xref: /aosp_15_r20/external/boringssl/src/crypto/fipsmodule/bcm.c (revision 8fb009dc861624b67b6cdb62ea21f0f22d0c584b) 
1*8fb009dcSAndroid Build Coastguard Worker /* Copyright (c) 2017, Google Inc.
2*8fb009dcSAndroid Build Coastguard Worker  *
3*8fb009dcSAndroid Build Coastguard Worker  * Permission to use, copy, modify, and/or distribute this software for any
4*8fb009dcSAndroid Build Coastguard Worker  * purpose with or without fee is hereby granted, provided that the above
5*8fb009dcSAndroid Build Coastguard Worker  * copyright notice and this permission notice appear in all copies.
6*8fb009dcSAndroid Build Coastguard Worker  *
7*8fb009dcSAndroid Build Coastguard Worker  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8*8fb009dcSAndroid Build Coastguard Worker  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9*8fb009dcSAndroid Build Coastguard Worker  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10*8fb009dcSAndroid Build Coastguard Worker  * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11*8fb009dcSAndroid Build Coastguard Worker  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12*8fb009dcSAndroid Build Coastguard Worker  * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13*8fb009dcSAndroid Build Coastguard Worker  * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14*8fb009dcSAndroid Build Coastguard Worker 
15*8fb009dcSAndroid Build Coastguard Worker #if !defined(_GNU_SOURCE)
16*8fb009dcSAndroid Build Coastguard Worker #define _GNU_SOURCE  // needed for syscall() on Linux.
17*8fb009dcSAndroid Build Coastguard Worker #endif
18*8fb009dcSAndroid Build Coastguard Worker 
19*8fb009dcSAndroid Build Coastguard Worker #include <openssl/crypto.h>
20*8fb009dcSAndroid Build Coastguard Worker 
21*8fb009dcSAndroid Build Coastguard Worker #include <stdlib.h>
22*8fb009dcSAndroid Build Coastguard Worker #if defined(BORINGSSL_FIPS)
23*8fb009dcSAndroid Build Coastguard Worker #include <sys/mman.h>
24*8fb009dcSAndroid Build Coastguard Worker #include <unistd.h>
25*8fb009dcSAndroid Build Coastguard Worker #endif
26*8fb009dcSAndroid Build Coastguard Worker 
27*8fb009dcSAndroid Build Coastguard Worker #include <openssl/digest.h>
28*8fb009dcSAndroid Build Coastguard Worker #include <openssl/hmac.h>
29*8fb009dcSAndroid Build Coastguard Worker #include <openssl/sha.h>
30*8fb009dcSAndroid Build Coastguard Worker 
31*8fb009dcSAndroid Build Coastguard Worker #include "../internal.h"
32*8fb009dcSAndroid Build Coastguard Worker 
33*8fb009dcSAndroid Build Coastguard Worker #include "aes/aes.c"
34*8fb009dcSAndroid Build Coastguard Worker #include "aes/aes_nohw.c"
35*8fb009dcSAndroid Build Coastguard Worker #include "aes/key_wrap.c"
36*8fb009dcSAndroid Build Coastguard Worker #include "aes/mode_wrappers.c"
37*8fb009dcSAndroid Build Coastguard Worker #include "bn/add.c"
38*8fb009dcSAndroid Build Coastguard Worker #include "bn/asm/x86_64-gcc.c"
39*8fb009dcSAndroid Build Coastguard Worker #include "bn/bn.c"
40*8fb009dcSAndroid Build Coastguard Worker #include "bn/bytes.c"
41*8fb009dcSAndroid Build Coastguard Worker #include "bn/cmp.c"
42*8fb009dcSAndroid Build Coastguard Worker #include "bn/ctx.c"
43*8fb009dcSAndroid Build Coastguard Worker #include "bn/div.c"
44*8fb009dcSAndroid Build Coastguard Worker #include "bn/div_extra.c"
45*8fb009dcSAndroid Build Coastguard Worker #include "bn/exponentiation.c"
46*8fb009dcSAndroid Build Coastguard Worker #include "bn/gcd.c"
47*8fb009dcSAndroid Build Coastguard Worker #include "bn/gcd_extra.c"
48*8fb009dcSAndroid Build Coastguard Worker #include "bn/generic.c"
49*8fb009dcSAndroid Build Coastguard Worker #include "bn/jacobi.c"
50*8fb009dcSAndroid Build Coastguard Worker #include "bn/montgomery.c"
51*8fb009dcSAndroid Build Coastguard Worker #include "bn/montgomery_inv.c"
52*8fb009dcSAndroid Build Coastguard Worker #include "bn/mul.c"
