asdad

aws · Oct 21, 2024 · 920796a · 920796a
1 parent ef9fc81
commit 920796a
Show file tree

Hide file tree

Showing 6 changed files with 9 additions and 11 deletions.
diff --git a/crypto/fipsmodule/CMakeLists.txt b/crypto/fipsmodule/CMakeLists.txt
@@ -546,12 +546,12 @@ elseif(FIPS_SHARED)
   else()
     set(BCM_NAME bcm.o)
     # fips_shared.lds does not have 'clang' prefix because we want to keep merging any changes from upstream.
-    # set(FIPS_CUSTOM_LINKER_SCRIPT "${CMAKE_CURRENT_SOURCE_DIR}/fips_shared.lds")
-    # if (GCC)
+    set(FIPS_CUSTOM_LINKER_SCRIPT "${CMAKE_CURRENT_SOURCE_DIR}/fips_shared.lds")
+    if (GCC)
       # gcc puts some code in sections named ".text.unlikely", ".text.exit" and ".text.startup".
       # so we have a separate linker script for gcc.
       set(FIPS_CUSTOM_LINKER_SCRIPT "${CMAKE_CURRENT_SOURCE_DIR}/gcc_fips_shared.lds")
-    # endif()
+    endif()
 
     add_custom_command(
       OUTPUT ${BCM_NAME}

diff --git a/crypto/fipsmodule/bcm.c b/crypto/fipsmodule/bcm.c
@@ -177,6 +177,7 @@ static const void* function_entry_ptr(const void* func_sym) {
 // the location of the integrity hash, respectively.
 extern const uint8_t BORINGSSL_bcm_text_start[];
 extern const uint8_t BORINGSSL_bcm_text_end[];
+extern const uint8_t BORINGSSL_bcm_text_hash[];
 #if defined(BORINGSSL_SHARED_LIBRARY)
 extern const uint8_t BORINGSSL_bcm_rodata_start[];
 extern const uint8_t BORINGSSL_bcm_rodata_end[];
@@ -373,8 +374,7 @@ int BORINGSSL_integrity_test(void) {
   }
   HMAC_CTX_cleanse(&hmac_ctx); // FIPS 140-3, AS05.10.
 
-  uint8_t expected[32] = {0};
-  get_asdasd(expected);
+  const uint8_t *expected = BORINGSSL_bcm_text_hash;
 
   if (!check_test(expected, result, sizeof(result), "FIPS integrity test")) {
 #if !defined(BORINGSSL_FIPS_BREAK_TESTS)

diff --git a/crypto/fipsmodule/fips_shared.lds b/crypto/fipsmodule/fips_shared.lds
@@ -1,7 +1,6 @@
 SECTIONS
 {
   .text : {
-    *(.text.bcm_support)
     BORINGSSL_bcm_text_start = .;
     *(.text)
     *(.text.unlikely.*)

diff --git a/crypto/fipsmodule/fips_shared_support.c b/crypto/fipsmodule/fips_shared_support.c
@@ -19,12 +19,13 @@
 // that must be replaced with the real value during the build process. This
 // value need only be distinct, i.e. so that we can safely search-and-replace it
 // in an object file.
-volatile uint8_t asdasd[32] = {
+//
+const uint8_t BORINGSSL_bcm_text_hash[32];
+__attribute__((section(".rodata.bcm_support")))
+const uint8_t BORINGSSL_bcm_text_hash[32] = {
     0xae, 0x2c, 0xea, 0x2a, 0xbd, 0xa6, 0xf3, 0xec, 0x97, 0x7f, 0x9b,
     0xf6, 0x94, 0x9a, 0xfc, 0x83, 0x68, 0x27, 0xcb, 0xa0, 0xa0, 0x9f,
     0x6b, 0x6f, 0xde, 0x52, 0xcd, 0xe2, 0xcd, 0xff, 0x31, 0x80,
 };
 
-__attribute__((section(".text.bcm_support")))
-void get_asdasd(uint8_t *out) { for (int i = 0; i < 32; i++) out[i] = asdasd[i]; }
 #endif  // FIPS && SHARED_LIBRARY
diff --git a/crypto/fipsmodule/fips_support.h b/crypto/fipsmodule/fips_support.h
@@ -3,6 +3,5 @@
 
 #include <stdint.h>
 
-void get_asdasd(uint8_t *out);
 
 #endif
diff --git a/crypto/fipsmodule/gcc_fips_shared.lds b/crypto/fipsmodule/gcc_fips_shared.lds
@@ -1,7 +1,6 @@
 SECTIONS
 {
   .text : {
-    *(.text.bcm_support)
     BORINGSSL_bcm_text_start = .;
     *(.text)
     /* gcc puts some code in sections named ".text.unlikely", ".text.exit" and ".text.startup". */