diff --git a/.github/workflows/aws-lc-rs.yml b/.github/workflows/aws-lc-rs.yml new file mode 100644 index 0000000000..1e76954319 --- /dev/null +++ b/.github/workflows/aws-lc-rs.yml @@ -0,0 +1,69 @@ +name: aws-lc-rs fips sanity tests +on: + push: + branches: [ '*' ] + pull_request: + branches: [ '*' ] +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number }} + cancel-in-progress: true +env: + GOPROXY: https://proxy.golang.org,direct +jobs: + standard: + runs-on: ubuntu-latest + steps: + + - uses: actions/checkout@v3 + with: + repository: aws/aws-lc-rs + path: ./aws-lc-rs + submodules: false + - uses: actions-rs/toolchain@v1 + with: + # Our aws-lc-fips-sys generation scripts require nightly. + toolchain: nightly + override: true + - uses: actions-rs/cargo@v1 + with: + command: install + args: rust-script + - name: Install OS Dependencies + run: | + sudo apt-get update + sudo apt-get -y --no-install-recommends install cmake gcc clang ninja-build golang + - name: Remove aws-lc submodule from crate directory + working-directory: ./aws-lc-rs/aws-lc-fips-sys + run: | + rm -rf aws-lc + - uses: actions/checkout@v3 + with: + path: ./aws-lc-rs/aws-lc-fips-sys/aws-lc + - name: Regenerate aws-lc-fips-sys crate + working-directory: ./aws-lc-rs/aws-lc-fips-sys + run: | + rm -rf symbols/* + rm -rf generated-include/openssl/* + ../scripts/generate/_collect_symbols_build.sh -f -c aws-lc-fips-sys + ../scripts/generate/_generate_prefix_headers.sh -f -c aws-lc-fips-sys + ../scripts/generate/_generate_bindings.sh -c aws-lc-fips-sys + - name: aws-lc-fips-sys build + working-directory: ./aws-lc-rs/aws-lc-fips-sys + run: | + cargo build + - name: aws-lc-fips-sys test + working-directory: ./aws-lc-rs/aws-lc-fips-sys + run: | + cargo test + - name: aws-lc-fips-sys packaging + working-directory: ./aws-lc-rs/aws-lc-fips-sys + run: | + cargo package --allow-dirty + - name: aws-lc-rs build + working-directory: ./aws-lc-rs/aws-lc-rs + run: | + cargo build --no-default-features --features fips + - name: aws-lc-rs test + working-directory: ./aws-lc-rs/aws-lc-rs + run: | + cargo test --no-default-features --features fips diff --git a/crypto/fipsmodule/CMakeLists.txt b/crypto/fipsmodule/CMakeLists.txt index a7d73aad0b..55d9ae9d08 100644 --- a/crypto/fipsmodule/CMakeLists.txt +++ b/crypto/fipsmodule/CMakeLists.txt @@ -213,27 +213,6 @@ if((ARCH STREQUAL "x86_64" OR ARCH STREQUAL "aarch64") AND endif() endif() -function(cpreprocess dest src) - set(TARGET "") - if(CMAKE_ASM_COMPILER_TARGET) - set(TARGET "--target=${CMAKE_ASM_COMPILER_TARGET}") - endif() - - if(BORINGSSL_PREFIX) - set(PREFIX_INCLUDE "-I${PROJECT_BINARY_DIR}/symbol_prefix_include") - endif() - - string(REGEX REPLACE "[ ]+" ";" CMAKE_ASM_FLAGS "${CMAKE_ASM_FLAGS}") - add_custom_command( - OUTPUT ${dest} - COMMAND ${CMAKE_ASM_COMPILER} ${TARGET} ${CMAKE_ASM_FLAGS} -E ${src} ${PREFIX_INCLUDE} -I${PROJECT_SOURCE_DIR}/include > ${dest} - DEPENDS - ${src} - ${PROJECT_SOURCE_DIR}/include/openssl/arm_arch.h - WORKING_DIRECTORY . - ) -endfunction() - function(s2n_asm_cpreprocess dest src) # s2n_asm_cpreprocess