Break FIPS tests by zeroing out the entire value.

Previously the code just flipped one bit. But, empirically, modern Clang will sometimes produce code that doesn't depend on the first 16 bytes of the data; they are encoded in the instructions instead. Thus zero out the full value. (If Clang ever starts embedding complete values into the instruction stream then we're going to have to do something more complex. Self tests are a bit funny: the compiler could reasonably optimise them away completely given that it sees all the inputs. Perhaps the inputs would have to be moved into a different object file.) Change-Id: I7bfb18cb7868def67fc791dcc31c5915c7728ac4 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/54825 Commit-Queue: Adam Langley <agl@google.com> Commit-Queue: David Benjamin <davidben@google.com> Auto-Submit: Adam Langley <agl@google.com> Reviewed-by: David Benjamin <davidben@google.com>
2 years ago · 1eea82a92a
parent 14aa0de18f
commit 1eea82a92a
1 changed files with 11 additions and 1 deletions
--- a/util/fipstools/break-kat.go
+++ b/util/fipstools/break-kat.go
@ -75,7 +75,17 @@ func main() {
 		os.Exit(3)
 	}

-	binaryContents[i] ^= 1
+	// Zero out the entire value because the compiler may produce code
+	// where parts of the value are embedded in the instructions.
+	for j := range testInputValue {
+		binaryContents[i+j] = 0
+	}
+
+	if bytes.Index(binaryContents, testInputValue) >= 0 {
+		fmt.Fprintln(os.Stderr, "Test input value was still found after erasing it. Second copy?")
+		os.Exit(4)
+	}
+
 	os.Stdout.Write(binaryContents)
 }