#
1.8 |
|
24-Feb-2024 |
tb |
Add a few missing endbr64 to libcrypto
gcm_{gmult,ghash}_4bit(), aesni_ccm64_decrypt_blocks(), aes_cbc_encrypt(), and aesni_xts_{en,de}crypt() were overlooked in previous passes.
Found with a diff for ld.lld by kettenis ok kettenis
|
#
1.7 |
|
24-Feb-2024 |
tb |
Replace uses of endbr64 with _CET_ENDBR from cet.h
cet.h is needed for other platforms to emit the relevant .gnu.properties sections that are necessary for them to enable IBT. It also avoids issues with older toolchains on macOS that explode on encountering endbr64.
based on a diff by kettenis ok beck kettenis
|
#
1.6 |
|
24-Jan-2024 |
jsing |
Avoid a four byte overread in gcm_ghash_4bit() on amd64.
The assembly code for gcm_ghash_4bit() reads one too many times from Xi, resulting in a four byte overread. Prevent this by not loading the next value in the final iteration of the loop. If another full iteration is required the next Xi value will be loaded at the top of the outer_loop.
Many thanks to Douglas Gliner <Douglas.Gliner at sony dot com> for finding and reporting this issue, along with a detailed reproducer.
Same diff from deraadt@
ok tb@
|
Revision tags: OPENBSD_7_4_BASE
|
#
1.5 |
|
25-Apr-2023 |
deraadt |
Add endbr64 where needed by inspection. Passes regresson tests. ok jsing, and kind of tb an earlier version
|
Revision tags: OPENBSD_7_3_BASE
|
#
1.4 |
|
23-Feb-2023 |
tb |
Use explicit .text instead of .previous to please Windows/MinGW on amd64
ok miod
|
#
1.3 |
|
09-Feb-2023 |
tb |
Use .section .rodata instead of a plain .rodata
At least gcc 12 on Fedora is very unhappy about a plain .rodata and throws Error: unknown pseudo-op: `.rodata'. So add a .section in front of it to make it happy.
ok deraadt miod
|
#
1.2 |
|
14-Jan-2023 |
deraadt |
Move constants out of text segment into rodata to prepare for xonly support on amd64. no pic handling is neccessary since amd64 has full reach. ok kettenis
|
#
1.1 |
|
13-Oct-2012 |
djm |
branches: 1.1.1; Initial revision
|
#
1.8 |
|
24-Feb-2024 |
tb |
Add a few missing endbr64 to libcrypto
gcm_{gmult,ghash}_4bit(), aesni_ccm64_decrypt_blocks(), aes_cbc_encrypt(), and aesni_xts_{en,de}crypt() were overlooked in previous passes.
Found with a diff for ld.lld by kettenis ok kettenis
|
#
1.7 |
|
24-Feb-2024 |
tb |
Replace uses of endbr64 with _CET_ENDBR from cet.h
cet.h is needed for other platforms to emit the relevant .gnu.properties sections that are necessary for them to enable IBT. It also avoids issues with older toolchains on macOS that explode on encountering endbr64.
based on a diff by kettenis ok beck kettenis
|
#
1.6 |
|
24-Jan-2024 |
jsing |
Avoid a four byte overread in gcm_ghash_4bit() on amd64.
The assembly code for gcm_ghash_4bit() reads one too many times from Xi, resulting in a four byte overread. Prevent this by not loading the next value in the final iteration of the loop. If another full iteration is required the next Xi value will be loaded at the top of the outer_loop.
Many thanks to Douglas Gliner <Douglas.Gliner at sony dot com> for finding and reporting this issue, along with a detailed reproducer.
Same diff from deraadt@
ok tb@
|
Revision tags: OPENBSD_7_4_BASE
|
#
1.5 |
|
25-Apr-2023 |
deraadt |
Add endbr64 where needed by inspection. Passes regresson tests. ok jsing, and kind of tb an earlier version
|
Revision tags: OPENBSD_7_3_BASE
|
#
1.4 |
|
23-Feb-2023 |
tb |
Use explicit .text instead of .previous to please Windows/MinGW on amd64
ok miod
|
#
1.3 |
|
09-Feb-2023 |
tb |
Use .section .rodata instead of a plain .rodata
At least gcc 12 on Fedora is very unhappy about a plain .rodata and throws Error: unknown pseudo-op: `.rodata'. So add a .section in front of it to make it happy.
ok deraadt miod
|
#
1.2 |
|
14-Jan-2023 |
deraadt |
Move constants out of text segment into rodata to prepare for xonly support on amd64. no pic handling is neccessary since amd64 has full reach. ok kettenis
|
#
1.1 |
|
13-Oct-2012 |
djm |
branches: 1.1.1; Initial revision
|
#
1.6 |
|
24-Jan-2024 |
jsing |
Avoid a four byte overread in gcm_ghash_4bit() on amd64.