differs from cpreprocess in that is does additional post-processing # based on s2n-bignum https://github.com/awslabs/s2n-bignum/blob/main/x86/Makefile#L264 @@ -288,30 +267,37 @@ if(FIPS_DELOCATE) ) target_compile_definitions(bcm_c_generated_asm PRIVATE BORINGSSL_IMPLEMENTATION) - if(ARCH STREQUAL "aarch64") - # Perlasm output on Aarch64 needs to pass through the C preprocessor - # before it can be parsed by delocate. - foreach(asm ${BCM_ASM_SOURCES}) - cpreprocess(${asm}.s ${asm}) - list(APPEND BCM_ASM_PROCESSED_SOURCES "${asm}.s") - endforeach() - else() - # No preprocessing is required on other platforms. - set(BCM_ASM_PROCESSED_SOURCES ${BCM_ASM_SOURCES}) - endif() - add_dependencies(bcm_c_generated_asm global_target) add_dependencies(bcm_c_generated_asm boringssl_prefix_symbols) - target_include_directories(bcm_c_generated_asm BEFORE PRIVATE ${PROJECT_BINARY_DIR}/symbol_prefix_include) + # Important: We do not want to add the generated prefix symbols to the include path here! + # Delocator expects symbols to not be prefixed. target_include_directories(bcm_c_generated_asm PRIVATE ${PROJECT_SOURCE_DIR}/include) set_target_properties(bcm_c_generated_asm PROPERTIES COMPILE_OPTIONS "-S") set_target_properties(bcm_c_generated_asm PROPERTIES POSITION_INDEPENDENT_CODE ON) + set(TARGET "") + if(CMAKE_ASM_COMPILER_TARGET) + set(TARGET "--target=${CMAKE_ASM_COMPILER_TARGET}") + endif() + go_executable(delocate boringssl.googlesource.com/boringssl/util/fipstools/delocate) add_custom_command( OUTPUT bcm-delocated.S - COMMAND ./delocate -a $ -o bcm-delocated.S ${BCM_ASM_PROCESSED_SOURCES} - DEPENDS bcm_c_generated_asm delocate ${BCM_ASM_PROCESSED_SOURCES} + COMMAND + ./delocate + -a $ + -o bcm-delocated.S + -cc ${CMAKE_ASM_COMPILER} + -cc-flags "${TARGET} ${CMAKE_ASM_FLAGS}" + ${PROJECT_SOURCE_DIR}/include/openssl/boringssl_prefix_symbols_asm.h + ${PROJECT_SOURCE_DIR}/include/openssl/arm_arch.h + ${BCM_ASM_SOURCES} + DEPENDS + bcm_c_generated_asm + delocate + ${BCM_ASM_SOURCES} + ${PROJECT_SOURCE_DIR}/include/openssl/boringssl_prefix_symbols_asm.h + ${PROJECT_SOURCE_DIR}/include/openssl/arm_arch.h WORKING_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR} ) diff --git a/crypto/fipsmodule/service_indicator/service_indicator_test.cc b/crypto/fipsmodule/service_indicator/service_indicator_test.cc index e6219bc1cd..8fa67fb906 100644 --- a/crypto/fipsmodule/service_indicator/service_indicator_test.cc +++ b/crypto/fipsmodule/service_indicator/service_indicator_test.cc @@ -4051,7 +4051,7 @@ TEST(ServiceIndicatorTest, DRBG) { // Since this is running in FIPS mode it should end in FIPS // Update this when the AWS-LC version number is modified TEST(ServiceIndicatorTest, AWSLCVersionString) { - ASSERT_STREQ(awslc_version_string(), "AWS-LC FIPS 2.0.6"); + ASSERT_STREQ(awslc_version_string(), "AWS-LC FIPS 2.0.7"); } #else @@ -4094,6 +4094,6 @@ TEST(ServiceIndicatorTest, BasicTest) { // Since this is not running in FIPS mode it shouldn't end in FIPS // Update this when the AWS-LC version number is modified