POP(%r14); \
|
||||
movq (reg, %r15), reg; \
|
||||
- popq %r15;
|
||||
+ popq %r15; \
|
||||
+ CFI_POP(%r15);
|
||||
# else
|
||||
# define GET_EXTERN_POINTER(name, reg) movq name@GOTPCREL(%rip), reg
|
||||
# endif
|
||||
--
|
||||
2.45.2
|
||||
|
||||
From dd42a4e03e066c49a6d83e0d3a07e4261d77121a Mon Sep 17 00:00:00 2001
|
||||
From: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
||||
Date: Sat, 27 Jul 2024 08:16:56 +0300
|
||||
Subject: [PATCH] Do not build rijndael-vaes-avx2-i386 on x86-64
|
||||
Subject: [PATCH] Do not build i386 assembly on x86-64
|
||||
|
||||
* configure.ac: Enable building i386 "rijndael-vaes" only
|
||||
on i?86 host instead of x86 MPI arch ("i?86 + x86-64").
|
||||
--
|
||||
|
||||
GnuPG-bug-id: 7220
|
||||
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
||||
---
|
||||
configure.ac | 9 +++++----
|
||||
@ -40,19 +83,112 @@ index d3dffb4b..1e182552 100644
|
||||
esac
|
||||
fi
|
||||
--
|
||||
2.43.0
|
||||
2.45.2
|
||||
|
||||
From 5797d75e3b916caf504bed73a8629c6c168be58d Mon Sep 17 00:00:00 2001
|
||||
From: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
||||
Date: Sat, 27 Jul 2024 08:50:57 +0300
|
||||
Subject: [PATCH] Do not build amd64 assembly on i386
|
||||
|
||||
From 9178af96038acd295d02a4c405c19435dce92ad8 Mon Sep 17 00:00:00 2001
|
||||
* configure.ac: Build "serpent-avx2-amd64" and
|
||||
"camellia-*-amd64" only on x86-64.
|
||||
--
|
||||
|
||||
GnuPG-bug-id: 7220
|
||||
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
||||
---
|
||||
configure.ac | 50 +++++++++++++++++++++++++++-----------------------
|
||||
1 file changed, 27 insertions(+), 23 deletions(-)
|
||||
|
||||
diff --git a/configure.ac b/configure.ac
|
||||
index 1e182552..191aa38d 100644
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -3133,14 +3133,14 @@ if test "$found" = "1" ; then
|
||||
x86_64-*-*)
|
||||
# Build with the SSE2 implementation
|
||||
GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS serpent-sse2-amd64.lo"
|
||||
+
|
||||
+ if test x"$avx2support" = xyes ; then
|
||||
+ # Build with the AVX2 implementation
|
||||
+ GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS serpent-avx2-amd64.lo"
|
||||
+ fi
|
||||
;;
|
||||
esac
|
||||
|
||||
- if test x"$avx2support" = xyes ; then
|
||||
- # Build with the AVX2 implementation
|
||||
- GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS serpent-avx2-amd64.lo"
|
||||
- fi
|
||||
-
|
||||
if test x"$avx512support" = xyes ; then
|
||||
# Build with the AVX512 implementation
|
||||
GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS serpent-avx512-x86.lo"
|
||||
@@ -3186,28 +3186,32 @@ if test "$found" = "1" ; then
|
||||
;;
|
||||
esac
|
||||
|
||||
- if test x"$avxsupport" = xyes ; then
|
||||
- if test x"$aesnisupport" = xyes ; then
|
||||
- # Build with the AES-NI/AVX implementation
|
||||
- GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS camellia-aesni-avx-amd64.lo"
|
||||
- fi
|
||||
- fi
|
||||
+ case "${host}" in
|
||||
+ x86_64-*-*)
|
||||
+ if test x"$avxsupport" = xyes ; then
|
||||
+ if test x"$aesnisupport" = xyes ; then
|
||||
+ # Build with the AES-NI/AVX implementation
|
||||
+ GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS camellia-aesni-avx-amd64.lo"
|
||||
+ fi
|
||||
+ fi
|
||||
|
||||
