From patchwork Mon May 6 19:19:46 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Joao Moreira X-Patchwork-Id: 10931867 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 5E3AD13AD for ; Mon, 6 May 2019 19:20:31 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 4EDBD28891 for ; Mon, 6 May 2019 19:20:31 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 431A128895; Mon, 6 May 2019 19:20:31 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.2 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.wl.linuxfoundation.org (Postfix) with SMTP id 6D21328891 for ; Mon, 6 May 2019 19:20:25 +0000 (UTC) Received: (qmail 7563 invoked by uid 550); 6 May 2019 19:20:13 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 7543 invoked from network); 6 May 2019 19:20:13 -0000 X-Virus-Scanned: by amavisd-new at test-mx.suse.de From: Joao Moreira To: kernel-hardening@lists.openwall.com Cc: linux-kernel@vger.kernel.org, x86@kernel.org, herbert@gondor.apana.org.au, davem@davemloft.net, tglx@linutronix.de, mingo@redhat.com, hpa@zytor.com, gregkh@linuxfoundation.org, keescook@chromium.org Subject: [RFC PATCH v2 0/4] x86/crypto: Fix crypto function casts Date: Mon, 6 May 2019 16:19:46 -0300 Message-Id: <20190506191950.9521-1-jmoreira@suse.de> X-Mailer: git-send-email 2.16.4 X-Virus-Scanned: ClamAV using ClamSMTP It is possible to indirectly invoke functions with prototypes that do not match those of the respectively used function pointers by using void types. This feature is frequently used as a way of relaxing function invocation, making it possible that different data structures are passed to different functions through the same pointer. Despite the benefits, this can lead to a situation where functions with a given prototype are invoked by pointers with a different prototype, what is undesirable as it may prevent the use of heuristics such as prototype matching-based Control-Flow Integrity, which can be used to prevent ROP-based attacks. One way of fixing this situation is through the use of helper functions with prototypes that match the one in the respective invoking pointer. Given the above, the current efforts to improve the Linux security, and the upcoming kernel support to compilers with CFI features, fix the prototype casting of x86/crypto algorithms camellia, cast6, serpent and twofish with the use of a macro that generates the helper function. This patch does not introduce semantic changes to the cryptographic algorithms, yet, if someone finds relevant, the affected algorithms were tested with the help of tcrypt.ko without any visible harm. Joao Moreira (4): Fix serpent crypto function prototypes Fix camellia crypto function prototypes Fix twofish crypto function prototypes Fix cast6 crypto function prototypes arch/x86/crypto/camellia_aesni_avx2_glue.c | 69 ++++++++-------------- arch/x86/crypto/camellia_aesni_avx_glue.c | 45 +++++++-------- arch/x86/crypto/camellia_glue.c | 19 +++--- arch/x86/crypto/cast6_avx_glue.c | 54 +++++++---------- arch/x86/crypto/serpent_avx2_glue.c | 68 ++++++++++------------ arch/x86/crypto/serpent_avx_glue.c | 63 ++++++++------------ arch/x86/crypto/serpent_sse2_glue.c | 24 +++++--- arch/x86/crypto/twofish_avx_glue.c | 65 ++++++++++----------- arch/x86/crypto/twofish_glue_3way.c | 33 ++++++----- arch/x86/include/asm/crypto/camellia.h | 93 +++++++++++++++--------------- arch/x86/include/asm/crypto/serpent-avx.h | 39 ++++++++----- arch/x86/include/asm/crypto/serpent-sse2.h | 10 ++++ arch/x86/include/asm/crypto/twofish.h | 33 ++++++++--- include/crypto/cast6.h | 23 +++++++- 14 files changed, 320 insertions(+), 318 deletions(-)