diff options
author | Greg Hudson <ghudson@mit.edu> | 2014-01-03 13:50:48 -0500 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2014-01-03 13:50:48 -0500 |
commit | c64e39c69a9a7ee32c00b0cf7918f6274a565544 (patch) | |
tree | 163eaf2024038ec63cbf6227c4f359153646f764 /src/lib/crypto | |
parent | dae7693f8bf970d89d4c697f3d66a7d458281b93 (diff) | |
download | krb5-c64e39c69a9a7ee32c00b0cf7918f6274a565544.zip krb5-c64e39c69a9a7ee32c00b0cf7918f6274a565544.tar.gz krb5-c64e39c69a9a7ee32c00b0cf7918f6274a565544.tar.bz2 |
Mark AESNI files as not needing executable stacks
Some Linux systems now come with facilities to mark the stack as
non-executable, making it more difficult to exploit buffer overrun
bugs. For this to work, object files built from assembly need a
section added to note whether they require an executable stack.
Patch from Dhiru Kholia with comments added. More information at:
https://bugzilla.redhat.com/show_bug.cgi?id=1045699
https://wiki.gentoo.org/wiki/Hardened/GNU_stack_quickstart
ticket: 7813
target_version: 1.12.1
tags: pullup
Diffstat (limited to 'src/lib/crypto')
-rw-r--r-- | src/lib/crypto/builtin/aes/iaesx64.s | 11 | ||||
-rw-r--r-- | src/lib/crypto/builtin/aes/iaesx86.s | 11 |
2 files changed, 22 insertions, 0 deletions
diff --git a/src/lib/crypto/builtin/aes/iaesx64.s b/src/lib/crypto/builtin/aes/iaesx64.s index 1c091c1..d03c859 100644 --- a/src/lib/crypto/builtin/aes/iaesx64.s +++ b/src/lib/crypto/builtin/aes/iaesx64.s @@ -834,3 +834,14 @@ lp256encsingle_CBC: movdqu [r9],xmm1 add rsp,16*16+8 ret + +; Mark this file as not needing an executable stack. +%ifidn __OUTPUT_FORMAT__,elf +section .note.GNU-stack noalloc noexec nowrite progbits +%endif +%ifidn __OUTPUT_FORMAT__,elf32 +section .note.GNU-stack noalloc noexec nowrite progbits +%endif +%ifidn __OUTPUT_FORMAT__,elf64 +section .note.GNU-stack noalloc noexec nowrite progbits +%endif diff --git a/src/lib/crypto/builtin/aes/iaesx86.s b/src/lib/crypto/builtin/aes/iaesx86.s index b667acd..1aa12e6 100644 --- a/src/lib/crypto/builtin/aes/iaesx86.s +++ b/src/lib/crypto/builtin/aes/iaesx86.s @@ -871,3 +871,14 @@ lp256encsingle_CBC: movdqu [ecx],xmm1 ; store last iv for chaining ret + +; Mark this file as not needing an executable stack. +%ifidn __OUTPUT_FORMAT__,elf +section .note.GNU-stack noalloc noexec nowrite progbits +%endif +%ifidn __OUTPUT_FORMAT__,elf32 +section .note.GNU-stack noalloc noexec nowrite progbits +%endif +%ifidn __OUTPUT_FORMAT__,elf64 +section .note.GNU-stack noalloc noexec nowrite progbits +%endif |