Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Mark AESNI files as not needing executable stacks
Some Linux systems now come with facilities to mark the stack as
non-executable, making it more difficult to exploit buffer overrun
bugs.  For this to work, object files built from assembly need a
section added to note whether they require an executable stack.

Patch from Dhiru Kholia with comments added.  More information at:
https://bugzilla.redhat.com/show_bug.cgi?id=1045699
https://wiki.gentoo.org/wiki/Hardened/GNU_stack_quickstart

ticket: 7813
target_version: 1.12.1
tags: pullup
  • Loading branch information
greghudson committed Jan 3, 2014
1 parent dae7693 commit c64e39c
Show file tree
Hide file tree
Showing 2 changed files with 22 additions and 0 deletions.
11 changes: 11 additions & 0 deletions src/lib/crypto/builtin/aes/iaesx64.s
Expand Up @@ -834,3 +834,14 @@ lp256encsingle_CBC:
movdqu [r9],xmm1
add rsp,16*16+8
ret

; Mark this file as not needing an executable stack.
%ifidn __OUTPUT_FORMAT__,elf
section .note.GNU-stack noalloc noexec nowrite progbits
%endif
%ifidn __OUTPUT_FORMAT__,elf32
section .note.GNU-stack noalloc noexec nowrite progbits
%endif
%ifidn __OUTPUT_FORMAT__,elf64
section .note.GNU-stack noalloc noexec nowrite progbits
%endif
11 changes: 11 additions & 0 deletions src/lib/crypto/builtin/aes/iaesx86.s
Expand Up @@ -871,3 +871,14 @@ lp256encsingle_CBC:
movdqu [ecx],xmm1 ; store last iv for chaining

ret

; Mark this file as not needing an executable stack.
%ifidn __OUTPUT_FORMAT__,elf
section .note.GNU-stack noalloc noexec nowrite progbits
%endif
%ifidn __OUTPUT_FORMAT__,elf32
section .note.GNU-stack noalloc noexec nowrite progbits
%endif
%ifidn __OUTPUT_FORMAT__,elf64
section .note.GNU-stack noalloc noexec nowrite progbits
%endif

0 comments on commit c64e39c

Please sign in to comment.