<div dir="ltr"><div dir="ltr">Dear Florian,</div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, Feb 11, 2022 at 5:09 PM Florian Weimer <<a href="mailto:fweimer@redhat.com">fweimer@redhat.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">* Clemens Lang via Gcrypt-devel:<br>
<br>
> diff --git a/src/fips.c b/src/fips.c<br>
> index 193af36b..fabc5158 100644<br>
> --- a/src/fips.c<br>
> +++ b/src/fips.c<br>
> @@ -592,7 +592,10 @@ run_random_selftests (void)<br>
> # endif<br>
> #define HMAC_LEN 32<br>
> <br>
> -static const unsigned char __attribute__ ((section (".rodata1")))<br>
> +/* Compilers can and will constant-propagate this as 0 when reading if it is<br>
> + * not declared volatile. Since this value will be changed using objcopy(1)<br>
> + * after compilation, this can cause the HMAC verification to fail. */<br>
> +static const volatile unsigned char __attribute__ ((section (".rodata1")))<br>
> hmac_for_the_implementation[HMAC_LEN];<br>
<br>
volatile causes GCC to emit a writable section, and the link editor will<br>
make .rodata1 (and typically .text) writable as a result. This is a<br>
fairly significant loss of security hardening.<br>
<br>
This bug is relevant here:<br>
<br>
various services trigger { execmem } denials in FIPS mode <br>
<<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2034320" rel="noreferrer" target="_blank">https://bugzilla.redhat.com/show_bug.cgi?id=2034320</a>><br>
<br>
> +/**<br>
> + * Obtain the ElfN_Shdr.sh_offset value for the section with the given name in<br>
> + * the ELF file opened as fp and return it in offset. Rewinds fp to the<br>
> + * beginning on success.<br>
> + */<br>
> static gpg_error_t<br>
> -hmac256_check (const char *filename, const char *key, struct link_map *lm)<br>
> +get_section_offset (FILE *fp, const char *section, unsigned long *offset)<br>
> +{<br>
> + unsigned char e_ident[EI_NIDENT];<br>
> +#if __WORDSIZE == 64<br>
> + Elf64_Ehdr ehdr;<br>
> + Elf64_Shdr shdr;<br>
> +#define ELFCLASS_NATIVE ELFCLASS64<br>
<br>
__WORDSIZE is an internal glibc macro, not to be used outside of glibc.<br>
glibc's <link.h> defines ElfW as an official macro, and you could use<br>
ElfW(Ehdr) and ElfW(Shdr) here.<br>
<br>
The code looks at section headers. These can be stripped. Furthermore,<br>
the .rodata1 section is not really reserved for application use.<br>
<br>
I haven't reviewed Dmitry's OpenSSL changes (which I probably should<br>
do), but I'd suggest to use the same approach. 8-)<br></blockquote><div><br></div><div>Yes, I used the same approach. But the situation is a bit more strange.</div><div><br></div><div>I had to add a `volatile` modifier to the HMAC variable because the .section attribute was ignored otherwise. <br></div><div>After the issue you refer to was raised, I removed this modifier - and the section was preserved.</div></div><br clear="all"><div><br></div>-- <br><div dir="ltr" class="gmail_signature"><div dir="ltr">Dmitry Belyavskiy</div></div></div>