Finish symbol prefixing with delocate (delocate approach). If delocate doesn't make the BORINGSSL_bcm_text_start and BORINGSSL_bcm_text_end symbols `.global`, we don't need to prefix them. Update-Note: a change to the FIPS build configuration breaks builds that use -Wl,--strip-all in the compile or link flags, though. Do not use this flag then - instead feel free to explicitly strip the final output! I should note that at least our CMake FIPS build is _already_ failing with those flags, anyway. Bug: 42220000 Change-Id: I6abba3ea856f9d4fceb66bbebd95eac66a6a6964 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/88507 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: Rudolf Polzer <rpolzer@google.com> Reviewed-by: Xiangfei Ding <xfding@google.com>
diff --git a/util/audit_symbols.go b/util/audit_symbols.go index 0bbcc6f..ccb63e0 100644 --- a/util/audit_symbols.go +++ b/util/audit_symbols.go
@@ -85,12 +85,13 @@ regexp.MustCompile(`^fprintf$`), // fprintf() regexp.MustCompile(`^snprintf$`), // snprintf() regexp.MustCompile(`^vsnprintf$`), // vsnprintf() + + // Symbols in the FIPS module. + // They are provided for tooling only and should not be read internally. + regexp.MustCompile(`^BORINGSSL_bcm_(rodata|text)_(start|end)$`), } -var skipSymbols = []*regexp.Regexp{ - // TODO(crbug.com/42220000): Marker symbols for delocate. - regexp.MustCompile(`^BORINGSSL_bcm_text_(start|end)$`), -} +var skipSymbols = []*regexp.Regexp{} const ( ObjFileFormatELF = "elf"
diff --git a/util/fipstools/delocate/delocate.go b/util/fipstools/delocate/delocate.go index 6f0912c..fc529db 100644 --- a/util/fipstools/delocate/delocate.go +++ b/util/fipstools/delocate/delocate.go
@@ -195,6 +195,14 @@ }, ruleArgs, ruleArg) switch directiveName { + case "addrsig", "addrsig_sym": + // Remove .addrsig and .addrsig_sym tables. + // Instead, consider all symbols inside the BCM address-significant + // so the linker will not merge them with other symbols, + // potentially breaking the integrity check of the BCM. + d.writeCommentedNode(statement) + break + case "comm", "lcomm": if len(args) < 1 { return nil, errors.New("comm directive has no arguments") @@ -262,6 +270,14 @@ case ".bss": d.writeNode(statement) return d.handleBSS(statement) + + case ".llvm_addrsig": + // Remove .llvm_addrsig sections. + // Instead, consider all symbols inside the BCM address-significant + // so the linker will not merge them with other symbols, + // potentially breaking the integrity check of the BCM. + d.writeCommentedNode(statement) + d.output.WriteString(".section .discard_llvm_addrsig, \"e\", @progbits\n") } case "reloc": @@ -1519,11 +1535,6 @@ } w.WriteString(fmt.Sprintf(".file %d \"inserted_by_delocate.c\"%s\n", maxObservedFileNumber+1, fileTrailing)) w.WriteString(fmt.Sprintf(".loc %d 1 0\n", maxObservedFileNumber+1)) - // Mark BORINGSSL_bcm_text_start as global, so that our tools can more reliably find it, - // but hidden so it does not pollute downstream consumers' dynamic symbol tables. This - // is primarily a hook for objcopy to