TEST(ServiceIndicatorTest, AWSLCVersionString) { - ASSERT_STREQ(awslc_version_string(), "AWS-LC 2.0.6"); + ASSERT_STREQ(awslc_version_string(), "AWS-LC 2.0.7"); } #endif // AWSLC_FIPS diff --git a/include/openssl/base.h b/include/openssl/base.h index 71a51aeb83..4ec56abaa6 100644 --- a/include/openssl/base.h +++ b/include/openssl/base.h @@ -214,7 +214,7 @@ extern "C" { // ServiceIndicatorTest.AWSLCVersionString // Note: there are two versions of this test. Only one test is compiled // depending on FIPS mode. -#define AWSLC_VERSION_NUMBER_STRING "2.0.6" +#define AWSLC_VERSION_NUMBER_STRING "2.0.7" #if defined(BORINGSSL_SHARED_LIBRARY) diff --git a/util/fipstools/delocate/delocate.go b/util/fipstools/delocate/delocate.go index c7a8aa7bb2..152811d507 100644 --- a/util/fipstools/delocate/delocate.go +++ b/util/fipstools/delocate/delocate.go @@ -1703,7 +1703,7 @@ func writeAarch64Function(w stringWriter, funcName string, writeContents func(st w.WriteString(".size " + funcName + ", .-" + funcName + "\n") } -func transform(w stringWriter, inputs []inputFile) error { +func transform(w stringWriter, includes []string, inputs []inputFile) error { // symbols contains all defined symbols. symbols := make(map[string]struct{}) // localEntrySymbols contains all symbols with a .localentry directive. @@ -1717,6 +1717,14 @@ func transform(w stringWriter, inputs []inputFile) error { // OPENSSL_ia32cap_get will be synthesized by this script. symbols["OPENSSL_ia32cap_get"] = struct{}{} + for _, include := range includes { + relative, err := relativeHeaderIncludePath(include) + if err != nil { + return err + } + w.WriteString(fmt.Sprintf("#include <%s>\n", relative)) + } + for _, input := range inputs { forEachPath(input.ast.up, func(node *node32) { symbol := input.contents[node.begin:node.end] @@ -1977,6 +1985,21 @@ func transform(w stringWriter, inputs []inputFile) error { return nil } +// relativeHeaderIncludePath returns the relative header path for usage in #include statements. +func relativeHeaderIncludePath(path string) (string, error) { + dir, err := includePathFromHeaderFilePath(path) + if err != nil { + return "", err + } + + relative, err := filepath.Rel(dir, path) + if err != nil { + return "", err + } + + return relative, nil +} + // preprocess runs source through the C preprocessor. func preprocess(cppCommand []string, path string) ([]byte, error) { var args []string @@ -2096,6 +2119,7 @@ func main() { }) } + var includes []string includePaths := make(map[string]struct{}) for i, path := range flag.Args() { @@ -2111,6 +2135,7 @@ func main() { fmt.Fprintf(os.Stderr, "%s\n", err) os.Exit(1) } + includes = append(includes, path) includePaths[dir] = struct{}{} continue } @@ -2139,6 +2164,9 @@ func main() { // -E requests only preprocessing. cppCommand = append(cppCommand, "-E") + + // Output ‘#include’ directives in addition to the result of preprocessing. + cppCommand = append(cppCommand, "-dI") } if err := parseInputs(inputs, cppCommand); err != nil { @@ -2152,7 +2180,7 @@ func main() { } defer out.Close() - if err := transform(out, inputs); err != nil { + if err := transform(out, includes, inputs); err != nil { fmt.Fprintf(os.Stderr, "%s\n", err) os.Exit(1) } @@ -2232,7 +2260,7 @@ func isSynthesized(symbol string) bool { } func redirectorName(symbol string) string { - return "bcm_redirector_" + symbol + return ".Lbcm_redirector_" + symbol } // sectionType returns the type of a section. I.e. a section called “.text.foo” diff --git a/util/fipstools/delocate/delocate_test.go b/util/fipstools/delocate/delocate_test.go index 082b3aa7f4..faf5ad5d54 100644 --- a/util/fipstools/delocate/delocate_test.go +++ b/util/fipstools/delocate/delocate_test.go @@ -28,9 +28,10 @@ var ( ) type delocateTest struct { - name string - in []string - out string + name string + includes []string + inputs []string + out string } func (test *delocateTest) Path(file string) string { @@ -38,27 +39,28 @@ func (test *delocateTest) Path(file string) string { } var delocateTests = []delocateTest{ - {"generic-FileDirectives", []string{"in.s"}, "out.s"}, - {"ppc64le-GlobalEntry", []string{"in.s"}, "out.s"}, - {"ppc64le-LoadToR0", []string{"in.s"}, "out.s"}, - {"ppc64le-Sample2", []string{"in.s"}, "out.s"}, - {"ppc64le-Sample", []string{"in.s"}, "out.s"}, - {"ppc64le-TOCWithOffset", []string{"in.s"}, "out.s"}, - {"x86_64-Basic", []string{"in.s"}, "out.s"}, - {"x86_64-BSS", []string{"in.s"}, "out.s"}, - {"x86_64-GOTRewrite", []string{"in.s"}, "out.s"}, - {"x86_64-LargeMemory", []string{"in.s"}, "out.s"}, - {"x86_64-LabelRewrite", []string{"in1.s", "in2.s"}, "out.s"}, - {"x86_64-Sections", []string{"in.s"}, "out.s"}, - {"x86_64-ThreeArg", []string{"in.s"}, "out.s"}, - {"aarch64-Basic", []string{"in.s"}, "out.s"}, + {"generic-FileDirectives", nil, []string{"in.s"}, "out.s"}, + {"generic-Includes", []string{"/some/include/path/openssl/foo.h", "/some/include/path/openssl/bar.h"}, []string{"in.s"}, "out.s"}, + {"ppc64le-GlobalEntry", nil, []string{"in.s"}, "out.s"}, + {"ppc64le-LoadToR0", nil, []string{"in.s"}, "out.s"}, + {"ppc64le-Sample2", nil, []string{"in.s"}, "out.s"}, + {"ppc64le-Sample", nil, []string{"in.s"}, "out.s"}, + {"ppc64le-TOCWithOffset", nil, []string{"in.s"}, "out.s"}, + {"x86_64-Basic", nil, []string{"in.s"}, "out.s"}, + {"x86_64-BSS", nil, []string{"in.s"}, "out.s"}, + {"x86_64-GOTRewrite", nil, []string{"in.s"}, "out.s"}, + {"x86_64-LargeMemory", nil, []string{"in.s"}, "out.s"}, + {"x86_64-LabelRewrite", nil, []string{"in1.s", "in2.s"}, "out.s"}, + {"x86_64-Sections", nil, []string{"in.s"}, "out.s"}, + {"x86_64-ThreeArg", nil, []string{"in.s"}, "out.s"}, + {"aarch64-Basic", nil, []string{"in.s"}, "out.s"}, } func TestDelocate(t *testing.T) { for _, test := range delocateTests { t.Run(test.name, func(t *testing.T) { var inputs []inputFile - for i, in := range test.in { + for i, in := range test.inputs { inputs = append(inputs, inputFile{ index: i, path: test.Path(in), @@ -70,7 +72,7 @@ func TestDelocate(t *testing.T) { } var buf bytes.Buffer - if err := transform(&buf, inputs); err != nil { + if err := transform(&buf, test.includes, inputs); err != nil { t.Fatalf("transform failed: %s", err) } diff --git