- if test x"$avx2support" = xyes ; then
|
||||
- if test x"$aesnisupport" = xyes ; then
|
||||
- # Build with the AES-NI/AVX2 implementation
|
||||
- GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS camellia-aesni-avx2-amd64.lo"
|
||||
+ if test x"$avx2support" = xyes ; then
|
||||
+ if test x"$aesnisupport" = xyes ; then
|
||||
+ # Build with the AES-NI/AVX2 implementation
|
||||
+ GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS camellia-aesni-avx2-amd64.lo"
|
||||
|
||||
- # Build with the VAES/AVX2 implementation
|
||||
- GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS camellia-vaes-avx2-amd64.lo"
|
||||
+ # Build with the VAES/AVX2 implementation
|
||||
+ GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS camellia-vaes-avx2-amd64.lo"
|
||||
|
||||
- # Build with the GFNI/AVX2 implementation
|
||||
- GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS camellia-gfni-avx2-amd64.lo"
|
||||
+ # Build with the GFNI/AVX2 implementation
|
||||
+ GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS camellia-gfni-avx2-amd64.lo"
|
||||
|
||||
- # Build with the GFNI/AVX512 implementation
|
||||
- GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS camellia-gfni-avx512-amd64.lo"
|
||||
- fi
|
||||
- fi
|
||||
+ # Build with the GFNI/AVX512 implementation
|
||||
+ GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS camellia-gfni-avx512-amd64.lo"
|
||||
+ fi
|
||||
+ fi
|
||||
+ ;;
|
||||
+ esac
|
||||
fi
|
||||
|
||||
LIST_MEMBER(idea, $enabled_ciphers)
|
||||
--
|
||||
2.45.2
|
||||
|
||||
From d69e6a29b986cf1cb21e09d337a0de2564ef34f2 Mon Sep 17 00:00:00 2001
|
||||
From: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
||||
Date: Fri, 26 Jul 2024 10:59:12 +0300
|
||||
Subject: [PATCH 1/2] Add CET support for x86-64 assembly
|
||||
Subject: [PATCH] Add CET support for x86-64 assembly
|
||||
|
||||
* cipher/asm-common-amd64.h (ENDBRANCH): New.
|
||||
(CFI_STARTPROC): Add ENDBRANCH.
|
||||
[__CET__] (note.gnu.property): Add CET property section.
|
||||
--
|
||||
|
||||
GnuPG-bug-id: 7220
|
||||
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
||||
---
|
||||
cipher/asm-common-amd64.h | 30 ++++++++++++++++++++++++++++--
|
||||
@ -114,18 +250,19 @@ index 3fa065e8..465ef62b 100644
|
||||
+
|
||||
#endif /* GCRY_ASM_COMMON_AMD64_H */
|
||||
--
|
||||
2.43.0
|
||||
2.45.2
|
||||
|
||||
From e7c81e64b1a81455ce72c54607ce6ab35c24f407 Mon Sep 17 00:00:00 2001
|
||||
From 64ec13d11b08fbe31cc6f83e9464e7e251d41019 Mon Sep 17 00:00:00 2001
|
||||
From: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
||||
Date: Fri, 26 Jul 2024 11:09:37 +0300
|
||||
Subject: [PATCH 2/2] Add CET support for i386 assembly
|
||||
Subject: [PATCH] Add CET support for i386 assembly
|
||||
|
||||
* cipher/asm-common-i386.h (ENDBRANCH): New.
|
||||
(CFI_STARTPROC): Add ENDBRANCH.
|
||||
[__CET__] (note.gnu.property): Add CET property section.
|
||||
--
|
||||
|
||||
GnuPG-bug-id: 7220
|
||||
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
||||
---
|
||||
cipher/asm-common-i386.h | 30 ++++++++++++++++++++++++++++--
|
||||
@ -187,5 +324,5 @@ index d746ebc4..346a8ff2 100644
|
||||
+
|
||||
#endif /* GCRY_ASM_COMMON_AMD64_H */
|
||||
--
|
||||
2.43.0
|
||||
2.45.2
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user