diff --git a/crypto/fipsmodule/CMakeLists.txt b/crypto/fipsmodule/CMakeLists.txt index 171e6a9f..44cd869c 100644 --- a/crypto/fipsmodule/CMakeLists.txt +++ b/crypto/fipsmodule/CMakeLists.txt @@ -74,11 +74,18 @@ if(FIPS) set (${OUTPUT} "${_TMP_STR}" PARENT_SCOPE) endfunction() - JOIN("${BCM_ASM_SOURCES}" ",${CMAKE_CURRENT_BINARY_DIR}/" BCM_ASM_SOURCES_COMMA_SEP) + set(DELOCATE_AS_FLAG) + set(DELOCATE_AS_ARG) + + if(NOT "${BCM_ASM_SOURCES}" STREQUAL "") + set(DELOCATE_AS_FLAG "-as") + JOIN("${BCM_ASM_SOURCES}" ",${CMAKE_CURRENT_BINARY_DIR}/" BCM_ASM_SOURCES_COMMA_SEP) + SET(DELOCATE_AS_ARG "${CMAKE_CURRENT_BINARY_DIR}/${BCM_ASM_SOURCES_COMMA_SEP}") + endif() add_custom_command( OUTPUT bcm-delocated.S - COMMAND ${GO_EXECUTABLE} run crypto/fipsmodule/delocate.go crypto/fipsmodule/ar.go crypto/fipsmodule/const.go -a $ -as ${CMAKE_CURRENT_BINARY_DIR}/${BCM_ASM_SOURCES_COMMA_SEP} -o ${CMAKE_CURRENT_BINARY_DIR}/bcm-delocated.S + COMMAND ${GO_EXECUTABLE} run crypto/fipsmodule/delocate.go crypto/fipsmodule/ar.go crypto/fipsmodule/const.go -a $ ${DELOCATE_AS_FLAG} ${DELOCATE_AS_ARG} -o ${CMAKE_CURRENT_BINARY_DIR}/bcm-delocated.S DEPENDS bcm_c_generated_asm ${BCM_ASM_SOURCES} delocate.go ar.go const.go WORKING_DIRECTORY ${CMAKE_SOURCE_DIR} ) diff --git a/crypto/fipsmodule/bcm.c b/crypto/fipsmodule/bcm.c index 45ca7e65..3b3e4dc0 100644 --- a/crypto/fipsmodule/bcm.c +++ b/crypto/fipsmodule/bcm.c @@ -48,6 +48,14 @@ static void BORINGSSL_bcm_power_on_self_test(void) __attribute__((constructor)); static void BORINGSSL_bcm_power_on_self_test(void) { CRYPTO_library_init(); +#if defined(__has_feature) +#if __has_feature(address_sanitizer) + /* Power-on tests cannot run under ASAN because it involves reading the full + * .text section, which triggers the global-buffer overflow detection. */ + return; +#endif +#endif + const uint8_t *const start = (const uint8_t *)BORINGSSL_bcm_text_dummy_start; const uint8_t *const end = (const uint8_t *)BORINGSSL_bcm_text_dummy_end; diff --git a/crypto/fipsmodule/delocate.go b/crypto/fipsmodule/delocate.go index 6d6d9b2a..3be35d4a 100644 --- a/crypto/fipsmodule/delocate.go +++ b/crypto/fipsmodule/delocate.go @@ -49,6 +49,10 @@ func main() { asPaths := strings.Split(*asmFiles, ",") for i, path := range asPaths { + if len(path) == 0 { + continue + } + if lines, err = asLines(lines, path, i); err != nil { panic(err) } @@ -258,6 +262,7 @@ func transform(lines []string, symbols map[string]bool) (ret []string) { } } + ret = append(ret, ".text") ret = append(ret, "BORINGSSL_bcm_text_end:") // Emit redirector functions. Each is a single JMP instruction.