a/util/fipstools/delocate/testdata/aarch64-Basic/out.s b/util/fipstools/delocate/testdata/aarch64-Basic/out.s index a678741874..b64fe153ea 100644 --- a/util/fipstools/delocate/testdata/aarch64-Basic/out.s +++ b/util/fipstools/delocate/testdata/aarch64-Basic/out.s @@ -82,7 +82,7 @@ foo: bl .Llocal_function_local_target // WAS bl remote_function - bl bcm_redirector_remote_function + bl .Lbcm_redirector_remote_function bl bss_symbol_bss_get @@ -108,9 +108,9 @@ foo: // But 'y' is not a register prefix so far, so these should be // processed as symbols. // WAS add y0, y0 - add bcm_redirector_y0, bcm_redirector_y0 + add .Lbcm_redirector_y0, .Lbcm_redirector_y0 // WAS add y12, y12 - add bcm_redirector_y12, bcm_redirector_y12 + add .Lbcm_redirector_y12, .Lbcm_redirector_y12 // Make sure that the magic extension constants are recognised rather // than being interpreted as symbols. @@ -138,29 +138,29 @@ bss_symbol: .text BORINGSSL_bcm_text_end: .p2align 2 -.hidden bcm_redirector_remote_function -.type bcm_redirector_remote_function, @function -bcm_redirector_remote_function: +.hidden .Lbcm_redirector_remote_function +.type .Lbcm_redirector_remote_function, @function +.Lbcm_redirector_remote_function: .cfi_startproc b remote_function .cfi_endproc -.size bcm_redirector_remote_function, .-bcm_redirector_remote_function +.size .Lbcm_redirector_remote_function, .-.Lbcm_redirector_remote_function .p2align 2 -.hidden bcm_redirector_y0 -.type bcm_redirector_y0, @function -bcm_redirector_y0: +.hidden .Lbcm_redirector_y0 +.type .Lbcm_redirector_y0, @function +.Lbcm_redirector_y0: .cfi_startproc b y0 .cfi_endproc -.size bcm_redirector_y0, .-bcm_redirector_y0 +.size .Lbcm_redirector_y0, .-.Lbcm_redirector_y0 .p2align 2 -.hidden bcm_redirector_y12 -.type bcm_redirector_y12, @function -bcm_redirector_y12: +.hidden .Lbcm_redirector_y12 +.type .Lbcm_redirector_y12, @function +.Lbcm_redirector_y12: .cfi_startproc b y12 .cfi_endproc -.size bcm_redirector_y12, .-bcm_redirector_y12 +.size .Lbcm_redirector_y12, .-.Lbcm_redirector_y12 .p2align 2 .hidden bss_symbol_bss_get .type bss_symbol_bss_get, @function diff --git a/util/fipstools/delocate/testdata/generic-Includes/in.s b/util/fipstools/delocate/testdata/generic-Includes/in.s new file mode 100644 index 0000000000..ca5f8c291e --- /dev/null +++ b/util/fipstools/delocate/testdata/generic-Includes/in.s @@ -0,0 +1,6 @@ +.file 10 "some/path/file.c" "file.c" +.file 1000 "some/path/file2.c" "file2.c" +.file 1001 "some/path/file_with_md5.c" "other_name.c" md5 0x5eba7844df6449a7f2fff1556fe7ba8d239f8e2f + +# An instruction is needed to satisfy the architecture auto-detection. + movq %rax, %rbx diff --git a/util/fipstools/delocate/testdata/generic-Includes/out.s b/util/fipstools/delocate/testdata/generic-Includes/out.s new file mode 100644 index 0000000000..c835dfe734 --- /dev/null +++ b/util/fipstools/delocate/testdata/generic-Includes/out.s @@ -0,0 +1,56 @@ +#include +#include +.text +.file 1002 "inserted_by_delocate.c" md5 0x00000000000000000000000000000000 +.loc 1002 1 0 +BORINGSSL_bcm_text_start: +.file 10 "some/path/file.c" "file.c" +.file 