upgrade to visible, if needed to sample the hash. - w.WriteString(".globl BORINGSSL_bcm_text_start\n") - w.WriteString(".hidden BORINGSSL_bcm_text_start\n") w.WriteString("BORINGSSL_bcm_text_start:\n") w.WriteString(localTargetName("BORINGSSL_bcm_text_start") + ":\n") @@ -1535,8 +1546,6 @@ w.WriteString(".text\n") w.WriteString(fmt.Sprintf(".loc %d 2 0\n", maxObservedFileNumber+1)) - w.WriteString(".globl BORINGSSL_bcm_text_end\n") - w.WriteString(".hidden BORINGSSL_bcm_text_end\n") w.WriteString("BORINGSSL_bcm_text_end:\n") w.WriteString(localTargetName("BORINGSSL_bcm_text_end") + ":\n")
diff --git a/util/fipstools/delocate/delocate_test.go b/util/fipstools/delocate/delocate_test.go index 1cac253..0ccdc83 100644 --- a/util/fipstools/delocate/delocate_test.go +++ b/util/fipstools/delocate/delocate_test.go
@@ -38,6 +38,7 @@ } var delocateTests = []delocateTest{ + {"generic-AddrSig", []string{"in.s"}, "out.s"}, {"generic-FileDirectives", []string{"in.s"}, "out.s"}, {"x86_64-Basic", []string{"in.s"}, "out.s"}, {"x86_64-BSS", []string{"in.s"}, "out.s"},
diff --git a/util/fipstools/delocate/testdata/aarch64-Basic/out.s b/util/fipstools/delocate/testdata/aarch64-Basic/out.s index f3f11df..d92dc1c 100644 --- a/util/fipstools/delocate/testdata/aarch64-Basic/out.s +++ b/util/fipstools/delocate/testdata/aarch64-Basic/out.s
@@ -2,8 +2,6 @@ .p2align 12 .file 1 "inserted_by_delocate.c" .loc 1 1 0 -.globl BORINGSSL_bcm_text_start -.hidden BORINGSSL_bcm_text_start BORINGSSL_bcm_text_start: .LBORINGSSL_bcm_text_start_local_target: .type foo, %function @@ -186,8 +184,6 @@ .size bss_symbol, 4 .text .loc 1 2 0 -.globl BORINGSSL_bcm_text_end -.hidden BORINGSSL_bcm_text_end BORINGSSL_bcm_text_end: .LBORINGSSL_bcm_text_end_local_target: .p2align 2
diff --git a/util/fipstools/delocate/testdata/generic-AddrSig/in.s b/util/fipstools/delocate/testdata/generic-AddrSig/in.s new file mode 100644 index 0000000..f2ff949 --- /dev/null +++ b/util/fipstools/delocate/testdata/generic-AddrSig/in.s
@@ -0,0 +1,9 @@ +.section .llvm_addrsig, "", @llvm_addrsig +.addrsig +.addrsig_sym foo + +.text + +.global foo +foo: + movq %rax, %rbx
diff --git a/util/fipstools/delocate/testdata/generic-AddrSig/out.s b/util/fipstools/delocate/testdata/generic-AddrSig/out.s new file mode 100644 index 0000000..b339896 --- /dev/null +++ b/util/fipstools/delocate/testdata/generic-AddrSig/out.s
@@ -0,0 +1,55 @@ +.text +.file 1 "inserted_by_delocate.c" +.loc 1 1 0 +BORINGSSL_bcm_text_start: +.LBORINGSSL_bcm_text_start_local_target: +# WAS .section .llvm_addrsig, "", @llvm_addrsig +.section .discard_llvm_addrsig, "e", @progbits +# WAS .addrsig +# WAS .addrsig_sym foo + +.text + +.global foo +.Lfoo_local_target: +foo: + movq %rax, %rbx +.text +.loc 1 2 0 +BORINGSSL_bcm_text_end: +.LBORINGSSL_bcm_text_end_local_target: +.type BORINGSSL_bcm_text_hash, @object +.size BORINGSSL_bcm_text_hash, 32 +BORINGSSL_bcm_text_hash: +.byte 0xae +.byte 0x2c +.byte 0xea +.byte 0x2a +.byte 0xbd +.byte 0xa6 +.byte 0xf3 +.byte 0xec +.byte 0x97 +.byte 0x7f +.byte 0x9b +.byte 0xf6 +.byte 0x94 +.byte 0x9a +.byte 0xfc +.byte 0x83 +.byte 0x68 +.byte 0x27 +.byte 0xcb +.byte 0xa0 +.byte 0xa0 +.byte 0x9f +.byte 0x6b +.byte 0x6f +.byte 0xde +.byte 0x52 +.byte 0xcd +.byte 0xe2 +.byte 0xcd +.byte 0xff +.byte 0x31 +.byte 0x80
