Skip to content

Commit c540a7d

Browse files
andrewhopandrewhop
authored
Add more build options to match callback build (#2279)
### Resolves CryptoAlg-2437 ### Description of changes: Mirror more of the build options to make sure we catch any build issues early in GitHub. Adding the release with debug issue raised an issue with break-kat.go failing with: `Test input value was still found after erasing it. Second copy?`. This happens because the function which contains the test vectors are inlined into two functions which results in two copies of the data. This only appears to happen with GCC 7.3.1. This change fixes that by marking all of the tests as no inline. By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.
1 parent 92e1332 commit c540a7d

File tree

3 files changed

+33
-15
lines changed

3 files changed

+33
-15
lines changed

crypto/fipsmodule/self_check/self_check.c

Lines changed: 11 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -437,7 +437,7 @@ static DH *self_test_dh(void) {
437437
// actually exercised, in FIPS mode. (In non-FIPS mode these tests are only run
438438
// when requested by |BORINGSSL_self_test|.)
439439

440-
static int boringssl_self_test_rsa(void) {
440+
static OPENSSL_NOINLINE int boringssl_self_test_rsa(void) {
441441
int ret = 0;
442442
uint8_t output[256];
443443

@@ -536,7 +536,7 @@ static int boringssl_self_test_rsa(void) {
536536
return ret;
537537
}
538538

539-
static int boringssl_self_test_ecc(void) {
539+
static OPENSSL_NOINLINE int boringssl_self_test_ecc(void) {
540540
int ret = 0;
541541
EC_KEY *ec_key = NULL;
542542
EC_POINT *ec_point_in = NULL;
@@ -662,7 +662,7 @@ static int boringssl_self_test_ecc(void) {
662662
return ret;
663663
}
664664

665-
static int boringssl_self_test_ffdh(void) {
665+
static OPENSSL_NOINLINE int boringssl_self_test_ffdh(void) {
666666
int ret = 0;
667667
DH *dh = NULL;
668668
DH *fb_dh = NULL;
@@ -809,7 +809,7 @@ static int boringssl_self_test_ffdh(void) {
809809
return ret;
810810
}
811811

812-
static int boringssl_self_test_ml_kem(void) {
812+
static OPENSSL_NOINLINE int boringssl_self_test_ml_kem(void) {
813813
int ret = 0;
814814

815815
static const uint8_t kKeyGenEKSeed[MLKEM512_KEYGEN_SEED_LEN] = {
@@ -1503,7 +1503,7 @@ static int boringssl_self_test_ml_kem(void) {
15031503
return ret;
15041504
}
15051505

1506-
static int boringssl_self_test_ml_dsa(void) {
1506+
static OPENSSL_NOINLINE int boringssl_self_test_ml_dsa(void) {
15071507
int ret = 0;
15081508

15091509
// Examples kMLDSAKeyGenSeed, kMLDSAKeyGenPublicKey, kMLDSAKeyGenPrivateKey from
@@ -2308,7 +2308,7 @@ static int boringssl_self_test_ml_dsa(void) {
23082308
return ret;
23092309
}
23102310

2311-
static int boringssl_self_test_eddsa(void) {
2311+
static OPENSSL_NOINLINE int boringssl_self_test_eddsa(void) {
23122312
int ret = 0;
23132313

23142314
static const uint8_t kEd25519PrivateKey[ED25519_PRIVATE_KEY_SEED_LEN] = {
@@ -2371,7 +2371,7 @@ static int boringssl_self_test_eddsa(void) {
23712371
return ret;
23722372
}
23732373

2374-
static int boringssl_self_test_hasheddsa(void) {
2374+
static OPENSSL_NOINLINE int boringssl_self_test_hasheddsa(void) {
23752375
int ret = 0;
23762376

23772377
static const uint8_t kEd25519PrivateKey[ED25519_PRIVATE_KEY_SEED_LEN] = {
@@ -2555,7 +2555,7 @@ int boringssl_self_test_sha256(void) {
25552555
"SHA-256 KAT");
25562556
}
25572557

2558-
static int boringssl_self_test_sha512(void) {
2558+
static OPENSSL_NOINLINE int boringssl_self_test_sha512(void) {
25592559
static const uint8_t kInput[16] = {
25602560
0x21, 0x25, 0x12, 0xf8, 0xd2, 0xad, 0x83, 0x22,
25612561
0x78, 0x1c, 0x6c, 0x4d, 0x69, 0xa9, 0xda, 0xa1,
@@ -2596,7 +2596,7 @@ int boringssl_self_test_hmac_sha256(void) {
25962596
"HMAC-SHA-256 KAT");
25972597
}
25982598

