From fbf2f1c697bc6902d12264313e5f11362896dcc3 Mon Sep 17 00:00:00 2001 From: John Marino Date: Sun, 6 Sep 2015 10:58:37 +0200 Subject: [PATCH] libcrypto: Enable library to be loaded in non-executable stack I scanned my system for libraries that were loading on executable sections of the stack and found two: libc and libcrypto. After adding a GNU-stack ELF note to each assembly file, the result is the crypto library now loads in a non-executable stack. --- secure/lib/libcrypto/asm/aes-x86_64.s | 1 + secure/lib/libcrypto/asm/aesni-sha1-x86_64.s | 1 + secure/lib/libcrypto/asm/aesni-x86_64.s | 1 + secure/lib/libcrypto/asm/bsaes-x86_64.s | 1 + secure/lib/libcrypto/asm/cmll-x86_64.s | 1 + secure/lib/libcrypto/asm/ghash-x86_64.s | 1 + secure/lib/libcrypto/asm/md5-x86_64.s | 1 + secure/lib/libcrypto/asm/modexp512-x86_64.s | 1 + secure/lib/libcrypto/asm/rc4-md5-x86_64.s | 1 + secure/lib/libcrypto/asm/rc4-x86_64.s | 1 + secure/lib/libcrypto/asm/sha1-x86_64.s | 1 + secure/lib/libcrypto/asm/sha256-x86_64.s | 1 + secure/lib/libcrypto/asm/sha512-x86_64.s | 1 + secure/lib/libcrypto/asm/vpaes-x86_64.s | 1 + secure/lib/libcrypto/asm/wp-x86_64.s | 1 + secure/lib/libcrypto/asm/x86_64-gf2m.s | 1 + secure/lib/libcrypto/asm/x86_64-mont.s | 1 + secure/lib/libcrypto/asm/x86_64-mont5.s | 1 + secure/lib/libcrypto/asm/x86_64cpuid.s | 1 + 19 files changed, 19 insertions(+) diff --git a/secure/lib/libcrypto/asm/aes-x86_64.s b/secure/lib/libcrypto/asm/aes-x86_64.s index e385566f08..023f8054c5 100644 --- a/secure/lib/libcrypto/asm/aes-x86_64.s +++ b/secure/lib/libcrypto/asm/aes-x86_64.s @@ -2539,3 +2539,4 @@ AES_cbc_encrypt: .long 0x1b1b1b1b, 0x1b1b1b1b, 0, 0 .byte 65,69,83,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 .align 64 +.section .note.GNU-stack,"",%progbits diff --git a/secure/lib/libcrypto/asm/aesni-sha1-x86_64.s b/secure/lib/libcrypto/asm/aesni-sha1-x86_64.s index 32fd600b92..a65ae57d02 100644 --- a/secure/lib/libcrypto/asm/aesni-sha1-x86_64.s +++ b/secure/lib/libcrypto/asm/aesni-sha1-x86_64.s @@ -1394,3 +1394,4 @@ K_XX_XX: .byte 65,69,83,78,73,45,67,66,67,43,83,72,65,49,32,115,116,105,116,99,104,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 .align 64 +.section .note.GNU-stack,"",%progbits diff --git a/secure/lib/libcrypto/asm/aesni-x86_64.s b/secure/lib/libcrypto/asm/aesni-x86_64.s index 917c832354..50b21838fd 100644 --- a/secure/lib/libcrypto/asm/aesni-x86_64.s +++ b/secure/lib/libcrypto/asm/aesni-x86_64.s @@ -2533,3 +2533,4 @@ __aesni_set_encrypt_key: .byte 65,69,83,32,102,111,114,32,73,110,116,101,108,32,65,69,83,45,78,73,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 .align 64 +.section .note.GNU-stack,"",%progbits diff --git a/secure/lib/libcrypto/asm/bsaes-x86_64.s b/secure/lib/libcrypto/asm/bsaes-x86_64.s index dc92d4dad4..e244d58949 100644 --- a/secure/lib/libcrypto/asm/bsaes-x86_64.s +++ b/secure/lib/libcrypto/asm/bsaes-x86_64.s @@ -2496,3 +2496,4 @@ _bsaes_const: .byte 66,105,116,45,115,108,105,99,101,100,32,65,69,83,32,102,111,114,32,120,56,54,95,54,52,47,83,83,83,69,51,44,32,69,109,105,108,105,97,32,75,195,164,115,112,101,114,44,32,80,101,116,101,114,32,83,99,104,119,97,98,101,44,32,65,110,100,121,32,80,111,108,121,97,107,111,118,0 .align 64 .size _bsaes_const,.