Refactor

justsmth · justsmth · commit 5691f0f07513 · 2026-02-20T11:51:04.000-05:00
diff --git a/crypto/fipsmodule/bcm.c b/crypto/fipsmodule/bcm.c
@@ -492,6 +492,11 @@ int BORINGSSL_integrity_test(void) {
   // On ARM64 Windows, ASLR is mandatory.  Undo PE base relocations in
   // temporary copies of the FIPS sections so the hash is load-address
   // independent.  See the comment above fips_undo_base_relocations().
+  //
+  // IMPORTANT: The PE loader overwrites OptionalHeader.ImageBase in memory
+  // with the actual load address, so reading it from the in-memory PE header
+  // always gives delta==0.  We must read the *original* ImageBase from the
+  // DLL file on disk to obtain the true preferred base.
   uint8_t *text_copy = NULL;
   uint8_t *rodata_copy = NULL;
   const uint8_t *text_to_hash = start;
@@ -503,15 +508,45 @@ int BORINGSSL_integrity_test(void) {
               GET_MODULE_HANDLE_EX_FLAG_UNCHANGED_REFCOUNT,
           (LPCWSTR)start, &fips_module)) {
     const uintptr_t actual_base = (uintptr_t)fips_module;
+
+    // Read the preferred ImageBase from the DLL file on disk.
+    uintptr_t preferred_base = actual_base;  // fallback: assume no relocation
+    wchar_t dll_path[MAX_PATH];
+    if (GetModuleFileNameW(fips_module, dll_path, MAX_PATH) != 0) {
+      HANDLE hFile = CreateFileW(dll_path, GENERIC_READ, FILE_SHARE_READ,
+                                 NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL,
+                                 NULL);
+      if (hFile != INVALID_HANDLE_VALUE) {
+        IMAGE_DOS_HEADER file_dos_header;
+        DWORD bytes_read = 0;
+        if (ReadFile(hFile, &file_dos_header, sizeof(file_dos_header),
+                     &bytes_read, NULL) &&
+            bytes_read == sizeof(file_dos_header) &&
+            file_dos_header.e_magic == IMAGE_DOS_SIGNATURE) {
+          LARGE_INTEGER nt_offset;
+          nt_offset.QuadPart = file_dos_header.e_lfanew;
+          if (SetFilePointerEx(hFile, nt_offset, NULL, FILE_BEGIN)) {
+            IMAGE_NT_HEADERS file_nt_headers;
+            if (ReadFile(hFile, &file_nt_headers, sizeof(file_nt_headers),
+                         &bytes_read, NULL) &&
+                bytes_read == sizeof(file_nt_headers) &&
+                file_nt_headers.Signature == IMAGE_NT_SIGNATURE) {
+              preferred_base =
+                  (uintptr_t)file_nt_headers.OptionalHeader.ImageBase;
+            }
+          }
+        }
+        CloseHandle(hFile);
+      }
+    }
+
+    const intptr_t delta = (intptr_t)(actual_base - preferred_base);
     const IMAGE_DOS_HEADER *dos_header =
         (const IMAGE_DOS_HEADER *)fips_module;
     const IMAGE_NT_HEADERS *nt_headers = (const IMAGE_NT_HEADERS *)(
         (const uint8_t *)fips_module + dos_header->e_lfanew);
-    const uintptr_t preferred_base =
-        (uintptr_t)nt_headers->OptionalHeader.ImageBase;
-    const intptr_t delta = (intptr_t)(actual_base - preferred_base);
 
-    fprintf(stderr, "FIPS reloc-undo: actual_base=%p preferred_base=%p delta=0x%llx\n",
+    fprintf(stderr, "FIPS reloc-undo: actual_base=%p preferred_base(file)=%p delta=0x%llx\n",
             (const void *)actual_base, (const void *)preferred_base,
             (unsigned long long)delta);
 
