1
0
mirror of https://github.com/golang/go synced 2024-11-26 05:57:58 -07:00

crypto/internal/fips/check: fix for ASAN builds

For now, FIPS does not work with ASAN: ASAN detects reads
it doesn't like during the scans of memory done by verification.
It could be made to work if there was a way to disable ASAN
during verification, but that doesn't appear to be possible.

Instead of a cryptic ASAN message, panic with a clear error.
And disable the test during ASAN.

Fixes #70321.

Change-Id: Ibc3876836abb83248a23c18c3b44c4cbb4a0c600
Reviewed-on: https://go-review.googlesource.com/c/go/+/627603
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Russ Cox <rsc@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Cherry Mui <cherryyz@google.com>
This commit is contained in:
Russ Cox 2024-11-14 12:56:46 +01:00 committed by Gopher Robot
parent 102d031a58
commit 534551d55a
4 changed files with 28 additions and 3 deletions

View File

@ -15,6 +15,7 @@ package check
import ( import (
"crypto/internal/fips/hmac" "crypto/internal/fips/hmac"
"crypto/internal/fips/sha256" "crypto/internal/fips/sha256"
"internal/asan"
"internal/byteorder" "internal/byteorder"
"internal/godebug" "internal/godebug"
"io" "io"
@ -77,6 +78,17 @@ func init() {
return return
} }
if asan.Enabled {
// ASAN disapproves of reading swaths of global memory below.
// One option would be to expose runtime.asanunpoison through
// crypto/internal/fipsdeps and then call it to unpoison the range
// before reading it, but it is unclear whether that would then cause
// false negatives. For now, FIPS+ASAN doesn't need to work.
// If this is made to work, also re-enable the test in check_test.go.
panic("fips140: cannot verify in asan mode")
return
}
switch v { switch v {
case "on", "only", "debug": case "on", "only", "debug":
// ok // ok

View File

@ -9,6 +9,7 @@ import (
"crypto/internal/fips/check/checktest" "crypto/internal/fips/check/checktest"
"fmt" "fmt"
"internal/abi" "internal/abi"
"internal/asan"
"internal/godebug" "internal/godebug"
"os" "os"
"os/exec" "os/exec"
@ -37,6 +38,11 @@ func TestVerify(t *testing.T) {
if !Supported() { if !Supported() {
t.Skipf("skipping on %s-%s", runtime.GOOS, runtime.GOARCH) t.Skipf("skipping on %s-%s", runtime.GOOS, runtime.GOARCH)
} }
if asan.Enabled {
// Verification panics with asan; don't bother.
t.Skipf("skipping with -asan")
return
}
cmd := exec.Command(os.Args[0], "-test.v") cmd := exec.Command(os.Args[0], "-test.v")
cmd.Env = append(cmd.Environ(), "GODEBUG=fips140=on") cmd.Env = append(cmd.Environ(), "GODEBUG=fips140=on")

View File

@ -2,5 +2,5 @@
#include "textflag.h" #include "textflag.h"
DATA ·RODATA(SB)/4, $2 DATA cryptointernalfipscheckchecktest·RODATA(SB)/4, $2
GLOBL ·RODATA(SB), RODATA, $4 GLOBL cryptointernalfipscheckchecktest·RODATA(SB), RODATA, $4

View File

@ -6,10 +6,17 @@
// the crypto/internal/fips/check test. // the crypto/internal/fips/check test.
package checktest package checktest
import _ "crypto/internal/fips/check" import (
_ "crypto/internal/fips/check"
_ "unsafe" // go:linkname
)
var NOPTRDATA int = 1 var NOPTRDATA int = 1
// The linkname here disables asan registration of this global,
// because asan gets mad about rodata globals.
//
//go:linkname RODATA crypto/internal/fips/check/checktest.RODATA
var RODATA int32 // set to 2 in asm.s var RODATA int32 // set to 2 in asm.s
// DATA needs to have both a pointer and an int so that _some_ of it gets // DATA needs to have both a pointer and an int so that _some_ of it gets