Date: Wed, 9 Feb 2022 23:58:16 GMT From: Ed Maste <emaste@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Subject: git: 5d14c1d0f421 - stable/13 - libfido2: Address CHERI compatibility Message-ID: <202202092358.219NwGTG043679@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch stable/13 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=5d14c1d0f4214f0f23cc6e5df4b729f94a022908 commit 5d14c1d0f4214f0f23cc6e5df4b729f94a022908 Author: Jessica Clarke <jrtc27@jrtc27.com> AuthorDate: 2021-10-02 15:51:38 +0000 Commit: Ed Maste <emaste@FreeBSD.org> CommitDate: 2022-02-09 21:23:53 +0000 libfido2: Address CHERI compatibility Cherry-picked from libfido2 upstream f20a735c0a6f: iso7816: Avoid storing pointers in a packed structure On CHERI, and thus Arm's experimental Morello prototype architecture, pointers are represented as capabilities, which are unforgeable bounded pointers, providing always-on fine-grained spatial memory safety. The unforgeability is enforced through the use of tagged memory, with one validity tag bit per capability-sized-and-aligned word in memory. This means that storing a pointer to an unaligned location, which is not guaranteed to work per the C standard, either traps or results in the capability losing its tag (and thus never being dereferenceable again), depending on how exactly the store is done (specifically, whether a capability store or memcpy is used). However, iso7816 itself does not need to be packed, and doing so likely causes inefficiencies on existing architectures. The iso7816_header_t member is packed, and the flexible payload array is a uint8_t (which by definition has no padding bits and is exactly 8 bits in size and, since CHAR_BITS must be at least 8, its existence implies that it has the same representation as unsigned char, and that it has size and alignment 1) so there will never be any padding inserted between header and payload (but payload may overlap with padding at the end of the struct due to how flexible arrays work, which means we need to be careful about our calculations). Co-authored-by: pedro martelletto <pedro@yubico.com> (cherry picked from commit 224a95f124270275ddd7ab9f8f87dd47bad7c282) --- contrib/libfido2/src/iso7816.c | 4 ++-- contrib/libfido2/src/iso7816.h | 5 ++--- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/contrib/libfido2/src/iso7816.c b/contrib/libfido2/src/iso7816.c index a11aae3e99d1..a4902277c6d8 100644 --- a/contrib/libfido2/src/iso7816.c +++ b/contrib/libfido2/src/iso7816.c @@ -59,6 +59,6 @@ iso7816_ptr(const iso7816_apdu_t *apdu) size_t iso7816_len(const iso7816_apdu_t *apdu) { - return apdu->alloc_len - sizeof(apdu->alloc_len) - - sizeof(apdu->payload_len) - sizeof(apdu->payload_ptr); + return apdu->alloc_len - offsetof(iso7816_apdu_t, header) - + (sizeof(iso7816_apdu_t) - offsetof(iso7816_apdu_t, payload)); } diff --git a/contrib/libfido2/src/iso7816.h b/contrib/libfido2/src/iso7816.h index 5f5363a63a56..9bfad1fbab9d 100644 --- a/contrib/libfido2/src/iso7816.h +++ b/contrib/libfido2/src/iso7816.h @@ -27,14 +27,13 @@ struct iso7816_header { uint8_t lc3; }) -PACKED_TYPE(iso7816_apdu_t, -struct iso7816_apdu { +typedef struct iso7816_apdu { size_t alloc_len; uint16_t payload_len; uint8_t *payload_ptr; iso7816_header_t header; uint8_t payload[]; -}) +} iso7816_apdu_t; const unsigned char *iso7816_ptr(const iso7816_apdu_t *); int iso7816_add(iso7816_apdu_t *, const void *, size_t);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202202092358.219NwGTG043679>