From 920796a0c696a94a1a701ba31cf9491b16bf0c2a Mon Sep 17 00:00:00 2001 From: dkostic Date: Mon, 21 Oct 2024 07:24:40 -0700 Subject: [PATCH] asdad --- crypto/fipsmodule/CMakeLists.txt | 6 +++--- crypto/fipsmodule/bcm.c | 4 ++-- crypto/fipsmodule/fips_shared.lds | 1 - crypto/fipsmodule/fips_shared_support.c | 7 ++++--- crypto/fipsmodule/fips_support.h | 1 - crypto/fipsmodule/gcc_fips_shared.lds | 1 - 6 files changed, 9 insertions(+), 11 deletions(-) diff --git a/crypto/fipsmodule/CMakeLists.txt b/crypto/fipsmodule/CMakeLists.txt index 6b2e56ca27..91dcede490 100644 --- a/crypto/fipsmodule/CMakeLists.txt +++ b/crypto/fipsmodule/CMakeLists.txt @@ -546,12 +546,12 @@ elseif(FIPS_SHARED) else() set(BCM_NAME bcm.o) # fips_shared.lds does not have 'clang' prefix because we want to keep merging any changes from upstream. - # set(FIPS_CUSTOM_LINKER_SCRIPT "${CMAKE_CURRENT_SOURCE_DIR}/fips_shared.lds") - # if (GCC) + set(FIPS_CUSTOM_LINKER_SCRIPT "${CMAKE_CURRENT_SOURCE_DIR}/fips_shared.lds") + if (GCC) # gcc puts some code in sections named ".text.unlikely", ".text.exit" and ".text.startup". # so we have a separate linker script for gcc. set(FIPS_CUSTOM_LINKER_SCRIPT "${CMAKE_CURRENT_SOURCE_DIR}/gcc_fips_shared.lds") - # endif() + endif() add_custom_command( OUTPUT ${BCM_NAME} diff --git a/crypto/fipsmodule/bcm.c b/crypto/fipsmodule/bcm.c index 010c7d2dd6..9607edfb6d 100644 --- a/crypto/fipsmodule/bcm.c +++ b/crypto/fipsmodule/bcm.c @@ -177,6 +177,7 @@ static const void* function_entry_ptr(const void* func_sym) { // the location of the integrity hash, respectively. extern const uint8_t BORINGSSL_bcm_text_start[]; extern const uint8_t BORINGSSL_bcm_text_end[]; +extern const uint8_t BORINGSSL_bcm_text_hash[]; #if defined(BORINGSSL_SHARED_LIBRARY) extern const uint8_t BORINGSSL_bcm_rodata_start[]; extern const uint8_t BORINGSSL_bcm_rodata_end[]; @@ -373,8 +374,7 @@ int BORINGSSL_integrity_test(void) { } HMAC_CTX_cleanse(&hmac_ctx); // FIPS 140-3, AS05.10. - uint8_t expected[32] = {0}; - get_asdasd(expected); + const uint8_t *expected = BORINGSSL_bcm_text_hash; if (!check_test(expected, result, sizeof(result), "FIPS integrity test")) { #if !defined(BORINGSSL_FIPS_BREAK_TESTS) diff --git a/crypto/fipsmodule/fips_shared.lds b/crypto/fipsmodule/fips_shared.lds index 734729f9f0..6e2b8f5e13 100644 --- a/crypto/fipsmodule/fips_shared.lds +++ b/crypto/fipsmodule/fips_shared.lds @@ -1,7 +1,6 @@ SECTIONS { .text : { - *(.text.bcm_support) BORINGSSL_bcm_text_start = .; *(.text) *(.text.unlikely.*) diff --git a/crypto/fipsmodule/fips_shared_support.c b/crypto/fipsmodule/fips_shared_support.c index 5ba80c3db2..d27ffe3295 100644 --- a/crypto/fipsmodule/fips_shared_support.c +++ b/crypto/fipsmodule/fips_shared_support.c @@ -19,12 +19,13 @@ // that must be replaced with the real value during the build process. This // value need only be distinct, i.e. so that we can safely search-and-replace it // in an object file. -volatile uint8_t asdasd[32] = { +// +const uint8_t BORINGSSL_bcm_text_hash[32]; +__attribute__((section(".rodata.bcm_support"))) +const uint8_t BORINGSSL_bcm_text_hash[32] = { 0xae, 0x2c, 0xea, 0x2a, 0xbd, 0xa6, 0xf3, 0xec, 0x97, 0x7f, 0x9b, 0xf6, 0x94, 0x9a, 0xfc, 0x83, 0x68, 0x27, 0xcb, 0xa0, 0xa0, 0x9f, 0x6b, 0x6f, 0xde, 0x52, 0xcd, 0xe2, 0xcd, 0xff, 0x31, 0x80, }; -__attribute__((section(".text.bcm_support"))) -void get_asdasd(uint8_t *out) { for (int i = 0; i < 32; i++) out[i] = asdasd[i]; } #endif // FIPS && SHARED_LIBRARY diff --git a/crypto/fipsmodule/fips_support.h b/crypto/fipsmodule/fips_support.h index cc07409dd5..ddb8a62b1c 100644 --- a/crypto/fipsmodule/fips_support.h +++ b/crypto/fipsmodule/fips_support.h @@ -3,6 +3,5 @@ #include -void get_asdasd(uint8_t *out); #endif diff --git a/crypto/fipsmodule/gcc_fips_shared.lds b/crypto/fipsmodule/gcc_fips_shared.lds index b6f1a89220..291c22a947 100644 --- a/crypto/fipsmodule/gcc_fips_shared.lds +++ b/crypto/fipsmodule/gcc_fips_shared.lds @@ -1,7 +1,6 @@ SECTIONS { .text : { - *(.text.bcm_support) BORINGSSL_bcm_text_start = .; *(.text) /* gcc puts some code in sections named ".text.unlikely", ".text.exit" and ".text.startup". */