2599-
static int boringssl_self_test_hkdf_sha256(void) {
2599+
static OPENSSL_NOINLINE int boringssl_self_test_hkdf_sha256(void) {
26002600
static const uint8_t kHKDF_ikm_tc1[] = {
26012601
0x58, 0x3e, 0xa3, 0xcf, 0x8f, 0xcf, 0xc8, 0x08, 0x73, 0xcc, 0x7b, 0x88,
26022602
0x00, 0x9d, 0x4a, 0xed, 0x07, 0xd8, 0xd8, 0x88, 0xae, 0x98, 0x76, 0x8d,
@@ -2625,7 +2625,7 @@ static int boringssl_self_test_hkdf_sha256(void) {
26252625
"HKDF-SHA-256 KAT");
26262626
}
26272627

2628-
static int boringssl_self_test_sha3_256(void) {
2628+
static OPENSSL_NOINLINE int boringssl_self_test_sha3_256(void) {
26292629
// From: SHA3_256ShortMsg.txt
26302630
// Len = 128
26312631
// Msg = d83c721ee51b060c5a41438a8221e040
@@ -2647,7 +2647,7 @@ static int boringssl_self_test_sha3_256(void) {
26472647
"SHA3-256 KAT");
26482648
}
26492649

2650-
static int boringssl_self_test_fast(void) {
2650+
static OPENSSL_NOINLINE int boringssl_self_test_fast(void) {
26512651
static const uint8_t kAESKey[16] = {'B', 'o', 'r', 'i', 'n', 'g', 'C', 'r',
26522652
'y', 'p', 't', 'o', ' ', 'K', 'e', 'y'};
26532653
// Older versions of the gcc release build on ARM will optimize out the

include/openssl/base.h

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -248,6 +248,12 @@ extern "C" {
248248
#define OPENSSL_INLINE static inline OPENSSL_UNUSED
249249
#endif
250250

251+
#if defined(OPENSSL_WINDOWS)
252+
#define OPENSSL_NOINLINE __declspec(noinline)
253+
#else
254+
#define OPENSSL_NOINLINE __attribute__((noinline))
255+
#endif
256+
251257
// ossl_ssize_t is a signed type which is large enough to fit the size of any
252258
// valid memory allocation. We prefer using |size_t|, but sometimes we need a
253259
// signed type for OpenSSL API compatibility. This type can be used in such

tests/ci/run_fips_callback_tests.sh

Lines changed: 16 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -70,19 +70,31 @@ function run_all_break_tests() {
7070
}
7171

7272
echo "Testing AWS-LC static breakable build with custom callback and Jitter enabled"
73-
build_and_test -DFIPS=1 \
74-
-DCMAKE_C_FLAGS="-DBORINGSSL_FIPS_BREAK_TESTS -DAWSLC_FIPS_FAILURE_CALLBACK" \
73+
build_and_test -DCMAKE_BUILD_TYPE=Release \
74+
-DBUILD_SHARED_LIBS=OFF \
75+
-DFIPS=1 \
76+
-DCMAKE_INSTALL_LIBDIR=lib \
77+
-DCMAKE_INSTALL_INCLUDEDIR=include \
78+
-DCMAKE_INSTALL_BINDIR=bin \
79+
-DCMAKE_C_FLAGS="-ggdb -DBORINGSSL_FIPS_BREAK_TESTS -DAWSLC_FIPS_FAILURE_CALLBACK" \
7580
-DCMAKE_CXX_FLAGS="-DAWSLC_FIPS_FAILURE_CALLBACK" \
81+
-DBUILD_TESTING=ON -DBUILD_LIBSSL=ON \
7682
-DENABLE_FIPS_ENTROPY_CPU_JITTER=1
7783

7884
maybe_run_fips_tests
7985
maybe_run_fips_break_tests
8086
run_all_break_tests
8187

8288
echo "Testing AWS-LC static build with custom callback and Jitter enabled"
83-
build_and_test -DFIPS=1 \
84-
-DCMAKE_C_FLAGS="-DAWSLC_FIPS_FAILURE_CALLBACK" \
89+
build_and_test -DCMAKE_BUILD_TYPE=Release \
90+
-DBUILD_SHARED_LIBS=OFF \
91+
-DFIPS=1 \
92+
-DCMAKE_INSTALL_LIBDIR=lib \
93+
-DCMAKE_INSTALL_INCLUDEDIR=include \
94+
-DCMAKE_INSTALL_BINDIR=bin \
95+
-DCMAKE_C_FLAGS="-ggdb -DAWSLC_FIPS_FAILURE_CALLBACK" \
8596
-DCMAKE_CXX_FLAGS="-DAWSLC_FIPS_FAILURE_CALLBACK" \
97+
-DBUILD_TESTING=ON -DBUILD_LIBSSL=ON \
8698
-DENABLE_FIPS_ENTROPY_CPU_JITTER=1
8799

88100
maybe_run_fips_tests

0 commit comments

Comments
 (0)