-_bsaes_const +.section .note.GNU-stack,"",%progbits diff --git a/secure/lib/libcrypto/asm/cmll-x86_64.s b/secure/lib/libcrypto/asm/cmll-x86_64.s index 82a63a588b..4719f7be39 100644 --- a/secure/lib/libcrypto/asm/cmll-x86_64.s +++ b/secure/lib/libcrypto/asm/cmll-x86_64.s @@ -1836,3 +1836,4 @@ Camellia_cbc_encrypt: .size Camellia_cbc_encrypt,.-Camellia_cbc_encrypt .byte 67,97,109,101,108,108,105,97,32,102,111,114,32,120,56,54,95,54,52,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 +.section .note.GNU-stack,"",%progbits diff --git a/secure/lib/libcrypto/asm/ghash-x86_64.s b/secure/lib/libcrypto/asm/ghash-x86_64.s index 62d39c65f5..7ad27535b9 100644 --- a/secure/lib/libcrypto/asm/ghash-x86_64.s +++ b/secure/lib/libcrypto/asm/ghash-x86_64.s @@ -1024,3 +1024,4 @@ gcm_ghash_clmul: .byte 71,72,65,83,72,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 .align 64 +.section .note.GNU-stack,"",%progbits diff --git a/secure/lib/libcrypto/asm/md5-x86_64.s b/secure/lib/libcrypto/asm/md5-x86_64.s index 235d5e4ecd..30f94cea0e 100644 --- a/secure/lib/libcrypto/asm/md5-x86_64.s +++ b/secure/lib/libcrypto/asm/md5-x86_64.s @@ -666,3 +666,4 @@ md5_block_asm_data_order: .Lepilogue: .byte 0xf3,0xc3 .size md5_block_asm_data_order,.-md5_block_asm_data_order +.section .note.GNU-stack,"",%progbits diff --git a/secure/lib/libcrypto/asm/modexp512-x86_64.s b/secure/lib/libcrypto/asm/modexp512-x86_64.s index 6cccafb868..bbaf79caa8 100644 --- a/secure/lib/libcrypto/asm/modexp512-x86_64.s +++ b/secure/lib/libcrypto/asm/modexp512-x86_64.s @@ -1771,3 +1771,4 @@ end_main_loop_a3b: .Lepilogue: .byte 0xf3,0xc3 .size mod_exp_512, . - mod_exp_512 +.section .note.GNU-stack,"",%progbits diff --git a/secure/lib/libcrypto/asm/rc4-md5-x86_64.s b/secure/lib/libcrypto/asm/rc4-md5-x86_64.s index aab3c6db13..b057f8d3bc 100644 --- a/secure/lib/libcrypto/asm/rc4-md5-x86_64.s +++ b/secure/lib/libcrypto/asm/rc4-md5-x86_64.s @@ -1257,3 +1257,4 @@ rc4_md5_enc: .Labort: .byte 0xf3,0xc3 .size rc4_md5_enc,.-rc4_md5_enc +.section .note.GNU-stack,"",%progbits diff --git a/secure/lib/libcrypto/asm/rc4-x86_64.s b/secure/lib/libcrypto/asm/rc4-x86_64.s index af161582aa..88645e10e9 100644 --- a/secure/lib/libcrypto/asm/rc4-x86_64.s +++ b/secure/lib/libcrypto/asm/rc4-x86_64.s @@ -613,3 +613,4 @@ RC4_options: .byte 82,67,52,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 .align 64 .size RC4_options,.-RC4_options +.section .note.GNU-stack,"",%progbits diff --git a/secure/lib/libcrypto/asm/sha1-x86_64.s b/secure/lib/libcrypto/asm/sha1-x86_64.s index 3922e203b7..86df85ec48 100644 --- a/secure/lib/libcrypto/asm/sha1-x86_64.s +++ b/secure/lib/libcrypto/asm/sha1-x86_64.s @@ -2484,3 +2484,4 @@ K_XX_XX: .long 0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f .byte 83,72,65,49,32,98,108,111,99,107,32,116,114,97,110,115,102,111,114,109,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 .align 64 +.section .note.GNU-stack,"",%progbits diff --git a/secure/lib/libcrypto/asm/sha256-x86_64.s b/secure/lib/libcrypto/asm/sha256-x86_64.s index db5b898f0f..1da0e47a05 100644 --- a/secure/lib/libcrypto/asm/sha256-x86_64.s +++ b/secure/lib/libcrypto/asm/sha256-x86_64.s @@ -1776,3 +1776,4 @@ K256: .long 0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3 .long 0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208 .long 0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2 +.section .note.GNU-stack,"",%progbits diff --git