diff --git a/util/fipstools/delocate/testdata/generic-FileDirectives/out.s b/util/fipstools/delocate/testdata/generic-FileDirectives/out.s index e5aa58f..fa888a9 100644 --- a/util/fipstools/delocate/testdata/generic-FileDirectives/out.s +++ b/util/fipstools/delocate/testdata/generic-FileDirectives/out.s
@@ -1,8 +1,6 @@ .text .file 1002 "inserted_by_delocate.c" md5 0x00000000000000000000000000000000 .loc 1002 1 0 -.globl BORINGSSL_bcm_text_start -.hidden BORINGSSL_bcm_text_start BORINGSSL_bcm_text_start: .LBORINGSSL_bcm_text_start_local_target: .file 10 "some/path/file.c" "file.c" @@ -13,8 +11,6 @@ movq %rax, %rbx .text .loc 1002 2 0 -.globl BORINGSSL_bcm_text_end -.hidden BORINGSSL_bcm_text_end BORINGSSL_bcm_text_end: .LBORINGSSL_bcm_text_end_local_target: .type BORINGSSL_bcm_text_hash, @object
diff --git a/util/fipstools/delocate/testdata/x86_64-BSS/out.s b/util/fipstools/delocate/testdata/x86_64-BSS/out.s index cda5830..0007639 100644 --- a/util/fipstools/delocate/testdata/x86_64-BSS/out.s +++ b/util/fipstools/delocate/testdata/x86_64-BSS/out.s
@@ -1,8 +1,6 @@ .text .file 1 "inserted_by_delocate.c" .loc 1 1 0 -.globl BORINGSSL_bcm_text_start -.hidden BORINGSSL_bcm_text_start BORINGSSL_bcm_text_start: .LBORINGSSL_bcm_text_start_local_target: .text @@ -62,8 +60,6 @@ .quad 0 .text .loc 1 2 0 -.globl BORINGSSL_bcm_text_end -.hidden BORINGSSL_bcm_text_end BORINGSSL_bcm_text_end: .LBORINGSSL_bcm_text_end_local_target: .type aes_128_ctr_generic_storage_bss_get, @function
diff --git a/util/fipstools/delocate/testdata/x86_64-Basic/out.s b/util/fipstools/delocate/testdata/x86_64-Basic/out.s index b10b0ae..d0b8d55 100644 --- a/util/fipstools/delocate/testdata/x86_64-Basic/out.s +++ b/util/fipstools/delocate/testdata/x86_64-Basic/out.s
@@ -1,8 +1,6 @@ .text .file 2 "inserted_by_delocate.c" .loc 2 1 0 -.globl BORINGSSL_bcm_text_start -.hidden BORINGSSL_bcm_text_start BORINGSSL_bcm_text_start: .LBORINGSSL_bcm_text_start_local_target: # Most instructions and lines should pass unaltered. This is made up of @@ -62,8 +60,6 @@ .uleb128 .foo-1-.bar .text .loc 2 2 0 -.globl BORINGSSL_bcm_text_end -.hidden BORINGSSL_bcm_text_end BORINGSSL_bcm_text_end: .LBORINGSSL_bcm_text_end_local_target: .type BORINGSSL_bcm_text_hash, @object
diff --git a/util/fipstools/delocate/testdata/x86_64-GOTRewrite/out.s b/util/fipstools/delocate/testdata/x86_64-GOTRewrite/out.s index 727b268..fdc7303 100644 --- a/util/fipstools/delocate/testdata/x86_64-GOTRewrite/out.s +++ b/util/fipstools/delocate/testdata/x86_64-GOTRewrite/out.s
@@ -1,8 +1,6 @@ .text .file 1 "inserted_by_delocate.c" .loc 1 1 0 -.globl BORINGSSL_bcm_text_start -.hidden BORINGSSL_bcm_text_start BORINGSSL_bcm_text_start: .LBORINGSSL_bcm_text_start_local_target: .text @@ -235,8 +233,6 @@ .comm foobar,64,32 .text .loc 1 2 0 -.globl BORINGSSL_bcm_text_end -.hidden BORINGSSL_bcm_text_end BORINGSSL_bcm_text_end: .LBORINGSSL_bcm_text_end_local_target: .type foobar_bss_get, @function
