[PATCH v4 0/8] crypto: x86: Fix indirect function call casts

From: Kees Cook
Date: Mon Nov 11 2019 - 16:46:09 EST


Hi,

Now that Clang's CFI has been fixed to do the right thing with extern
asm functions, this patch series is much simplified. Repeating patch
1's commit log here:

The crypto glue performed function prototype casting to make indirect
calls to assembly routines. Instead of performing casts at the call
sites (which trips Control Flow Integrity prototype checking), create a
set of macros to either declare the prototypes to avoid the need for
casts, or build inline helpers to allow for various aliased functions.

With this series (and the Clang LTO+CFI series) I am able to boot x86
with all crytpo selftests enabled without tripping any CFI checks.

Thanks!

-Kees

v4:
- remove C wrappers (no longer needed after Clang CFI fixes)
- simplify everything to avoid casts as much as possible
v3: https://lore.kernel.org/lkml/20190507161321.34611-1-keescook@xxxxxxxxxxxx/

Kees Cook (8):
crypto: x86/glue_helper: Add function glue macros
crypto: x86/serpent: Use new glue function macros
crypto: x86/camellia: Use new glue function macros
crypto: x86/twofish: Use new glue function macros
crypto: x86/cast6: Use new glue function macros
crypto: x86/aesni: Use new glue function macros
crypto: x86/glue_helper: Remove function prototype cast helpers
crypto, x86/sha: Eliminate casts on asm implementations

arch/x86/crypto/aesni-intel_glue.c | 31 +++------
arch/x86/crypto/camellia_aesni_avx2_glue.c | 73 +++++++++------------
arch/x86/crypto/camellia_aesni_avx_glue.c | 63 ++++++------------
arch/x86/crypto/camellia_glue.c | 29 +++------
arch/x86/crypto/cast6_avx_glue.c | 62 ++++++++----------
arch/x86/crypto/serpent_avx2_glue.c | 65 +++++++++----------
arch/x86/crypto/serpent_avx_glue.c | 58 ++++++-----------
arch/x86/crypto/serpent_sse2_glue.c | 24 ++++---
arch/x86/crypto/sha1_ssse3_glue.c | 61 +++++++-----------
arch/x86/crypto/sha256_ssse3_glue.c | 31 ++++-----
arch/x86/crypto/sha512_ssse3_glue.c | 28 ++++----
arch/x86/crypto/twofish_avx_glue.c | 74 ++++++++--------------
arch/x86/crypto/twofish_glue.c | 5 +-
arch/x86/crypto/twofish_glue_3way.c | 25 +++-----
arch/x86/include/asm/crypto/camellia.h | 58 ++++-------------
arch/x86/include/asm/crypto/glue_helper.h | 27 ++++++--
arch/x86/include/asm/crypto/serpent-avx.h | 23 +++----
arch/x86/include/asm/crypto/serpent-sse2.h | 6 +-
arch/x86/include/asm/crypto/twofish.h | 17 ++---
crypto/cast6_generic.c | 6 +-
crypto/serpent_generic.c | 6 +-
include/crypto/cast6.h | 4 +-
include/crypto/serpent.h | 4 +-
include/crypto/xts.h | 2 -
24 files changed, 313 insertions(+), 469 deletions(-)

--
2.17.1