From: Kees Cook <keescook@chromium.org>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: "Kees Cook" <keescook@chromium.org>,
"João Moreira" <joao.moreira@lsc.ic.unicamp.br>,
"Eric Biggers" <ebiggers@kernel.org>,
"Sami Tolvanen" <samitolvanen@google.com>,
"David S. Miller" <davem@davemloft.net>,
"Ard Biesheuvel" <ard.biesheuvel@linaro.org>,
"Stephan Mueller" <smueller@chronox.de>,
x86@kernel.org, linux-crypto@vger.kernel.org,
linux-kernel@vger.kernel.org,
kernel-hardening@lists.openwall.com
Subject: [PATCH v4 6/8] crypto: x86/aesni: Use new glue function macros
Date: Mon, 11 Nov 2019 13:45:50 -0800 [thread overview]
Message-ID: <20191111214552.36717-7-keescook@chromium.org> (raw)
In-Reply-To: <20191111214552.36717-1-keescook@chromium.org>
Convert to function declaration macros from function prototype casts to
avoid triggering Control-Flow Integrity checks during indirect function
calls.
Signed-off-by: Kees Cook <keescook@chromium.org>
---
arch/x86/crypto/aesni-intel_glue.c | 31 ++++++++++--------------------
1 file changed, 10 insertions(+), 21 deletions(-)
diff --git a/arch/x86/crypto/aesni-intel_glue.c b/arch/x86/crypto/aesni-intel_glue.c
index 3e707e81afdb..e1072ea0a4fa 100644
--- a/arch/x86/crypto/aesni-intel_glue.c
+++ b/arch/x86/crypto/aesni-intel_glue.c
@@ -33,9 +33,7 @@
#include <crypto/internal/skcipher.h>
#include <linux/workqueue.h>
#include <linux/spinlock.h>
-#ifdef CONFIG_X86_64
#include <asm/crypto/glue_helper.h>
-#endif
#define AESNI_ALIGN 16
@@ -83,10 +81,8 @@ struct gcm_context_data {
asmlinkage int aesni_set_key(struct crypto_aes_ctx *ctx, const u8 *in_key,
unsigned int key_len);
-asmlinkage void aesni_enc(struct crypto_aes_ctx *ctx, u8 *out,
- const u8 *in);
-asmlinkage void aesni_dec(struct crypto_aes_ctx *ctx, u8 *out,
- const u8 *in);
+CRYPTO_FUNC(aesni_enc);
+CRYPTO_FUNC(aesni_dec);
asmlinkage void aesni_ecb_enc(struct crypto_aes_ctx *ctx, u8 *out,
const u8 *in, unsigned int len);
asmlinkage void aesni_ecb_dec(struct crypto_aes_ctx *ctx, u8 *out,
@@ -550,19 +546,14 @@ static int xts_aesni_setkey(struct crypto_skcipher *tfm, const u8 *key,
}
-static void aesni_xts_tweak(void *ctx, u8 *out, const u8 *in)
-{
- aesni_enc(ctx, out, in);
-}
-
static void aesni_xts_enc(void *ctx, u128 *dst, const u128 *src, le128 *iv)
{
- glue_xts_crypt_128bit_one(ctx, dst, src, iv, GLUE_FUNC_CAST(aesni_enc));
+ glue_xts_crypt_128bit_one(ctx, dst, src, iv, aesni_enc);
}
static void aesni_xts_dec(void *ctx, u128 *dst, const u128 *src, le128 *iv)
{
- glue_xts_crypt_128bit_one(ctx, dst, src, iv, GLUE_FUNC_CAST(aesni_dec));
+ glue_xts_crypt_128bit_one(ctx, dst, src, iv, aesni_dec);
}
static void aesni_xts_enc8(void *ctx, u128 *dst, const u128 *src, le128 *iv)
@@ -581,10 +572,10 @@ static const struct common_glue_ctx aesni_enc_xts = {
