Google Git
Sign in
boringssl/boringssl.git/a0eb4a8193ca7f1944f91bab9005cb4423be3694^!/.
commit
a0eb4a8193ca7f1944f91bab9005cb4423be3694
[log]
author
Adam Langley <alangley@gmail.com>
Wed Apr 12 13:42:21 2017 -0700
committer
Adam Langley <agl@google.com>
Thu Apr 13 16:41:42 2017 +0000
tree
b951c0f6a3a5207ac4ee0c35b60fa1d6f8c5accc
parent
82b2b8574f6d5b48bd8a2b04a03b8f6f1a6ffb42 [diff]
“Fix” FIPS build under ASAN.

It's not obvious how to make ASAN happy with the integrity test but this
will let us test FIPS-only code with ASAN at least.

Change-Id: Iac983787e04cb86a158e4416c410d9b2d1e5e03f
Reviewed-on: https://boringssl-review.googlesource.com/14965
Reviewed-by: Adam Langley <agl@google.com>

diff --git a/crypto/fipsmodule/CMakeLists.txt b/crypto/fipsmodule/CMakeLists.txt
index 171e6a9..44cd869 100644
--- a/crypto/fipsmodule/CMakeLists.txt
+++ b/crypto/fipsmodule/CMakeLists.txt

@@ -74,11 +74,18 @@
     set (${OUTPUT} "${_TMP_STR}" PARENT_SCOPE)
   endfunction()
 
-  JOIN("${BCM_ASM_SOURCES}" ",${CMAKE_CURRENT_BINARY_DIR}/" BCM_ASM_SOURCES_COMMA_SEP)
+  set(DELOCATE_AS_FLAG)
+  set(DELOCATE_AS_ARG)
+
+  if(NOT "${BCM_ASM_SOURCES}" STREQUAL "")
+    set(DELOCATE_AS_FLAG "-as")
+    JOIN("${BCM_ASM_SOURCES}" ",${CMAKE_CURRENT_BINARY_DIR}/" BCM_ASM_SOURCES_COMMA_SEP)
+    SET(DELOCATE_AS_ARG "${CMAKE_CURRENT_BINARY_DIR}/${BCM_ASM_SOURCES_COMMA_SEP}")
+  endif()
 
   add_custom_command(
     OUTPUT bcm-delocated.S
-    COMMAND ${GO_EXECUTABLE} run crypto/fipsmodule/delocate.go crypto/fipsmodule/ar.go crypto/fipsmodule/const.go -a $<TARGET_FILE:bcm_c_generated_asm> -as ${CMAKE_CURRENT_BINARY_DIR}/${BCM_ASM_SOURCES_COMMA_SEP} -o ${CMAKE_CURRENT_BINARY_DIR}/bcm-delocated.S
+    COMMAND ${GO_EXECUTABLE} run crypto/fipsmodule/delocate.go crypto/fipsmodule/ar.go crypto/fipsmodule/const.go -a $<TARGET_FILE:bcm_c_generated_asm> ${DELOCATE_AS_FLAG} ${DELOCATE_AS_ARG} -o ${CMAKE_CURRENT_BINARY_DIR}/bcm-delocated.S
     DEPENDS bcm_c_generated_asm ${BCM_ASM_SOURCES} delocate.go ar.go const.go
     WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}
   )

diff --git a/crypto/fipsmodule/bcm.c b/crypto/fipsmodule/bcm.c
index 45ca7e6..3b3e4dc 100644
--- a/crypto/fipsmodule/bcm.c
+++ b/crypto/fipsmodule/bcm.c

@@ -48,6 +48,14 @@
 static void BORINGSSL_bcm_power_on_self_test(void) {
   CRYPTO_library_init();
 
+#if defined(__has_feature)
+#if __has_feature(address_sanitizer)
+  /* Power-on tests cannot run under ASAN because it involves reading the full
+   * .text section, which triggers the global-buffer overflow detection. */
+  return;
+#endif
+#endif
+
   const uint8_t *const start = (const uint8_t *)BORINGSSL_bcm_text_dummy_start;
   const uint8_t *const end = (const uint8_t *)BORINGSSL_bcm_text_dummy_end;
 

diff --git a/crypto/fipsmodule/delocate.go b/crypto/fipsmodule/delocate.go
index 6d6d9b2..3be35d4 100644
--- a/crypto/fipsmodule/delocate.go
+++ b/crypto/fipsmodule/delocate.go

@@ -49,6 +49,10 @@
 
 	asPaths := strings.Split(*asmFiles, ",")
 	for i, path := range asPaths {
+		if len(path) == 0 {
+			continue
+		}
+
 		if lines, err = asLines(lines, path, i); err != nil {
 			panic(err)
 		}
@@ -258,6 +262,7 @@
 		}
 	}
 
+	ret = append(ret, ".text")
 	ret = append(ret, "BORINGSSL_bcm_text_end:")
 
 	// Emit redirector functions. Each is a single JMP instruction.