“Fix” FIPS build under ASAN.

It's not obvious how to make ASAN happy with the integrity test but this will let us test FIPS-only code with ASAN at least. Change-Id: Iac983787e04cb86a158e4416c410d9b2d1e5e03f Reviewed-on: https://boringssl-review.googlesource.com/14965 Reviewed-by: Adam Langley <agl@google.com>
7年前 · a0eb4a8193
--- a/crypto/fipsmodule/CMakeLists.txt
+++ b/crypto/fipsmodule/CMakeLists.txt
@@ -74,11 +74,18 @@ if(FIPS)
    set (${OUTPUT} "${_TMP_STR}" PARENT_SCOPE)
  endfunction()

  JOIN("${BCM_ASM_SOURCES}" ",${CMAKE_CURRENT_BINARY_DIR}/" BCM_ASM_SOURCES_COMMA_SEP)
  set(DELOCATE_AS_FLAG)
  set(DELOCATE_AS_ARG)

  if(NOT "${BCM_ASM_SOURCES}" STREQUAL "")
    set(DELOCATE_AS_FLAG "-as")
    JOIN("${BCM_ASM_SOURCES}" ",${CMAKE_CURRENT_BINARY_DIR}/" BCM_ASM_SOURCES_COMMA_SEP)
    SET(DELOCATE_AS_ARG "${CMAKE_CURRENT_BINARY_DIR}/${BCM_ASM_SOURCES_COMMA_SEP}")
  endif()

  add_custom_command(
    OUTPUT bcm-delocated.S
    COMMAND ${GO_EXECUTABLE} run crypto/fipsmodule/delocate.go crypto/fipsmodule/ar.go crypto/fipsmodule/const.go -a $<TARGET_FILE:bcm_c_generated_asm> -as ${CMAKE_CURRENT_BINARY_DIR}/${BCM_ASM_SOURCES_COMMA_SEP} -o ${CMAKE_CURRENT_BINARY_DIR}/bcm-delocated.S
    COMMAND ${GO_EXECUTABLE} run crypto/fipsmodule/delocate.go crypto/fipsmodule/ar.go crypto/fipsmodule/const.go -a $<TARGET_FILE:bcm_c_generated_asm> ${DELOCATE_AS_FLAG} ${DELOCATE_AS_ARG} -o ${CMAKE_CURRENT_BINARY_DIR}/bcm-delocated.S
    DEPENDS bcm_c_generated_asm ${BCM_ASM_SOURCES} delocate.go ar.go const.go
    WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}
  )
--- a/crypto/fipsmodule/bcm.c
+++ b/crypto/fipsmodule/bcm.c
@@ -48,6 +48,14 @@ static void BORINGSSL_bcm_power_on_self_test(void) __attribute__((constructor));
 static void BORINGSSL_bcm_power_on_self_test(void) {
  CRYPTO_library_init();

 #if defined(__has_feature)
 #if __has_feature(address_sanitizer)
  /* Power-on tests cannot run under ASAN because it involves reading the full
   * .text section, which triggers the global-buffer overflow detection. */
  return;
 #endif
 #endif

  const uint8_t *const start = (const uint8_t *)BORINGSSL_bcm_text_dummy_start;
  const uint8_t *const end = (const uint8_t *)BORINGSSL_bcm_text_dummy_end;

--- a/crypto/fipsmodule/delocate.go
+++ b/crypto/fipsmodule/delocate.go
@@ -49,6 +49,10 @@ func main() {

 	asPaths := strings.Split(*asmFiles, ",")
 	for i, path := range asPaths {
 		if len(path) == 0 {
 			continue
 		}

 		if lines, err = asLines(lines, path, i); err != nil {
 			panic(err)
 		}
@@ -258,6 +262,7 @@ func transform(lines []string, symbols map[string]bool) (ret []string) {
 		}
 	}

 	ret = append(ret, ".text")
 	ret = append(ret, "BORINGSSL_bcm_text_end:")

 	// Emit redirector functions. Each is a single JMP instruction.