53*8fb009dcSAndroid Build Coastguard Worker #include "bn/prime.c"
54*8fb009dcSAndroid Build Coastguard Worker #include "bn/random.c"
55*8fb009dcSAndroid Build Coastguard Worker #include "bn/rsaz_exp.c"
56*8fb009dcSAndroid Build Coastguard Worker #include "bn/shift.c"
57*8fb009dcSAndroid Build Coastguard Worker #include "bn/sqrt.c"
58*8fb009dcSAndroid Build Coastguard Worker #include "cipher/aead.c"
59*8fb009dcSAndroid Build Coastguard Worker #include "cipher/cipher.c"
60*8fb009dcSAndroid Build Coastguard Worker #include "cipher/e_aes.c"
61*8fb009dcSAndroid Build Coastguard Worker #include "cipher/e_aesccm.c"
62*8fb009dcSAndroid Build Coastguard Worker #include "cmac/cmac.c"
63*8fb009dcSAndroid Build Coastguard Worker #include "dh/check.c"
64*8fb009dcSAndroid Build Coastguard Worker #include "dh/dh.c"
65*8fb009dcSAndroid Build Coastguard Worker #include "digest/digest.c"
66*8fb009dcSAndroid Build Coastguard Worker #include "digest/digests.c"
67*8fb009dcSAndroid Build Coastguard Worker #include "digestsign/digestsign.c"
68*8fb009dcSAndroid Build Coastguard Worker #include "ecdh/ecdh.c"
69*8fb009dcSAndroid Build Coastguard Worker #include "ecdsa/ecdsa.c"
70*8fb009dcSAndroid Build Coastguard Worker #include "ec/ec.c"
71*8fb009dcSAndroid Build Coastguard Worker #include "ec/ec_key.c"
72*8fb009dcSAndroid Build Coastguard Worker #include "ec/ec_montgomery.c"
73*8fb009dcSAndroid Build Coastguard Worker #include "ec/felem.c"
74*8fb009dcSAndroid Build Coastguard Worker #include "ec/oct.c"
75*8fb009dcSAndroid Build Coastguard Worker #include "ec/p224-64.c"
76*8fb009dcSAndroid Build Coastguard Worker #include "ec/p256.c"
77*8fb009dcSAndroid Build Coastguard Worker #include "ec/p256-nistz.c"
78*8fb009dcSAndroid Build Coastguard Worker #include "ec/scalar.c"
79*8fb009dcSAndroid Build Coastguard Worker #include "ec/simple.c"
80*8fb009dcSAndroid Build Coastguard Worker #include "ec/simple_mul.c"
81*8fb009dcSAndroid Build Coastguard Worker #include "ec/util.c"
82*8fb009dcSAndroid Build Coastguard Worker #include "ec/wnaf.c"
83*8fb009dcSAndroid Build Coastguard Worker #include "hkdf/hkdf.c"
84*8fb009dcSAndroid Build Coastguard Worker #include "hmac/hmac.c"
85*8fb009dcSAndroid Build Coastguard Worker #include "md4/md4.c"
86*8fb009dcSAndroid Build Coastguard Worker #include "md5/md5.c"
87*8fb009dcSAndroid Build Coastguard Worker #include "modes/cbc.c"
88*8fb009dcSAndroid Build Coastguard Worker #include "modes/cfb.c"
89*8fb009dcSAndroid Build Coastguard Worker #include "modes/ctr.c"
90*8fb009dcSAndroid Build Coastguard Worker #include "modes/gcm.c"
91*8fb009dcSAndroid Build Coastguard Worker #include "modes/gcm_nohw.c"
92*8fb009dcSAndroid Build Coastguard Worker #include "modes/ofb.c"
93*8fb009dcSAndroid Build Coastguard Worker #include "modes/polyval.c"
94*8fb009dcSAndroid Build Coastguard Worker #include "rand/ctrdrbg.c"
95*8fb009dcSAndroid Build Coastguard Worker #include "rand/fork_detect.c"
96*8fb009dcSAndroid Build Coastguard Worker #include "rand/rand.c"
97*8fb009dcSAndroid Build Coastguard Worker #include "rand/urandom.c"
98*8fb009dcSAndroid Build Coastguard Worker #include "rsa/blinding.c"
99*8fb009dcSAndroid Build Coastguard Worker #include "rsa/padding.c"
100*8fb009dcSAndroid Build Coastguard Worker #include "rsa/rsa.c"
101*8fb009dcSAndroid Build Coastguard Worker #include "rsa/rsa_impl.c"
102*8fb009dcSAndroid Build Coastguard Worker #include "self_check/fips.c"
103*8fb009dcSAndroid Build Coastguard Worker #include "self_check/self_check.c"
104*8fb009dcSAndroid Build Coastguard Worker #include "service_indicator/service_indicator.c"
105*8fb009dcSAndroid Build Coastguard Worker #include "sha/sha1.c"
106*8fb009dcSAndroid Build Coastguard Worker #include "sha/sha256.c"
107*8fb009dcSAndroid Build Coastguard Worker #include "sha/sha512.c"
108*8fb009dcSAndroid Build Coastguard Worker #include "tls/kdf.c"
