mirror of
https://github.com/golang/go
synced 2024-11-25 20:17:57 -07:00
crypto/internal/fips/check: fix for ASAN builds
For now, FIPS does not work with ASAN: ASAN detects reads it doesn't like during the scans of memory done by verification. It could be made to work if there was a way to disable ASAN during verification, but that doesn't appear to be possible. Instead of a cryptic ASAN message, panic with a clear error. And disable the test during ASAN. Fixes #70321. Change-Id: Ibc3876836abb83248a23c18c3b44c4cbb4a0c600 Reviewed-on: https://go-review.googlesource.com/c/go/+/627603 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Auto-Submit: Russ Cox <rsc@golang.org> Reviewed-by: Filippo Valsorda <filippo@golang.org> Reviewed-by: Cherry Mui <cherryyz@google.com>
This commit is contained in:
parent
102d031a58
commit
534551d55a
@ -15,6 +15,7 @@ package check
|
||||
import (
|
||||
"crypto/internal/fips/hmac"
|
||||
"crypto/internal/fips/sha256"
|
||||
"internal/asan"
|
||||
"internal/byteorder"
|
||||
"internal/godebug"
|
||||
"io"
|
||||
@ -77,6 +78,17 @@ func init() {
|
||||
return
|
||||
}
|
||||
|
||||
if asan.Enabled {
|
||||
// ASAN disapproves of reading swaths of global memory below.
|
||||
// One option would be to expose runtime.asanunpoison through
|
||||
// crypto/internal/fipsdeps and then call it to unpoison the range
|
||||
// before reading it, but it is unclear whether that would then cause
|
||||
// false negatives. For now, FIPS+ASAN doesn't need to work.
|
||||
// If this is made to work, also re-enable the test in check_test.go.
|
||||
panic("fips140: cannot verify in asan mode")
|
||||
return
|
||||
}
|
||||
|
||||
switch v {
|
||||
case "on", "only", "debug":
|
||||
// ok
|
||||
|
@ -9,6 +9,7 @@ import (
|
||||
"crypto/internal/fips/check/checktest"
|
||||
"fmt"
|
||||
"internal/abi"
|
||||
"internal/asan"
|
||||
"internal/godebug"
|
||||
"os"
|
||||
"os/exec"
|
||||
@ -37,6 +38,11 @@ func TestVerify(t *testing.T) {
|
||||
if !Supported() {
|
||||
t.Skipf("skipping on %s-%s", runtime.GOOS, runtime.GOARCH)
|
||||
}
|
||||
if asan.Enabled {
|
||||
// Verification panics with asan; don't bother.
|
||||
t.Skipf("skipping with -asan")
|
||||
return
|
||||
}
|
||||
|
||||
cmd := exec.Command(os.Args[0], "-test.v")
|
||||
cmd.Env = append(cmd.Environ(), "GODEBUG=fips140=on")
|
||||
|
@ -2,5 +2,5 @@
|
||||
|
||||
#include "textflag.h"
|
||||
|
||||
DATA ·RODATA(SB)/4, $2
|
||||
GLOBL ·RODATA(SB), RODATA, $4
|
||||
DATA crypto∕internal∕fips∕check∕checktest·RODATA(SB)/4, $2
|
||||
GLOBL crypto∕internal∕fips∕check∕checktest·RODATA(SB), RODATA, $4
|
||||
|
@ -6,10 +6,17 @@
|
||||
// the crypto/internal/fips/check test.
|
||||
package checktest
|
||||
|
||||
import _ "crypto/internal/fips/check"
|
||||
import (
|
||||
_ "crypto/internal/fips/check"
|
||||
_ "unsafe" // go:linkname
|
||||
)
|
||||
|
||||
var NOPTRDATA int = 1
|
||||
|
||||
// The linkname here disables asan registration of this global,
|
||||
// because asan gets mad about rodata globals.
|
||||
//
|
||||
//go:linkname RODATA crypto/internal/fips/check/checktest.RODATA
|
||||
var RODATA int32 // set to 2 in asm.s
|
||||
|
||||
// DATA needs to have both a pointer and an int so that _some_ of it gets
|
||||
|
Loading…
Reference in New Issue
Block a user