kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
d0a4059102
boringssl/crypto/fipsmodule/delocate.h
David Benjamin d0a4059102 Be less clever about .rel.ro avoidance. 
This restores the original version of delocate.go, with the subsequent
bugfixes patched in. With this, the FIPS module builds with GCC and
Clang, with and without optimizations. I did patch over a variant of the
macro though, since it was otherwise really wordy.

Playing games with sections was a little overly clever and relied on the
compiler not performing a number of optimizations. Clang blew threw all
of those assumptions.

Change-Id: Ib4da468a5925998457994f9e392cf0c04573fe91
Reviewed-on: https://boringssl-review.googlesource.com/14805
Reviewed-by: Adam Langley <agl@google.com>
2017-04-07 15:20:26 +00:00

67 lines
2.9 KiB
C
Raw Blame History

/* Copyright (c) 2017, Google Inc.
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
#ifndef OPENSSL_HEADER_FIPSMODULE_DELOCATE_H
#define OPENSSL_HEADER_FIPSMODULE_DELOCATE_H
#include <openssl/base.h>
#include "../internal.h"
#if defined(BORINGSSL_FIPS)
#define DEFINE_BSS_GET(type, name) \
static type name __attribute__((used)); \
type *name##_bss_get(void);
#else
#define DEFINE_BSS_GET(type, name) \
static type name; \
static type *name##_bss_get(void) { return &name; }
#endif
/* DEFINE_METHOD_FUNCTION defines a function named |name| which returns a
* method table of type const |type|*. In FIPS mode, to avoid rel.ro data, it
* is split into a CRYPTO_once_t-guarded initializer in the module and
* unhashed, non-module accessor functions to space reserved in the BSS. The
* method table is initialized by a caller-supplied function which takes a
* parameter named |out| of type |type|*. The caller should follow the macro
* invocation with the body of this function:
*
* DEFINE_METHOD_FUNCTION(EVP_MD, EVP_md4) {
* out->type = NID_md4;
* out->md_size = MD4_DIGEST_LENGTH;
* out->flags = 0;
* out->init = md4_init;
* out->update = md4_update;
* out->final = md4_final;
* out->block_size = 64;
* out->ctx_size = sizeof(MD4_CTX);
* }
*
* This mechanism does not use a static initializer because their execution
* order is undefined. See FIPS.md for more details. */
#define DEFINE_METHOD_FUNCTION(type, name) \
DEFINE_BSS_GET(type, name##_storage) \
DEFINE_BSS_GET(CRYPTO_once_t, name##_once) \
static void name##_do_init(type *out); \
static void name##_init(void) { name##_do_init(name##_storage_bss_get()); } \
const type *name(void) { \
CRYPTO_once(name##_once_bss_get(), name##_init); \
return name##_storage_bss_get(); \
} \
static void name##_do_init(type *out)
#endif /* OPENSSL_HEADER_FIPSMODULE_DELOCATE_H */
Reference in New Issue View Git Blame Copy Permalink