1000 "some/path/file2.c" "file2.c" +.file 1001 "some/path/file_with_md5.c" "other_name.c" md5 0x5eba7844df6449a7f2fff1556fe7ba8d239f8e2f + +# An instruction is needed to satisfy the architecture auto-detection. + movq %rax, %rbx +.text +.loc 1002 2 0 +BORINGSSL_bcm_text_end: +.type OPENSSL_ia32cap_get, @function +.globl OPENSSL_ia32cap_get +.LOPENSSL_ia32cap_get_local_target: +OPENSSL_ia32cap_get: + leaq OPENSSL_ia32cap_P(%rip), %rax + ret +.type BORINGSSL_bcm_text_hash, @object +.size BORINGSSL_bcm_text_hash, 32 +BORINGSSL_bcm_text_hash: +.byte 0xae +.byte 0x2c +.byte 0xea +.byte 0x2a +.byte 0xbd +.byte 0xa6 +.byte 0xf3 +.byte 0xec +.byte 0x97 +.byte 0x7f +.byte 0x9b +.byte 0xf6 +.byte 0x94 +.byte 0x9a +.byte 0xfc +.byte 0x83 +.byte 0x68 +.byte 0x27 +.byte 0xcb +.byte 0xa0 +.byte 0xa0 +.byte 0x9f +.byte 0x6b +.byte 0x6f +.byte 0xde +.byte 0x52 +.byte 0xcd +.byte 0xe2 +.byte 0xcd +.byte 0xff +.byte 0x31 +.byte 0x80 diff --git a/util/fipstools/delocate/testdata/ppc64le-Sample/out.s b/util/fipstools/delocate/testdata/ppc64le-Sample/out.s index 935159ddaa..8e0fa899b8 100644 --- a/util/fipstools/delocate/testdata/ppc64le-Sample/out.s +++ b/util/fipstools/delocate/testdata/ppc64le-Sample/out.s @@ -133,7 +133,7 @@ function: ld 3, -16(1) addi 1, 1, 288 # WAS bl fprintf - bl bcm_redirector_fprintf + bl .Lbcm_redirector_fprintf ld 2, 24(1) nop # WAS addis 10,2,.LC0@toc@ha @@ -180,7 +180,7 @@ function: addi 1, 1, 288 ld 5, 0(5) # WAS bl fprintf - bl bcm_redirector_fprintf + bl .Lbcm_redirector_fprintf ld 2, 24(1) nop # WAS addis 10,2,.LC0@toc@ha @@ -226,7 +226,7 @@ function: ld 3, -16(1) addi 1, 1, 288 # WAS bl fprintf - bl bcm_redirector_fprintf + bl .Lbcm_redirector_fprintf ld 2, 24(1) nop # WAS addis 10,2,.LC0@toc@ha @@ -273,7 +273,7 @@ function: addi 1, 1, 288 ld 5, 0(5) # WAS bl fprintf - bl bcm_redirector_fprintf + bl .Lbcm_redirector_fprintf ld 2, 24(1) nop # WAS addis 10,2,.LC0@toc@ha @@ -320,7 +320,7 @@ function: addi 1, 1, 288 ld 5, 0(5) # WAS bl fprintf - bl bcm_redirector_fprintf + bl .Lbcm_redirector_fprintf ld 2, 24(1) nop # WAS addis 10,2,.LC0@toc@ha @@ -367,7 +367,7 @@ function: addi 1, 1, 288 ld 5, 0(5) # WAS bl fprintf - bl bcm_redirector_fprintf + bl .Lbcm_redirector_fprintf ld 2, 24(1) nop # WAS bl exported_function @@ -420,8 +420,8 @@ BORINGSSL_bcm_text_end: .Lredirector_toc_fprintf: .quad fprintf .text -.type bcm_redirector_fprintf, @function -bcm_redirector_fprintf: +.type .Lbcm_redirector_fprintf, @function +.Lbcm_redirector_fprintf: std 2, 24(1) addis 12, 2, .Lredirector_toc_fprintf@toc@ha ld 12, .Lredirector_toc_fprintf@toc@l(12) diff --git a/util/fipstools/delocate/testdata/ppc64le-Sample2/out.s b/util/fipstools/delocate/testdata/ppc64le-Sample2/out.s index 85479bddee..b2577a112a 100644 --- a/util/fipstools/delocate/testdata/ppc64le-Sample2/out.s +++ b/util/fipstools/delocate/testdata/ppc64le-Sample2/out.s @@ -205,7 +205,7 @@ exported_function: mr 6,29 li 4,1 # WAS bl __fprintf_chk - bl bcm_redirector___fprintf_chk + bl .Lbcm_redirector___fprintf_chk ld 2, 24(1) nop ld 3,0(31) @@ -213,7 +213,7 @@ exported_function: mr 6,19 li 4,1 # WAS bl __fprintf_chk - bl bcm_redirector___fprintf_chk + bl .Lbcm_redirector___fprintf_chk ld 2, 24(1) nop ld 3,0(31) @@ -221,7 +221,7 @@ exported_function: mr 6,24 li 4,1 # WAS bl __fprintf_chk - bl bcm_redirector___fprintf_chk + bl .Lbcm_redirector___fprintf_chk ld 2, 24(1) nop ld 3,0(31) @@ -229,7 +229,7 @@ exported_function: mr 6,20 li 4,1 # WAS bl __fprintf_chk - bl bcm_redirector___fprintf_chk + bl .Lbcm_redirector___fprintf_chk ld 2, 24(1) nop ld 3,0(31) @@ -237,7 +237,7 @@ exported_function: mr 6,27 li 4,1 # WAS bl __fprintf_chk - bl bcm_redirector___fprintf_chk + bl .Lbcm_redirector___fprintf_chk ld 2, 24(1) nop ld 3,0(31) @@ -245,7 +245,7 @@ exported_function: mr 5,28 mr 6,30 # WAS bl __fprintf_chk - bl bcm_redirector___fprintf_chk + bl .Lbcm_redirector___fprintf_chk ld 2, 24(1) nop b .L2 @@ -321,7 +321,7 @@ function: stdu 1,-112(1) ld 3,0(31) # WAS bl __fprintf_chk - bl bcm_redirector___fprintf_chk + bl .Lbcm_redirector___fprintf_chk ld 2, 24(1) nop # WAS addis 6,2,.LC12@toc@ha # gpr load fusion, type long @@ -354,7 +354,7 @@ function: ld 3, -16(1) addi 1, 1, 288 # WAS bl __fprintf_chk - bl bcm_redirector___fprintf_chk + bl .Lbcm_redirector___fprintf_chk ld 2, 24(1) nop ld 3,0(31) @@ -386,7 +386,7 @@ function: addi 1, 1, 288 li 4,1 # WAS bl __fprintf_chk - bl bcm_redirector___fprintf_chk + bl .Lbcm_redirector___fprintf_chk ld 2, 24(1) nop # WAS addis 6,2,.LC13@toc@ha # gpr load fusion, type long @@ -419,7 +419,7 @@ function: ld 3, -16(1) addi 1, 1, 288 # WAS bl __fprintf_chk - bl bcm_redirector___fprintf_chk + bl .Lbcm_redirector___fprintf_chk ld 2, 24(1) nop ld 3,0(31) @@ -439,7 +439,7 @@ function: addi 1, 1, 288 li 4,1 # WAS bl __fprintf_chk - bl bcm_redirector___fprintf_chk + bl .Lbcm_redirector___fprintf_chk ld 2, 24(1) nop ld 3,0(31) @@ -460,7 +460,7 @@ function: addi 1, 1, 288 addi 6,6,-29404 # WAS bl __fprintf_chk - bl bcm_redirector___fprintf_chk + bl .Lbcm_redirector___fprintf_chk ld 2, 24(1) nop # WAS bl exported_function @@ -539,8 +539,8 @@ BORINGSSL_bcm_text_end: .Lredirector_toc___fprintf_chk: .quad __fprintf_chk .text -.type bcm_redirector___fprintf_chk, @function -bcm_redirector___fprintf_chk: +.type .Lbcm_redirector___fprintf_chk, @function +.Lbcm_redirector___fprintf_chk: std 2, 24(1) addis 12, 2, .Lredirector_toc___fprintf_chk@toc@ha ld 12, .Lredirector_toc___fprintf_chk@toc@l(12) diff --git a/util/fipstools/delocate/testdata/x86_64-LabelRewrite/out.s b/util/fipstools/delocate/testdata/x86_64-LabelRewrite/out.s index dd02ae781b..7d8440a1e8 100644 --- a/util/fipstools/delocate/testdata/x86_64-LabelRewrite/out.s +++ b/util/fipstools/delocate/testdata/x86_64-LabelRewrite/out.s @@ -21,11 +21,11 @@ bar: # Jumps to PLT symbols are rewritten through redirectors. # WAS call memcpy@PLT - call bcm_redirector_memcpy + call .Lbcm_redirector_memcpy # WAS jmp memcpy@PLT - jmp bcm_redirector_memcpy + jmp .Lbcm_redirector_memcpy # WAS jbe memcpy@PLT - jbe bcm_redirector_memcpy + jbe .Lbcm_redirector_memcpy # Jumps to local PLT symbols use their local targets. # WAS call foo@PLT @@ -95,8 +95,8 @@ bar: .byte 421 .text BORINGSSL_bcm_text_end: -.type bcm_redirector_memcpy, @function -bcm_redirector_memcpy: +.type .Lbcm_redirector_memcpy, @function +.Lbcm_redirector_memcpy: jmp memcpy@PLT .type OPENSSL_ia32cap_get, @function .globl OPENSSL_ia32cap_get diff --git a/util/make_prefix_headers.go b/util/make_prefix_headers.go index 82a530b6a5..21a7ca8fad 100644 --- a/util/make_prefix_headers.go +++ b/util/make_prefix_headers.go @@ -92,9 +92,14 @@ func writeCHeader(symbols []string, path string) error { } if _, err := fmt.Fprintf(f, ` +#ifndef BORINGSSL_PREFIX_SYMBOLS_H + +#define BORINGSSL_PREFIX_SYMBOLS_H + #ifndef BORINGSSL_PREFIX #define BORINGSSL_PREFIX %s -#endif +#endif // BORINGSSL_PREFIX + `, *prefix); err != nil { return err } @@ -115,6 +120,10 @@ func writeCHeader(symbols []string, path string) error { } } + if _, err := f.WriteString("\n#endif // BORINGSSL_PREFIX_SYMBOLS_H\n"); err != nil { + return err + } + return nil } @@ -143,17 +152,17 @@ func writeASMHeader(symbols []string, path string) error { } if _, err := fmt.Fprintf(f, ` -#ifndef BORINGSSL_PREFIX -#define BORINGSSL_PREFIX %s -#endif - `, *prefix); err != nil { - return err - } - - if _, err := f.WriteString(` #if !defined(__APPLE__) #include #else +#ifndef BORINGSSL_PREFIX_SYMBOLS_ASM_H + +#define BORINGSSL_PREFIX_SYMBOLS_ASM_H + +#ifndef BORINGSSL_PREFIX +#define BORINGSSL_PREFIX %s +#endif // BORINGSSL_PREFIX + // On iOS and macOS, we need to treat assembly symbols differently from other // symbols. The linker expects symbols to be prefixed with an underscore. // Perlasm thus generates symbol with this underscore applied. Our macros must, @@ -161,7 +170,7 @@ func writeASMHeader(symbols []string, path string) error { #define BORINGSSL_ADD_PREFIX_MAC_ASM(a, b) BORINGSSL_ADD_PREFIX_INNER_MAC_ASM(a, b) #define BORINGSSL_ADD_PREFIX_INNER_MAC_ASM(a, b) _ ## a ## _ ## b -`); err != nil { +`, *prefix); err != nil { return err } @@ -171,7 +180,13 @@ func writeASMHeader(symbols []string, path string) error { } } - _, err = fmt.Fprintf(f, "#endif\n") + if _, err := f.WriteString(` +#endif // BORINGSSL_PREFIX_SYMBOLS_ASM_H +#endif // !defined(__APPLE__) +`); err != nil { + return nil + } + return nil } @@ -201,9 +216,13 @@ func writeNASMHeader(symbols []string, path string) error { } if _, err := fmt.Fprintf(f, ` +%%ifndef BORINGSSL_PREFIX_SYMBOLS_NASM_INC + +%%define BORINGSSL_PREFIX_SYMBOLS_NASM_INC + %%ifndef BORINGSSL_PREFIX %%define BORINGSSL_PREFIX %s -%%endif +%%endif ; BORINGSSL_PREFIX `, *prefix); err != nil { return err } @@ -211,6 +230,7 @@ func writeNASMHeader(symbols []string, path string) error { if _, err := f.WriteString(` ; 32-bit Windows adds underscores to C functions, while 64-bit Windows does not. %ifidn __OUTPUT_FORMAT__, win32 + `); err != nil { return err } @@ -231,7 +251,10 @@ func writeNASMHeader(symbols []string, path string) error { } } - if _, err := fmt.Fprintf(f, "%%endif\n"); err != nil { + if _, err := fmt.Fprintf(f, ` +%%endif ; __OUTPUT_FORMAT__ +%%endif ; BORINGSSL_PREFIX_SYMBOLS_NASM_INC +`); err != nil { return err }