Skip to content

Commit

Permalink
Fix AppleClang 15 FIPS Shared Build (aws#1224)
Browse files Browse the repository at this point in the history
  • Loading branch information
skmcgrail authored and andrewhop committed Oct 13, 2023
1 parent 6b69a5c commit 4139400
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 6 deletions.
4 changes: 2 additions & 2 deletions crypto/fipsmodule/CMakeLists.txt
Original file line number Diff line number Diff line change
Expand Up @@ -419,12 +419,12 @@ elseif(FIPS_SHARED)
# respective start and end markers.
add_custom_command(
OUTPUT fips_apple_start.o
COMMAND ${CMAKE_C_COMPILER} -arch ${CMAKE_SYSTEM_PROCESSOR} -isysroot ${CMAKE_OSX_SYSROOT} -c ${CMAKE_CURRENT_SOURCE_DIR}/fips_shared_library_marker.c -DAWSLC_FIPS_SHARED_START -o fips_apple_start.o
COMMAND ${CMAKE_C_COMPILER} -arch ${CMAKE_SYSTEM_PROCESSOR} -isysroot ${CMAKE_OSX_SYSROOT} -mmacosx-version-min=${CMAKE_OSX_DEPLOYMENT_TARGET} -c ${CMAKE_CURRENT_SOURCE_DIR}/fips_shared_library_marker.c -DAWSLC_FIPS_SHARED_START -o fips_apple_start.o
DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/fips_shared_library_marker.c
)
add_custom_command(
OUTPUT fips_apple_end.o
COMMAND ${CMAKE_C_COMPILER} -arch ${CMAKE_SYSTEM_PROCESSOR} -isysroot ${CMAKE_OSX_SYSROOT} -c ${CMAKE_CURRENT_SOURCE_DIR}/fips_shared_library_marker.c -DAWSLC_FIPS_SHARED_END -o fips_apple_end.o
COMMAND ${CMAKE_C_COMPILER} -arch ${CMAKE_SYSTEM_PROCESSOR} -isysroot ${CMAKE_OSX_SYSROOT} -mmacosx-version-min=${CMAKE_OSX_DEPLOYMENT_TARGET} -c ${CMAKE_CURRENT_SOURCE_DIR}/fips_shared_library_marker.c -DAWSLC_FIPS_SHARED_END -o fips_apple_end.o
DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/fips_shared_library_marker.c
)

Expand Down
17 changes: 13 additions & 4 deletions util/fipstools/inject_hash/inject_hash.go
Original file line number Diff line number Diff line change
Expand Up @@ -168,7 +168,6 @@ func doLinux(objectBytes []byte, isStatic bool) ([]byte, []byte, error) {
return moduleText, moduleROData, nil
}


func doAppleOS(objectBytes []byte) ([]byte, []byte, error) {

object, err := macho.NewFile(bytes.NewReader(objectBytes))
Expand Down Expand Up @@ -221,6 +220,19 @@ func doAppleOS(objectBytes []byte) ([]byte, []byte, error) {
return nil, nil, fmt.Errorf("symbol %q at %x, which is below base of %x\n", symbol.Name, symbol.Value, base)
}

// Skip debugging symbols
//
// #define N_STAB 0xe0 /* if any of these bits set, a symbolic debugging entry */
//
// "Only symbolic debugging entries have some of the N_STAB bits set and if any of these bits are set then it is
// a symbolic debugging entry (a stab). In which case then the values of the n_type field (the entire field)
// are given in <mach-o/stab.h>"
//
// https://github.com/apple-oss-distributions/xnu/blob/main/EXTERNAL_HEADERS/mach-o/nlist.h
if symbol.Type&0xe0 != 0 {
continue
}

value := symbol.Value - base
switch symbol.Name {
case "_BORINGSSL_bcm_text_start":
Expand Down Expand Up @@ -296,8 +308,6 @@ func doAppleOS(objectBytes []byte) ([]byte, []byte, error) {
return moduleText, moduleROData, nil
}



func do(outPath, oInput string, arInput string, appleOS bool) error {
var objectBytes []byte
var isStatic bool
Expand Down Expand Up @@ -365,7 +375,6 @@ func do(outPath, oInput string, arInput string, appleOS bool) error {
return err
}


var zeroKey [64]byte
mac := hmac.New(sha256.New, zeroKey[:])

Expand Down

0 comments on commit 4139400

Please sign in to comment.