109*8fb009dcSAndroid Build Coastguard Worker 
110*8fb009dcSAndroid Build Coastguard Worker 
111*8fb009dcSAndroid Build Coastguard Worker #if defined(BORINGSSL_FIPS)
112*8fb009dcSAndroid Build Coastguard Worker 
113*8fb009dcSAndroid Build Coastguard Worker #if !defined(OPENSSL_ASAN)
114*8fb009dcSAndroid Build Coastguard Worker 
115*8fb009dcSAndroid Build Coastguard Worker // These symbols are filled in by delocate.go (in static builds) or a linker
116*8fb009dcSAndroid Build Coastguard Worker // script (in shared builds). They point to the start and end of the module, and
117*8fb009dcSAndroid Build Coastguard Worker // the location of the integrity hash, respectively.
118*8fb009dcSAndroid Build Coastguard Worker extern const uint8_t BORINGSSL_bcm_text_start[];
119*8fb009dcSAndroid Build Coastguard Worker extern const uint8_t BORINGSSL_bcm_text_end[];
120*8fb009dcSAndroid Build Coastguard Worker extern const uint8_t BORINGSSL_bcm_text_hash[];
121*8fb009dcSAndroid Build Coastguard Worker #if defined(BORINGSSL_SHARED_LIBRARY)
122*8fb009dcSAndroid Build Coastguard Worker extern const uint8_t BORINGSSL_bcm_rodata_start[];
123*8fb009dcSAndroid Build Coastguard Worker extern const uint8_t BORINGSSL_bcm_rodata_end[];
124*8fb009dcSAndroid Build Coastguard Worker #endif
125*8fb009dcSAndroid Build Coastguard Worker 
126*8fb009dcSAndroid Build Coastguard Worker // assert_within is used to sanity check that certain symbols are within the
127*8fb009dcSAndroid Build Coastguard Worker // bounds of the integrity check. It checks that start <= symbol < end and
128*8fb009dcSAndroid Build Coastguard Worker // aborts otherwise.
assert_within(const void * start,const void * symbol,const void * end)129*8fb009dcSAndroid Build Coastguard Worker static void assert_within(const void *start, const void *symbol,
130*8fb009dcSAndroid Build Coastguard Worker                           const void *end) {
131*8fb009dcSAndroid Build Coastguard Worker   const uintptr_t start_val = (uintptr_t) start;
132*8fb009dcSAndroid Build Coastguard Worker   const uintptr_t symbol_val = (uintptr_t) symbol;
133*8fb009dcSAndroid Build Coastguard Worker   const uintptr_t end_val = (uintptr_t) end;
134*8fb009dcSAndroid Build Coastguard Worker 
135*8fb009dcSAndroid Build Coastguard Worker   if (start_val <= symbol_val && symbol_val < end_val) {
136*8fb009dcSAndroid Build Coastguard Worker     return;
137*8fb009dcSAndroid Build Coastguard Worker   }
138*8fb009dcSAndroid Build Coastguard Worker 
139*8fb009dcSAndroid Build Coastguard Worker   fprintf(
140*8fb009dcSAndroid Build Coastguard Worker       stderr,
141*8fb009dcSAndroid Build Coastguard Worker       "FIPS module doesn't span expected symbol. Expected %p <= %p < %p\n",
142*8fb009dcSAndroid Build Coastguard Worker       start, symbol, end);
143*8fb009dcSAndroid Build Coastguard Worker   BORINGSSL_FIPS_abort();
144*8fb009dcSAndroid Build Coastguard Worker }
145*8fb009dcSAndroid Build Coastguard Worker 
146*8fb009dcSAndroid Build Coastguard Worker #if defined(OPENSSL_ANDROID) && defined(OPENSSL_AARCH64)
BORINGSSL_maybe_set_module_text_permissions(int permission)147*8fb009dcSAndroid Build Coastguard Worker static void BORINGSSL_maybe_set_module_text_permissions(int permission) {
148*8fb009dcSAndroid Build Coastguard Worker   // Android may be compiled in execute-only-memory mode, in which case the
149*8fb009dcSAndroid Build Coastguard Worker   // .text segment cannot be read. That conflicts with the need for a FIPS
150*8fb009dcSAndroid Build Coastguard Worker   // module to hash its own contents, therefore |mprotect| is used to make
151*8fb009dcSAndroid Build Coastguard Worker   // the module's .text readable for the duration of the hashing process. In
152*8fb009dcSAndroid Build Coastguard Worker   // other build configurations this is a no-op.
