kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

“Fix” FIPS build under ASAN.

Browse Source 
It's not obvious how to make ASAN happy with the integrity test but this
will let us test FIPS-only code with ASAN at least.

Change-Id: Iac983787e04cb86a158e4416c410d9b2d1e5e03f
Reviewed-on: https://boringssl-review.googlesource.com/14965
Reviewed-by: Adam Langley <agl@google.com>
This commit is contained in:
Adam Langley 2017-04-12 13:42:21 -07:00 committed by Adam Langley
parent 82b2b8574f
commit a0eb4a8193
3 changed files with 22 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
crypto/fipsmodule/CMakeLists.txt
View File

@ -74,11 +74,18 @@ if(FIPS)
set (${OUTPUT} "${_TMP_STR}" PARENT_SCOPE)
endfunction()
JOIN("${BCM_ASM_SOURCES}" ",${CMAKE_CURRENT_BINARY_DIR}/" BCM_ASM_SOURCES_COMMA_SEP)
set(DELOCATE_AS_FLAG)
set(DELOCATE_AS_ARG)
if(NOT "${BCM_ASM_SOURCES}" STREQUAL "")
set(DELOCATE_AS_FLAG "-as")
JOIN("${BCM_ASM_SOURCES}" ",${CMAKE_CURRENT_BINARY_DIR}/" BCM_ASM_SOURCES_COMMA_SEP)
SET(DELOCATE_AS_ARG "${CMAKE_CURRENT_BINARY_DIR}/${BCM_ASM_SOURCES_COMMA_SEP}")
endif()
add_custom_command(
OUTPUT bcm-delocated.S
COMMAND ${GO_EXECUTABLE} run crypto/fipsmodule/delocate.go crypto/fipsmodule/ar.go crypto/fipsmodule/const.go -a $<TARGET_FILE:bcm_c_generated_asm> -as ${CMAKE_CURRENT_BINARY_DIR}/${BCM_ASM_SOURCES_COMMA_SEP} -o ${CMAKE_CURRENT_BINARY_DIR}/bcm-delocated.S
COMMAND ${GO_EXECUTABLE} run crypto/fipsmodule/delocate.go crypto/fipsmodule/ar.go crypto/fipsmodule/const.go -a $<TARGET_FILE:bcm_c_generated_asm> ${DELOCATE_AS_FLAG} ${DELOCATE_AS_ARG} -o ${CMAKE_CURRENT_BINARY_DIR}/bcm-delocated.S
DEPENDS bcm_c_generated_asm ${BCM_ASM_SOURCES} delocate.go ar.go const.go
WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}
)

8
crypto/fipsmodule/bcm.c
View File

@ -48,6 +48,14 @@ static void BORINGSSL_bcm_power_on_self_test(void) __attribute__((constructor));
static void BORINGSSL_bcm_power_on_self_test(void) {
CRYPTO_library_init();
#if defined(__has_feature)
#if __has_feature(address_sanitizer)
/* Power-on tests cannot run under ASAN because it involves reading the full
* .text section, which triggers the global-buffer overflow detection. */
return;
#endif
#endif
const uint8_t *const start = (const uint8_t *)BORINGSSL_bcm_text_dummy_start;
const uint8_t *const end = (const uint8_t *)BORINGSSL_bcm_text_dummy_end;

5
crypto/fipsmodule/delocate.go
View File

@ -49,6 +49,10 @@ func main() {
asPaths := strings.Split(*asmFiles, ",")
for i, path := range asPaths {
if len(path) == 0 {
continue
}
if lines, err = asLines(lines, path, i); err != nil {
panic(err)
}
@ -258,6 +262,7 @@ func transform(lines []string, symbols map[string]bool) (ret []string) {
}
}
ret = append(ret, ".text")
ret = append(ret, "BORINGSSL_bcm_text_end:")
// Emit redirector functions. Each is a single JMP instruction.