x86_64: Always generate .note.gnu.property section for ELF outputs

We should always generate .note.gnu.property section in x86_64 assembly
codes for ELF outputs to mark Intel CET support since all input files
must be marked with Intel CET support in order for linker to mark output
with Intel CET support.  Also .note.gnu.property section in x32 should
be aligned to 4 bytes, not 8 bytes and .p2align should be used
consistently.

Verified with

$ CC="gcc -Wl,-z,cet-report=error" ./Configure shared linux-x86_64 -fcf-protection
$ make
$ make test

and

$ CC="gcc -mx32 -Wl,-z,cet-report=error" ./Configure shared linux-x32 -fcf-protection
$ make
$ make test # <<< 90-test_sslapi.t failed because 8-byte pointer size.

Fix #10896

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10985)

diff --git a/crypto/perlasm/x86_64-xlate.pl b/crypto/perlasm/x86_64-xlate.pl
index e5644014abfb0338cfff18211c6bd19e5487a324..7a282109ef62270fb7698e542ee7b3f21e48fff3 100755 (executable)
--- a/crypto/perlasm/x86_64-xlate.pl
+++ b/crypto/perlasm/x86_64-xlate.pl
@@ -101,24 +101,33 @@ elsif (!$gas)
     $decor="\$L\$";
 }
 
-my $cet_property = <<'_____';
+my $cet_property;
+if ($flavour =~ /elf/) {
+       # Always generate .note.gnu.property section for ELF outputs to
+       # mark Intel CET support since all input files must be marked
+       # with Intel CET support in order for linker to mark output with
+       # Intel CET support.
+       my $p2align=3; $p2align=2 if ($flavour eq "elf32");
+       $cet_property = <<_____;
        .section ".note.gnu.property", "a"
-       .align 8
+       .p2align $p2align
        .long 1f - 0f
        .long 4f - 1f
        .long 5
 0:
        .asciz "GNU"
 1:
-       .align 8
+       .p2align $p2align
        .long 0xc0000002
        .long 3f - 2f
 2:
        .long 3
 3:
-       .p2align 3
+       .p2align $p2align
 4:
 _____
+}
+
 my $current_segment;
 my $current_function;
 my %globals;
@@ -1145,9 +1154,7 @@ my $vprotq = sub {
 # Intel Control-flow Enforcement Technology extension. All functions and
 # indirect branch targets will have to start with this instruction...
 
-my $used_cet = 0;
 my $endbranch = sub {
-    $used_cet = 1;
     (0xf3,0x0f,0x1e,0xfa);
 };
 
@@ -1233,7 +1240,7 @@ while(defined(my $line=<>)) {
     print $line,"\n";
 }
 
-print "$cet_property"                  if ($gas && $used_cet);
+print "$cet_property"                  if ($cet_property);
 print "\n$current_segment\tENDS\n"     if ($current_segment && $masm);
 print "END\n"                          if ($masm);