diff --git a/util/fipstools/delocate/testdata/x86_64-LabelRewrite/out.s b/util/fipstools/delocate/testdata/x86_64-LabelRewrite/out.s index caee2e5..36b7aef 100644 --- a/util/fipstools/delocate/testdata/x86_64-LabelRewrite/out.s +++ b/util/fipstools/delocate/testdata/x86_64-LabelRewrite/out.s
@@ -1,8 +1,6 @@ .text .file 1 "inserted_by_delocate.c" .loc 1 1 0 -.globl BORINGSSL_bcm_text_start -.hidden BORINGSSL_bcm_text_start BORINGSSL_bcm_text_start: .LBORINGSSL_bcm_text_start_local_target: .type foo, @function @@ -168,8 +166,6 @@ .reloc .Ltmp0_BCM_1, R_AARCH64_PATCHINST, ds .text .loc 1 2 0 -.globl BORINGSSL_bcm_text_end -.hidden BORINGSSL_bcm_text_end BORINGSSL_bcm_text_end: .LBORINGSSL_bcm_text_end_local_target: .type bcm_redirector_memcpy, @function
diff --git a/util/fipstools/delocate/testdata/x86_64-LargeMemory/out.s b/util/fipstools/delocate/testdata/x86_64-LargeMemory/out.s index adf2e84..87c0f47 100644 --- a/util/fipstools/delocate/testdata/x86_64-LargeMemory/out.s +++ b/util/fipstools/delocate/testdata/x86_64-LargeMemory/out.s
@@ -1,8 +1,6 @@ .text .file 1 "inserted_by_delocate.c" .loc 1 1 0 -.globl BORINGSSL_bcm_text_start -.hidden BORINGSSL_bcm_text_start BORINGSSL_bcm_text_start: .LBORINGSSL_bcm_text_start_local_target: .text @@ -43,8 +41,6 @@ .text .loc 1 2 0 -.globl BORINGSSL_bcm_text_end -.hidden BORINGSSL_bcm_text_end BORINGSSL_bcm_text_end: .LBORINGSSL_bcm_text_end_local_target: .Lboringssl_got_delta:
diff --git a/util/fipstools/delocate/testdata/x86_64-Sections/out.s b/util/fipstools/delocate/testdata/x86_64-Sections/out.s index facc7cb..2fec054 100644 --- a/util/fipstools/delocate/testdata/x86_64-Sections/out.s +++ b/util/fipstools/delocate/testdata/x86_64-Sections/out.s
@@ -1,8 +1,6 @@ .text .file 1 "inserted_by_delocate.c" .loc 1 1 0 -.globl BORINGSSL_bcm_text_start -.hidden BORINGSSL_bcm_text_start BORINGSSL_bcm_text_start: .LBORINGSSL_bcm_text_start_local_target: # .text stays in .text @@ -49,8 +47,6 @@ .long .L3 .text .loc 1 2 0 -.globl BORINGSSL_bcm_text_end -.hidden BORINGSSL_bcm_text_end BORINGSSL_bcm_text_end: .LBORINGSSL_bcm_text_end_local_target: .type BORINGSSL_bcm_text_hash, @object
diff --git a/util/fipstools/delocate/testdata/x86_64-ThreeArg/out.s b/util/fipstools/delocate/testdata/x86_64-ThreeArg/out.s index d14fdf3..759a8c6 100644 --- a/util/fipstools/delocate/testdata/x86_64-ThreeArg/out.s +++ b/util/fipstools/delocate/testdata/x86_64-ThreeArg/out.s
@@ -1,8 +1,6 @@ .text .file 1 "inserted_by_delocate.c" .loc 1 1 0 -.globl BORINGSSL_bcm_text_start -.hidden BORINGSSL_bcm_text_start BORINGSSL_bcm_text_start: .LBORINGSSL_bcm_text_start_local_target: .type foo, @function @@ -36,8 +34,6 @@ .quad -2404814165548301886 # 0xdea06241f7aa81c2 .text .loc 1 2 0 -.globl BORINGSSL_bcm_text_end -.hidden BORINGSSL_bcm_text_end BORINGSSL_bcm_text_end: .LBORINGSSL_bcm_text_end_local_target: .type BORINGSSL_bcm_text_hash, @object