Google Git
Sign in
boringssl / boringssl / 1458b49a9e53b0db0ad63e8ef3156214f1473d87^! / .
commit1458b49a9e53b0db0ad63e8ef3156214f1473d87[log] [tgz]
authorAdam Langley <agl@google.com>Mon Sep 30 14:21:32 2019 -0700
committerCQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>Mon Sep 30 21:51:37 2019 +0000
treed3fa5dce5962fc175fd7a1b7a20ad96140fc5a1d
parent40633ac1966e9f1f93c7a9959db4503afdfc0a39 [diff]
Switch to using SHA-256 for FIPS integrity check on Android.

SHA-256 is likely to be faster on these devices given that a) some will
be 32-bit and b) some will have SHA-256 instructions.

BUG=141710485

Change-Id: I3a3fbb2b8db4f1a4d3059b39b188aee0e0462dd4
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/37845
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: David Benjamin <davidben@google.com>

diff --git a/crypto/fipsmodule/bcm.c b/crypto/fipsmodule/bcm.c
index 2706722..c9e4ef3 100644
--- a/crypto/fipsmodule/bcm.c
+++ b/crypto/fipsmodule/bcm.c

@@ -154,13 +154,19 @@
   const uint8_t *const rodata_end = BORINGSSL_bcm_rodata_end;
 #endif
 
-  static const uint8_t kHMACKey[64] = {0};
+#if defined(OPENSSL_ANDROID)
+  uint8_t result[SHA256_DIGEST_LENGTH];
+  const EVP_MD *const kHashFunction = EVP_sha256();
+#else
   uint8_t result[SHA512_DIGEST_LENGTH];
+  const EVP_MD *const kHashFunction = EVP_sha512();
+#endif
 
+  static const uint8_t kHMACKey[64] = {0};
   unsigned result_len;
   HMAC_CTX hmac_ctx;
   HMAC_CTX_init(&hmac_ctx);
-  if (!HMAC_Init_ex(&hmac_ctx, kHMACKey, sizeof(kHMACKey), EVP_sha512(),
+  if (!HMAC_Init_ex(&hmac_ctx, kHMACKey, sizeof(kHMACKey), kHashFunction,
                     NULL /* no ENGINE */)) {
     fprintf(stderr, "HMAC_Init_ex failed.\n");
     goto err;

diff --git a/util/fipstools/inject_hash/inject_hash.go b/util/fipstools/inject_hash/inject_hash.go
index 6bab143..251df10 100644
--- a/util/fipstools/inject_hash/inject_hash.go
+++ b/util/fipstools/inject_hash/inject_hash.go

@@ -20,6 +20,7 @@
 import (
 	"bytes"
 	"crypto/hmac"
+	"crypto/sha256"
 	"crypto/sha512"
 	"debug/elf"
 	"encoding/binary"
@@ -35,7 +36,7 @@
 	"boringssl.googlesource.com/boringssl/util/fipstools/fipscommon"
 )
 
-func do(outPath, oInput string, arInput string) error {
+func do(outPath, oInput string, arInput string, useSHA256 bool) error {
 	var objectBytes []byte
 	var isStatic bool
 	if len(arInput) > 0 {
@@ -202,7 +203,11 @@
 	}
 
 	var zeroKey [64]byte
-	mac := hmac.New(sha512.New, zeroKey[:])
+	hashFunc := sha512.New
+	if useSHA256 {
+		hashFunc = sha256.New
+	}
+	mac := hmac.New(hashFunc, zeroKey[:])
 
 	if moduleROData != nil {
 		var lengthBytes [8]byte
@@ -239,10 +244,11 @@
 	arInput := flag.String("in-archive", "", "Path to a .a file")
 	oInput := flag.String("in-object", "", "Path to a .o file")
 	outPath := flag.String("o", "", "Path to output object")
+	sha256 := flag.Bool("sha256", false, "Whether to use SHA-256 over SHA-512. This must match what the compiled module expects.")
 
 	flag.Parse()
 
-	if err := do(*outPath, *oInput, *arInput); err != nil {
+	if err := do(*outPath, *oInput, *arInput, *sha256); err != nil {
 		fmt.Fprintf(os.Stderr, "%s\n", err)
 		os.Exit(1)
 	}