The assembly code for gcm_ghash_4bit() reads one too many times from Xi, resulting in a four byte overread. Prevent this by not loading the next value in the final iteration of the loop. If another full iteration is required the next Xi value will be loaded at the top of the outer_loop.
Many thanks to Douglas Gliner <Douglas.Gliner at sony dot com> for finding and reporting this issue, along with a detailed reproducer.
Same diff from deraadt@
ok tb@
|
Revision tags: OPENBSD_7_4_BASE
|
#
1.5 |
|
25-Apr-2023 |
deraadt |
Add endbr64 where needed by inspection. Passes regresson tests. ok jsing, and kind of tb an earlier version
|
Revision tags: OPENBSD_7_3_BASE
|
#
1.4 |
|
23-Feb-2023 |
tb |
Use explicit .text instead of .previous to please Windows/MinGW on amd64
ok miod
|
#
1.3 |
|
09-Feb-2023 |
tb |
Use .section .rodata instead of a plain .rodata
At least gcc 12 on Fedora is very unhappy about a plain .rodata and throws Error: unknown pseudo-op: `.rodata'. So add a .section in front of it to make it happy.
ok deraadt miod
|
#
1.2 |
|
14-Jan-2023 |
deraadt |
Move constants out of text segment into rodata to prepare for xonly support on amd64. no pic handling is neccessary since amd64 has full reach. ok kettenis
|
#
1.1 |
|
13-Oct-2012 |
djm |
branches: 1.1.1; Initial revision
|
#
1.5 |
|
25-Apr-2023 |
deraadt |
Add endbr64 where needed by inspection. Passes regresson tests. ok jsing, and kind of tb an earlier version
|
Revision tags: OPENBSD_7_3_BASE
|
#
1.4 |
|
23-Feb-2023 |
tb |
Use explicit .text instead of .previous to please Windows/MinGW on amd64
ok miod
|
#
1.3 |
|
09-Feb-2023 |
tb |
Use .section .rodata instead of a plain .rodata
At least gcc 12 on Fedora is very unhappy about a plain .rodata and throws Error: unknown pseudo-op: `.rodata'. So add a .section in front of it to make it happy.
ok deraadt miod
|
#
1.2 |
|
14-Jan-2023 |
deraadt |
Move constants out of text segment into rodata to prepare for xonly support on amd64. no pic handling is neccessary since amd64 has full reach. ok kettenis
|
#
1.1 |
|
13-Oct-2012 |
djm |
branches: 1.1.1; Initial revision
|
#
1.4 |
|
23-Feb-2023 |
tb |
Use explicit .text instead of .previous to please Windows/MinGW on amd64
ok miod
|
#
1.3 |
|
09-Feb-2023 |
tb |
Use .section .rodata instead of a plain .rodata
At least gcc 12 on Fedora is very unhappy about a plain .rodata and throws Error: unknown pseudo-op: `.rodata'. So add a .section in front of it to make it happy.
ok deraadt miod
|
#
1.2 |
|
14-Jan-2023 |
deraadt |
Move constants out of text segment into rodata to prepare for xonly support on amd64. no pic handling is neccessary since amd64 has full reach. ok kettenis
|
#
1.1 |
|
13-Oct-2012 |
djm |
branches: 1.1.1; Initial revision
|
#
1.3 |
|
09-Feb-2023 |
tb |
Use .section .rodata instead of a plain .rodata
At least gcc 12 on Fedora is very unhappy about a plain .rodata and throws Error: unknown pseudo-op: `.rodata'. So add a .section in front of it to make it happy.
ok deraadt miod
|
#
1.2 |
|
14-Jan-2023 |
deraadt |
Move constants out of text segment into rodata to prepare for xonly support on amd64. no pic handling is neccessary since amd64 has full reach. ok kettenis
|
#
1.1 |
|
13-Oct-2012 |
djm |
branches: 1.1.1; Initial revision
|
#
1.2 |
|
14-Jan-2023 |
deraadt |
Move constants out of text segment into rodata to prepare for xonly support on amd64. no pic handling is neccessary since amd64 has full reach. ok kettenis
|
#
1.1 |
|
13-Oct-2012 |
djm |
branches: 1.1.1; Initial revision
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.1.1.2 |
|
13-Apr-2014 |
miod |
Import OpenSSL 1.0.1g
|
#
1.1.1.1 |
|
13-Oct-2012 |
djm |
import OpenSSL-1.0.1c
|