Switch to using SHA-256 for FIPS integrity check on Android.
SHA-256 is likely to be faster on these devices given that a) some will
be 32-bit and b) some will have SHA-256 instructions.
BUG=141710485
Change-Id: I3a3fbb2b8db4f1a4d3059b39b188aee0e0462dd4
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/37845
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
diff --git a/crypto/fipsmodule/bcm.c b/crypto/fipsmodule/bcm.c
index 2706722..c9e4ef3 100644
--- a/crypto/fipsmodule/bcm.c
+++ b/crypto/fipsmodule/bcm.c
@@ -154,13 +154,19 @@
const uint8_t *const rodata_end = BORINGSSL_bcm_rodata_end;
#endif
- static const uint8_t kHMACKey[64] = {0};
+#if defined(OPENSSL_ANDROID)
+ uint8_t result[SHA256_DIGEST_LENGTH];
+ const EVP_MD *const kHashFunction = EVP_sha256();
+#else
uint8_t result[SHA512_DIGEST_LENGTH];
+ const EVP_MD *const kHashFunction = EVP_sha512();
+#endif
+ static const uint8_t kHMACKey[64] = {0};
unsigned result_len;
HMAC_CTX hmac_ctx;
HMAC_CTX_init(&hmac_ctx);
- if (!HMAC_Init_ex(&hmac_ctx, kHMACKey, sizeof(kHMACKey), EVP_sha512(),
+ if (!HMAC_Init_ex(&hmac_ctx, kHMACKey, sizeof(kHMACKey), kHashFunction,
NULL /* no ENGINE */)) {
fprintf(stderr, "HMAC_Init_ex failed.\n");
goto err;
diff --git a/util/fipstools/inject_hash/inject_hash.go b/util/fipstools/inject_hash/inject_hash.go
index 6bab143..251df10 100644
--- a/util/fipstools/inject_hash/inject_hash.go
+++ b/util/fipstools/inject_hash/inject_hash.go
@@ -20,6 +20,7 @@
import (
"bytes"
"crypto/hmac"
+ "crypto/sha256"
"crypto/sha512"
"debug/elf"
"encoding/binary"
@@ -35,7 +36,7 @@
"boringssl.googlesource.com/boringssl/util/fipstools/fipscommon"
)
-func do(outPath, oInput string, arInput string) error {
+func do(outPath, oInput string, arInput string, useSHA256 bool) error {
var objectBytes []byte
var isStatic bool
if len(arInput) > 0 {
@@ -202,7 +203,11 @@
}
var zeroKey [64]byte
- mac := hmac.New(sha512.New, zeroKey[:])
+ hashFunc := sha512.New
+ if useSHA256 {
+ hashFunc = sha256.New
+ }
+ mac := hmac.New(hashFunc, zeroKey[:])
if moduleROData != nil {
var lengthBytes [8]byte
@@ -239,10 +244,11 @@
arInput := flag.String("in-archive", "", "Path to a .a file")
oInput := flag.String("in-object", "", "Path to a .o file")
outPath := flag.String("o", "", "Path to output object")
+ sha256 := flag.Bool("sha256", false, "Whether to use SHA-256 over SHA-512. This must match what the compiled module expects.")
flag.Parse()
- if err := do(*outPath, *oInput, *arInput); err != nil {
+ if err := do(*outPath, *oInput, *arInput, *sha256); err != nil {
fmt.Fprintf(os.Stderr, "%s\n", err)
os.Exit(1)
}