.funcs = { {
.num_blocks = 8,
- .fn_u = { .xts = GLUE_XTS_FUNC_CAST(aesni_xts_enc8) }
+ .fn_u = { .xts = aesni_xts_enc8 }
}, {
.num_blocks = 1,
- .fn_u = { .xts = GLUE_XTS_FUNC_CAST(aesni_xts_enc) }
+ .fn_u = { .xts = aesni_xts_enc }
} }
};
@@ -594,10 +585,10 @@ static const struct common_glue_ctx aesni_dec_xts = {
.funcs = { {
.num_blocks = 8,
- .fn_u = { .xts = GLUE_XTS_FUNC_CAST(aesni_xts_dec8) }
+ .fn_u = { .xts = aesni_xts_dec8 }
}, {
.num_blocks = 1,
- .fn_u = { .xts = GLUE_XTS_FUNC_CAST(aesni_xts_dec) }
+ .fn_u = { .xts = aesni_xts_dec }
} }
};
@@ -606,8 +597,7 @@ static int xts_encrypt(struct skcipher_request *req)
struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
struct aesni_xts_ctx *ctx = crypto_skcipher_ctx(tfm);
- return glue_xts_req_128bit(&aesni_enc_xts, req,
- XTS_TWEAK_CAST(aesni_xts_tweak),
+ return glue_xts_req_128bit(&aesni_enc_xts, req, aesni_enc,
aes_ctx(ctx->raw_tweak_ctx),
aes_ctx(ctx->raw_crypt_ctx),
false);
@@ -618,8 +608,7 @@ static int xts_decrypt(struct skcipher_request *req)
struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
struct aesni_xts_ctx *ctx = crypto_skcipher_ctx(tfm);
- return glue_xts_req_128bit(&aesni_dec_xts, req,
- XTS_TWEAK_CAST(aesni_xts_tweak),
+ return glue_xts_req_128bit(&aesni_dec_xts, req, aesni_enc,
aes_ctx(ctx->raw_tweak_ctx),
aes_ctx(ctx->raw_crypt_ctx),
true);
--
2.17.1
next prev parent reply other threads:[~2019-11-11 21:46 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-11 21:45 [PATCH v4 0/8] crypto: x86: Fix indirect function call casts Kees Cook
2019-11-11 21:45 ` [PATCH v4 1/8] crypto: x86/glue_helper: Add function glue macros Kees Cook
2019-11-11 21:45 ` [PATCH v4 2/8] crypto: x86/serpent: Use new glue function macros Kees Cook
2019-11-11 21:45 ` [PATCH v4 3/8] crypto: x86/camellia: " Kees Cook
2019-11-12 2:41 ` Stephan Müller
2019-11-12 3:14 ` Eric Biggers
2019-11-12 3:16 ` Herbert Xu
2019-11-12 22:56 ` Kees Cook
2019-11-11 21:45 ` [PATCH v4 4/8] crypto: x86/twofish: " Kees Cook
2019-11-11 21:45 ` [PATCH v4 5/8] crypto: x86/cast6: " Kees Cook
2019-11-11 21:45 ` Kees Cook [this message]
2019-11-11 21:45 ` [PATCH v4 7/8] crypto: x86/glue_helper: Remove function prototype cast helpers Kees Cook
2019-11-11 21:45 ` [PATCH v4 8/8] crypto, x86/sha: Eliminate casts on asm implementations Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191111214552.36717-7-keescook@chromium.org \
--to=keescook@chromium.org \
--cc=ard.biesheuvel@linaro.org \
--cc=davem@davemloft.net \
--cc=ebiggers@kernel.org \
--cc=herbert@gondor.apana.org.au \
--cc=joao.moreira@lsc.ic.unicamp.br \
--cc=kernel-hardening@lists.openwall.com \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=samitolvanen@google.com \
--cc=smueller@chronox.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.