153*8fb009dcSAndroid Build Coastguard Worker   const uintptr_t page_size = getpagesize();
154*8fb009dcSAndroid Build Coastguard Worker   const uintptr_t page_start =
155*8fb009dcSAndroid Build Coastguard Worker       ((uintptr_t)BORINGSSL_bcm_text_start) & ~(page_size - 1);
156*8fb009dcSAndroid Build Coastguard Worker 
157*8fb009dcSAndroid Build Coastguard Worker   if (mprotect((void *)page_start,
158*8fb009dcSAndroid Build Coastguard Worker                ((uintptr_t)BORINGSSL_bcm_text_end) - page_start,
159*8fb009dcSAndroid Build Coastguard Worker                permission) != 0) {
160*8fb009dcSAndroid Build Coastguard Worker     perror("BoringSSL: mprotect");
161*8fb009dcSAndroid Build Coastguard Worker   }
162*8fb009dcSAndroid Build Coastguard Worker }
163*8fb009dcSAndroid Build Coastguard Worker #else
BORINGSSL_maybe_set_module_text_permissions(int permission)164*8fb009dcSAndroid Build Coastguard Worker static void BORINGSSL_maybe_set_module_text_permissions(int permission) {}
165*8fb009dcSAndroid Build Coastguard Worker #endif  // !ANDROID
166*8fb009dcSAndroid Build Coastguard Worker 
167*8fb009dcSAndroid Build Coastguard Worker #endif  // !ASAN
168*8fb009dcSAndroid Build Coastguard Worker 
169*8fb009dcSAndroid Build Coastguard Worker static void __attribute__((constructor))
BORINGSSL_bcm_power_on_self_test(void)170*8fb009dcSAndroid Build Coastguard Worker BORINGSSL_bcm_power_on_self_test(void) {
171*8fb009dcSAndroid Build Coastguard Worker #if !defined(OPENSSL_ASAN)
172*8fb009dcSAndroid Build Coastguard Worker   // Integrity tests cannot run under ASAN because it involves reading the full
173*8fb009dcSAndroid Build Coastguard Worker   // .text section, which triggers the global-buffer overflow detection.
174*8fb009dcSAndroid Build Coastguard Worker   if (!BORINGSSL_integrity_test()) {
175*8fb009dcSAndroid Build Coastguard Worker     goto err;
176*8fb009dcSAndroid Build Coastguard Worker   }
177*8fb009dcSAndroid Build Coastguard Worker #endif  // OPENSSL_ASAN
178*8fb009dcSAndroid Build Coastguard Worker 
179*8fb009dcSAndroid Build Coastguard Worker   if (!boringssl_self_test_startup()) {
180*8fb009dcSAndroid Build Coastguard Worker     goto err;
181*8fb009dcSAndroid Build Coastguard Worker   }
182*8fb009dcSAndroid Build Coastguard Worker 
183*8fb009dcSAndroid Build Coastguard Worker   return;
184*8fb009dcSAndroid Build Coastguard Worker 
185*8fb009dcSAndroid Build Coastguard Worker err:
186*8fb009dcSAndroid Build Coastguard Worker   BORINGSSL_FIPS_abort();
187*8fb009dcSAndroid Build Coastguard Worker }
188*8fb009dcSAndroid Build Coastguard Worker 
189*8fb009dcSAndroid Build Coastguard Worker #if !defined(OPENSSL_ASAN)
BORINGSSL_integrity_test(void)190*8fb009dcSAndroid Build Coastguard Worker int BORINGSSL_integrity_test(void) {
191*8fb009dcSAndroid Build Coastguard Worker   const uint8_t *const start = BORINGSSL_bcm_text_start;
192*8fb009dcSAndroid Build Coastguard Worker   const uint8_t *const end = BORINGSSL_bcm_text_end;
193*8fb009dcSAndroid Build Coastguard Worker 
194*8fb009dcSAndroid Build Coastguard Worker   assert_within(start, AES_encrypt, end);
