mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2025-07-31 11:17:29 +02:00
Improvements to the wolfCrypt FIPS Visual Studio project link settings to resolve ASLR (Randomized Base Address) issue on some platforms. ZD 16615
This commit is contained in:
David Garske
@ -30,11 +30,13 @@ The In Core Memory test calculates a checksum (HMAC-SHA256) of the wolfCrypt
|
||||
FIPS library code and constant data and compares it with a known value in
|
||||
the code.
|
||||
|
||||
The Randomized Base Address setting needs to be disabled on the 32-bit builds
|
||||
but can be enabled on the 64-bit builds. In the 32-bit mode the addresses
|
||||
being different throws off the in-core memory calculation. It looks like in
|
||||
64-bit mode the library uses all offsets, so the core hash calculation
|
||||
is the same every time.
|
||||
The following wolfCrypt FIPS project linker settings are required for the DLL Win32 configuration:
|
||||
1) The [Randomized Base Address setting (ASLR)](https://learn.microsoft.com/en-us/cpp/build/reference/dynamicbase-use-address-space-layout-randomization?view=msvc-170)
|
||||
needs to be disabled on all builds as the feature throws off the in-core memory calculation causing the test to fail.
|
||||
2) The [Incremental Link](https://learn.microsoft.com/en-us/cpp/build/reference/incremental-link-incrementally?view=msvc-170)
|
||||
option need turned off so function pointers go to actual code, not a jump instruction.
|
||||
3) The [FixedBaseAddress](https://learn.microsoft.com/en-us/cpp/build/reference/fixed-fixed-base-address?view=msvc-170)
|
||||
option to YES, which disables the support for ASLR.
|
||||
|
||||
The "verifyCore" check value in the source fips_test.c needs to be updated when
|
||||
building the code. The POS performs this check and the default failure callback
|
||||
|
||||
@ -117,6 +117,18 @@
|
||||
<OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
|
||||
<IntDir>$(Configuration)\$(Platform)\obj\</IntDir>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'">
|
||||
<LinkIncremental>false</LinkIncremental>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'">
|
||||
<LinkIncremental>false</LinkIncremental>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">
|
||||
<LinkIncremental>false</LinkIncremental>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">
|
||||
<LinkIncremental>false</LinkIncremental>
|
||||
</PropertyGroup>
|
||||
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
|
||||
<ClCompile>
|
||||
<Optimization>Disabled</Optimization>
|
||||
@ -146,6 +158,7 @@
|
||||
<BaseAddress>0x5A000000</BaseAddress>
|
||||
<RandomizedBaseAddress>false</RandomizedBaseAddress>
|
||||
<DataExecutionPrevention>false</DataExecutionPrevention>
|
||||
<FixedBaseAddress>true</FixedBaseAddress>
|
||||
</Link>
|
||||
</ItemDefinitionGroup>
|
||||
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
|
||||
@ -174,7 +187,7 @@
|
||||
</ClCompile>
|
||||
<Link>
|
||||
<AdditionalDependencies>ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
|
||||
<RandomizedBaseAddress>true</RandomizedBaseAddress>
|
||||
<RandomizedBaseAddress>false</RandomizedBaseAddress>
|
||||
<DataExecutionPrevention>false</DataExecutionPrevention>
|
||||
</Link>
|
||||
</ItemDefinitionGroup>
|
||||
@ -206,6 +219,7 @@
|
||||
<AdditionalDependencies>ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
|
||||
<RandomizedBaseAddress>false</RandomizedBaseAddress>
|
||||
<BaseAddress>0x5A000000</BaseAddress>
|
||||
<FixedBaseAddress>true</FixedBaseAddress>
|
||||
</Link>
|
||||
</ItemDefinitionGroup>
|
||||
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
|
||||
@ -234,7 +248,7 @@
|
||||
</ClCompile>
|
||||
<Link>
|
||||
<AdditionalDependencies>ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
|
||||
<RandomizedBaseAddress>true</RandomizedBaseAddress>
|
||||
<RandomizedBaseAddress>false</RandomizedBaseAddress>
|
||||
</Link>
|
||||
</ItemDefinitionGroup>
|
||||
<ItemGroup>
|
||||
|
||||
@ -29,8 +29,13 @@ The In Core Memory test calculates a checksum (HMAC-SHA256) of the wolfCrypt
|
||||
FIPS library code and constant data and compares it with a known value in
|
||||
the code.
|
||||
|
||||
The Randomized Base Address setting needs to be disabled on all builds as the
|
||||
feature throws off the in-core memory calculation causing the test to fail.
|
||||
The following wolfCrypt FIPS project linker settings are required for the DLL Win32 configuration:
|
||||
1) The [Randomized Base Address setting (ASLR)](https://learn.microsoft.com/en-us/cpp/build/reference/dynamicbase-use-address-space-layout-randomization?view=msvc-170)
|
||||
needs to be disabled on all builds as the feature throws off the in-core memory calculation causing the test to fail.
|
||||
2) The [Incremental Link](https://learn.microsoft.com/en-us/cpp/build/reference/incremental-link-incrementally?view=msvc-170)
|
||||
option need turned off so function pointers go to actual code, not a jump instruction.
|
||||
3) The [FixedBaseAddress](https://learn.microsoft.com/en-us/cpp/build/reference/fixed-fixed-base-address?view=msvc-170)
|
||||
option to YES, which disables the support for ASLR.
|
||||
|
||||
The "verifyCore" check value in the source fips_test.c needs to be updated when
|
||||
building the code. The POS performs this check and the default failure callback
|
||||
@ -39,7 +44,6 @@ value and paste it back into your code in the verifyCore initializer then
|
||||
rebuild the code. When statically linking, you may have to recalculate your
|
||||
check value when changing your application.
|
||||
|
||||
|
||||
# Build Options
|
||||
|
||||
The default build options should be the proper default set of options:
|
||||
|
||||
@ -117,6 +117,18 @@
|
||||
<OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
|
||||
<IntDir>$(Configuration)\$(Platform)\$(ProjectName)_obj\</IntDir>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'">
|
||||
<LinkIncremental>false</LinkIncremental>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'">
|
||||
<LinkIncremental>false</LinkIncremental>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">
|
||||
<LinkIncremental>false</LinkIncremental>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">
|
||||
<LinkIncremental>false</LinkIncremental>
|
||||
</PropertyGroup>
|
||||
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
|
||||
<ClCompile>
|
||||
<Optimization>Disabled</Optimization>
|
||||
@ -146,6 +158,7 @@
|
||||
<BaseAddress>0x5A000000</BaseAddress>
|
||||
<RandomizedBaseAddress>false</RandomizedBaseAddress>
|
||||
<DataExecutionPrevention>false</DataExecutionPrevention>
|
||||
<FixedBaseAddress>true</FixedBaseAddress>
|
||||
</Link>
|
||||
</ItemDefinitionGroup>
|
||||
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
|
||||
@ -206,6 +219,7 @@
|
||||
<AdditionalDependencies>ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
|
||||
<RandomizedBaseAddress>false</RandomizedBaseAddress>
|
||||
<BaseAddress>0x5A000000</BaseAddress>
|
||||
<FixedBaseAddress>true</FixedBaseAddress>
|
||||
</Link>
|
||||
</ItemDefinitionGroup>
|
||||
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
|
||||
|
||||
Reference in New Issue
Block a user