a/secure/lib/libcrypto/asm/sha512-x86_64.s b/secure/lib/libcrypto/asm/sha512-x86_64.s index 2d3294e02d..2ca2e300d7 100644 --- a/secure/lib/libcrypto/asm/sha512-x86_64.s +++ b/secure/lib/libcrypto/asm/sha512-x86_64.s @@ -1800,3 +1800,4 @@ K512: .quad 0x3c9ebe0a15c9bebc,0x431d67c49c100d4c .quad 0x4cc5d4becb3e42b6,0x597f299cfc657e2a .quad 0x5fcb6fab3ad6faec,0x6c44198c4a475817 +.section .note.GNU-stack,"",%progbits diff --git a/secure/lib/libcrypto/asm/vpaes-x86_64.s b/secure/lib/libcrypto/asm/vpaes-x86_64.s index 0162631fb9..9a05c2bccf 100644 --- a/secure/lib/libcrypto/asm/vpaes-x86_64.s +++ b/secure/lib/libcrypto/asm/vpaes-x86_64.s @@ -826,3 +826,4 @@ _vpaes_consts: .byte 86,101,99,116,111,114,32,80,101,114,109,117,116,97,116,105,111,110,32,65,69,83,32,102,111,114,32,120,56,54,95,54,52,47,83,83,83,69,51,44,32,77,105,107,101,32,72,97,109,98,117,114,103,32,40,83,116,97,110,102,111,114,100,32,85,110,105,118,101,114,115,105,116,121,41,0 .align 64 .size _vpaes_consts,.-_vpaes_consts +.section .note.GNU-stack,"",%progbits diff --git a/secure/lib/libcrypto/asm/wp-x86_64.s b/secure/lib/libcrypto/asm/wp-x86_64.s index 0a33c43c29..63386738de 100644 --- a/secure/lib/libcrypto/asm/wp-x86_64.s +++ b/secure/lib/libcrypto/asm/wp-x86_64.s @@ -856,3 +856,4 @@ whirlpool_block: .byte 228,39,65,139,167,125,149,216 .byte 251,238,124,102,221,23,71,158 .byte 202,45,191,7,173,90,131,51 +.section .note.GNU-stack,"",%progbits diff --git a/secure/lib/libcrypto/asm/x86_64-gf2m.s b/secure/lib/libcrypto/asm/x86_64-gf2m.s index ccd2ed701c..4f777b7492 100644 --- a/secure/lib/libcrypto/asm/x86_64-gf2m.s +++ b/secure/lib/libcrypto/asm/x86_64-gf2m.s @@ -289,3 +289,4 @@ bn_GF2m_mul_2x2: .size bn_GF2m_mul_2x2,.-bn_GF2m_mul_2x2 .byte 71,70,40,50,94,109,41,32,77,117,108,116,105,112,108,105,99,97,116,105,111,110,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 .align 16 +.section .note.GNU-stack,"",%progbits diff --git a/secure/lib/libcrypto/asm/x86_64-mont.s b/secure/lib/libcrypto/asm/x86_64-mont.s index 95e2905287..e4c59eb032 100644 --- a/secure/lib/libcrypto/asm/x86_64-mont.s +++ b/secure/lib/libcrypto/asm/x86_64-mont.s @@ -1372,3 +1372,4 @@ bn_sqr4x_mont: .size bn_sqr4x_mont,.-bn_sqr4x_mont .byte 77,111,110,116,103,111,109,101,114,121,32,77,117,108,116,105,112,108,105,99,97,116,105,111,110,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 .align 16 +.section .note.GNU-stack,"",%progbits diff --git a/secure/lib/libcrypto/asm/x86_64-mont5.s b/secure/lib/libcrypto/asm/x86_64-mont5.s index 49ec6ac67b..a86ef89aed 100644 --- a/secure/lib/libcrypto/asm/x86_64-mont5.s +++ b/secure/lib/libcrypto/asm/x86_64-mont5.s @@ -782,3 +782,4 @@ bn_gather5: .long 0,0, 0,0, 0,0, -1,-1 .long 0,0, 0,0, 0,0, 0,0 .byte 77,111,110,116,103,111,109,101,114,121,32,77,117,108,116,105,112,108,105,99,97,116,105,111,110,32,119,105,116,104,32,115,99,97,116,116,101,114,47,103,97,116,104,101,114,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 +.section .note.GNU-stack,"",%progbits diff --git a/secure/lib/libcrypto/asm/x86_64cpuid.s b/secure/lib/libcrypto/asm/x86_64cpuid.s index 562b03abd1..8f41b44145 100644 --- a/secure/lib/libcrypto/asm/x86_64cpuid.s +++ b/secure/lib/libcrypto/asm/x86_64cpuid.s @@ -232,3 +232,4 @@ OPENSSL_ia32_rdrand: cmoveq %rcx,%rax .byte 0xf3,0xc3 .size OPENSSL_ia32_rdrand,.-OPENSSL_ia32_rdrand +.section .note.GNU-stack,"",%progbits -- 2.41.0