195*8fb009dcSAndroid Build Coastguard Worker   assert_within(start, RSA_sign, end);
196*8fb009dcSAndroid Build Coastguard Worker   assert_within(start, RAND_bytes, end);
197*8fb009dcSAndroid Build Coastguard Worker   assert_within(start, EC_GROUP_cmp, end);
198*8fb009dcSAndroid Build Coastguard Worker   assert_within(start, SHA256_Update, end);
199*8fb009dcSAndroid Build Coastguard Worker   assert_within(start, ECDSA_do_verify, end);
200*8fb009dcSAndroid Build Coastguard Worker   assert_within(start, EVP_AEAD_CTX_seal, end);
201*8fb009dcSAndroid Build Coastguard Worker 
202*8fb009dcSAndroid Build Coastguard Worker #if defined(BORINGSSL_SHARED_LIBRARY)
203*8fb009dcSAndroid Build Coastguard Worker   const uint8_t *const rodata_start = BORINGSSL_bcm_rodata_start;
204*8fb009dcSAndroid Build Coastguard Worker   const uint8_t *const rodata_end = BORINGSSL_bcm_rodata_end;
205*8fb009dcSAndroid Build Coastguard Worker #else
206*8fb009dcSAndroid Build Coastguard Worker   // In the static build, read-only data is placed within the .text segment.
207*8fb009dcSAndroid Build Coastguard Worker   const uint8_t *const rodata_start = BORINGSSL_bcm_text_start;
208*8fb009dcSAndroid Build Coastguard Worker   const uint8_t *const rodata_end = BORINGSSL_bcm_text_end;
209*8fb009dcSAndroid Build Coastguard Worker #endif
210*8fb009dcSAndroid Build Coastguard Worker 
211*8fb009dcSAndroid Build Coastguard Worker   assert_within(rodata_start, kPrimes, rodata_end);
212*8fb009dcSAndroid Build Coastguard Worker   assert_within(rodata_start, kP256Field, rodata_end);
213*8fb009dcSAndroid Build Coastguard Worker   assert_within(rodata_start, kPKCS1SigPrefixes, rodata_end);
214*8fb009dcSAndroid Build Coastguard Worker 
215*8fb009dcSAndroid Build Coastguard Worker   uint8_t result[SHA256_DIGEST_LENGTH];
216*8fb009dcSAndroid Build Coastguard Worker   const EVP_MD *const kHashFunction = EVP_sha256();
217*8fb009dcSAndroid Build Coastguard Worker   if (!boringssl_self_test_sha256() ||
218*8fb009dcSAndroid Build Coastguard Worker       !boringssl_self_test_hmac_sha256()) {
219*8fb009dcSAndroid Build Coastguard Worker     return 0;
220*8fb009dcSAndroid Build Coastguard Worker   }
221*8fb009dcSAndroid Build Coastguard Worker 
222*8fb009dcSAndroid Build Coastguard Worker   static const uint8_t kHMACKey[64] = {0};
223*8fb009dcSAndroid Build Coastguard Worker   unsigned result_len;
224*8fb009dcSAndroid Build Coastguard Worker   HMAC_CTX hmac_ctx;
225*8fb009dcSAndroid Build Coastguard Worker   HMAC_CTX_init(&hmac_ctx);
226*8fb009dcSAndroid Build Coastguard Worker   if (!HMAC_Init_ex(&hmac_ctx, kHMACKey, sizeof(kHMACKey), kHashFunction,
227*8fb009dcSAndroid Build Coastguard Worker                     NULL /* no ENGINE */)) {
228*8fb009dcSAndroid Build Coastguard Worker     fprintf(stderr, "HMAC_Init_ex failed.\n");
229*8fb009dcSAndroid Build Coastguard Worker     return 0;
230*8fb009dcSAndroid Build Coastguard Worker   }
231*8fb009dcSAndroid Build Coastguard Worker 
232*8fb009dcSAndroid Build Coastguard Worker   BORINGSSL_maybe_set_module_text_permissions(PROT_READ | PROT_EXEC);
233*8fb009dcSAndroid Build Coastguard Worker #if defined(BORINGSSL_SHARED_LIBRARY)
