From 89386ac89bef26888b8d866ebb98b696d82dfde8 Mon Sep 17 00:00:00 2001
From: Adam Langley <alangley@gmail.com>
Date: Tue, 12 Oct 2021 12:43:14 -0700
Subject: [PATCH] Add magic tag to BoringSSL binaries.

There are cases where people grep binaries for strings like OpenSSL
version strings in order to detect when out-dated versions of libraries
are being used. With BoringSSL you might find "OpenSSL 1.1.1
(compatible; BoringSSL)", if the linker didn't discard it, but that's
not very helpful for knowing how up-to-date BoringSSL is because we
hardly ever change it.

This change adds a distinct random value to search for that uniquely
identifies BoringSSL and includes a rough guide to how old the BoringSSL
copy is. The linker will hopefully not discard it because it's
refereneced from |OPENSSL_malloc|.

Change-Id: Ie2259fd17a55d249a538a8a161b0d755396dd7b8
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/49885
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: Adam Langley <agl@google.com>
---
 crypto/mem.c | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/crypto/mem.c b/crypto/mem.c
index 639de3224..7b36bfb84 100644
--- a/crypto/mem.c
+++ b/crypto/mem.c
@@ -125,6 +125,16 @@ WEAK_SYMBOL_FUNC(void*, OPENSSL_memory_alloc, (size_t size));
 WEAK_SYMBOL_FUNC(void, OPENSSL_memory_free, (void *ptr));
 WEAK_SYMBOL_FUNC(size_t, OPENSSL_memory_get_size, (void *ptr));
 
+// kBoringSSLBinaryTag is a distinctive byte sequence to identify binaries that
+// are linking in BoringSSL and, roughly, what version they are using.
+static const uint8_t kBoringSSLBinaryTag[18] = {
+    // 16 bytes of magic tag.
+    0x8c, 0x62, 0x20, 0x0b, 0xd2, 0xa0, 0x72, 0x58,
+    0x44, 0xa8, 0x96, 0x69, 0xad, 0x55, 0x7e, 0xec,
+    // Current source iteration. Incremented ~monthly.
+    1, 0,
+};
+
 void *OPENSSL_malloc(size_t size) {
   if (OPENSSL_memory_alloc != NULL) {
     assert(OPENSSL_memory_free != NULL);
@@ -133,6 +143,14 @@ void *OPENSSL_malloc(size_t size) {
   }
 
   if (size + OPENSSL_MALLOC_PREFIX < size) {
+    // |OPENSSL_malloc| is a central function in BoringSSL thus a reference to
+    // |kBoringSSLBinaryTag| is created here so that the tag isn't discarded by
+    // the linker. The following is sufficient to stop GCC, Clang, and MSVC
+    // optimising away the reference at the time of writing. Since this
+    // probably results in an actual memory reference, it is put in this very
+    // rare code path.
+    uint8_t unused = *(volatile uint8_t *)kBoringSSLBinaryTag;
+    (void) unused;
     return NULL;
   }