[go] cmd/compile: don't treat string literal as static data in FIPS mode

[Cherry Mui (Gerrit)]

Cherry Mui submitted the change

Change information

Commit message:

cmd/compile: don't treat string literal as static data in FIPS mode

Reference a string literal requires a relocation, which is not
allowed in static data in FIPS mode, as this would be an absolute
relocation, and cannot be properly hashed at both link time and
run time.

Also, make sure the symbol's FIPS type is set before writing.
This ensures relocations are checked in FIPS RODATA symbols.
Currently we only call setFIPSType in prewrite if we change the
type from a BSS type to a DATA type. But it is possible that the
compiler sets the symbol type to RODATA and start writing to it.

For #78173.

Change-Id: I120a3b28ee3f38e9024479344565f54dff87d430

Reviewed-on: https://go-review.googlesource.com/c/go/+/755600

LUCI-TryBot-Result: Go LUCI <golang...@luci-project-accounts.iam.gserviceaccount.com>

Reviewed-by: Russ Cox <r...@golang.org>

Files:

• M src/cmd/compile/internal/walk/complit.go
• M src/cmd/internal/obj/data.go
• A src/crypto/internal/fips140/compile_test.go

Change size: S

Delta: 3 files changed, 32 insertions(+), 3 deletions(-)

Branch: refs/heads/master

Submit Requirements:

• Code-Review: +2 by Russ Cox
• TryBots-Pass: LUCI-TryBot-Result+1 by Go LUCI

Open in Gerrit

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

Gerrit-MessageType: merged

Gerrit-Project: go

Gerrit-Branch: master

Gerrit-Change-Id: I120a3b28ee3f38e9024479344565f54dff87d430

Gerrit-Change-Number: 755600

Gerrit-PatchSet: 3

Gerrit-Owner: Cherry Mui <cher...@google.com>

Gerrit-Reviewer: Cherry Mui <cher...@google.com>

Gerrit-Reviewer: Go LUCI <golang...@luci-project-accounts.iam.gserviceaccount.com>

Gerrit-Reviewer: Russ Cox <r...@golang.org>