234*8fb009dcSAndroid Build Coastguard Worker   uint64_t length = end - start;
235*8fb009dcSAndroid Build Coastguard Worker   HMAC_Update(&hmac_ctx, (const uint8_t *) &length, sizeof(length));
236*8fb009dcSAndroid Build Coastguard Worker   HMAC_Update(&hmac_ctx, start, length);
237*8fb009dcSAndroid Build Coastguard Worker 
238*8fb009dcSAndroid Build Coastguard Worker   length = rodata_end - rodata_start;
239*8fb009dcSAndroid Build Coastguard Worker   HMAC_Update(&hmac_ctx, (const uint8_t *) &length, sizeof(length));
240*8fb009dcSAndroid Build Coastguard Worker   HMAC_Update(&hmac_ctx, rodata_start, length);
241*8fb009dcSAndroid Build Coastguard Worker #else
242*8fb009dcSAndroid Build Coastguard Worker   HMAC_Update(&hmac_ctx, start, end - start);
243*8fb009dcSAndroid Build Coastguard Worker #endif
244*8fb009dcSAndroid Build Coastguard Worker   BORINGSSL_maybe_set_module_text_permissions(PROT_EXEC);
245*8fb009dcSAndroid Build Coastguard Worker 
246*8fb009dcSAndroid Build Coastguard Worker   if (!HMAC_Final(&hmac_ctx, result, &result_len) ||
247*8fb009dcSAndroid Build Coastguard Worker       result_len != sizeof(result)) {
248*8fb009dcSAndroid Build Coastguard Worker     fprintf(stderr, "HMAC failed.\n");
249*8fb009dcSAndroid Build Coastguard Worker     return 0;
250*8fb009dcSAndroid Build Coastguard Worker   }
251*8fb009dcSAndroid Build Coastguard Worker   HMAC_CTX_cleanse(&hmac_ctx); // FIPS 140-3, AS05.10.
252*8fb009dcSAndroid Build Coastguard Worker 
253*8fb009dcSAndroid Build Coastguard Worker   const uint8_t *expected = BORINGSSL_bcm_text_hash;
254*8fb009dcSAndroid Build Coastguard Worker 
255*8fb009dcSAndroid Build Coastguard Worker   if (!check_test(expected, result, sizeof(result), "FIPS integrity test")) {
256*8fb009dcSAndroid Build Coastguard Worker #if !defined(BORINGSSL_FIPS_BREAK_TESTS)
257*8fb009dcSAndroid Build Coastguard Worker     return 0;
258*8fb009dcSAndroid Build Coastguard Worker #endif
259*8fb009dcSAndroid Build Coastguard Worker   }
260*8fb009dcSAndroid Build Coastguard Worker 
261*8fb009dcSAndroid Build Coastguard Worker   OPENSSL_cleanse(result, sizeof(result)); // FIPS 140-3, AS05.10.
262*8fb009dcSAndroid Build Coastguard Worker   return 1;
263*8fb009dcSAndroid Build Coastguard Worker }
264*8fb009dcSAndroid Build Coastguard Worker 
FIPS_module_hash(void)265*8fb009dcSAndroid Build Coastguard Worker const uint8_t* FIPS_module_hash(void) {
266*8fb009dcSAndroid Build Coastguard Worker   return BORINGSSL_bcm_text_hash;
267*8fb009dcSAndroid Build Coastguard Worker }
268*8fb009dcSAndroid Build Coastguard Worker 
269*8fb009dcSAndroid Build Coastguard Worker #endif  // OPENSSL_ASAN
270*8fb009dcSAndroid Build Coastguard Worker 
BORINGSSL_FIPS_abort(void)271*8fb009dcSAndroid Build Coastguard Worker void BORINGSSL_FIPS_abort(void) {
272*8fb009dcSAndroid Build Coastguard Worker   for (;;) {
273*8fb009dcSAndroid Build Coastguard Worker     abort();
274*8fb009dcSAndroid Build Coastguard Worker     exit(1);
275*8fb009dcSAndroid Build Coastguard Worker   }
276*8fb009dcSAndroid Build Coastguard Worker }
277*8fb009dcSAndroid Build Coastguard Worker 
278*8fb009dcSAndroid Build Coastguard Worker #endif  // BORINGSSL_FIPS
279