Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add FIPS aarch POC build to CI. #138

Merged
merged 8 commits into from
Apr 28, 2021
Merged

Add FIPS aarch POC build to CI. #138

merged 8 commits into from
Apr 28, 2021

Conversation

bryce-shang
Copy link
Contributor

@bryce-shang bryce-shang commented Apr 27, 2021
edited
Loading

Issues:

Resolves CryptoAlg-725

Description of changes:

This PR added FIPS aarch build dimensions to awslc CI.

Call-outs:

  • Unlike x86 FIPS build, gcc7x is not planned to be in FIPS POC scope.
    • Related reference -- CryptoAlg-723?selectedConversation=e0c5b7c9-60f5-4d30-a496-f5f8dbc711cd
  • The first two code commits were reviewed.

Testing:

  • CI set up in personal account
    • CodeBuild request - aws-lc-ci-linux-arm:db6724d9-5b22-4f6f-a429-c0b552eec1f9
      • This build failed because the test used default go test timeout, which is 10m.
    • CodeBuild request - aws-lc-ci-linux-arm:8f624494-6ea8-46e2-b337-1f924dc40d03

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

bryce-shang and others added 3 commits April 26, 2021 10:09
@bryce-shang
Fix FIPS static build parse issue on aarch. (aws#135)
6ff9778 
* Remove 'ep_nistz256_add' function, and change offset calculation.

'ep_nistz256_add' in p256-armv8-asm.pl is duplicate to p256-nistz.c. Removing 'ep_nistz256_add' function is to avoid delocate.go reporting 'Duplicate symbol found'.

The offset calculation expression change is to avoid 'peg' parser errors because the current delocate.peg is not comprehensive enough to parse all assembly expressions.

* Add new peg rules to address new assembly expression.

* Change assembly expression.

* Add delocate.peg convert README.

* Remove auto-generated comment.

* Add more delocate.peg.go generate commands.

* Fix command.

* Update build files in generated-src
@bryce-shang @nebeid
Fix FIPS static build transform issue on aarch. (aws#137)
11d89c2 
* Remove 'ep_nistz256_add' function, and change offset calculation.

'ep_nistz256_add' in p256-armv8-asm.pl is duplicate to p256-nistz.c. Removing 'ep_nistz256_add' function is to avoid delocate.go reporting 'Duplicate symbol found'.

The offset calculation expression change is to avoid 'peg' parser errors because the current delocate.peg is not comprehensive enough to parse all assembly expressions.

* Add new peg rules to address new assembly expression.

* Change assembly expression.

* Add delocate.peg convert README.

* Remove auto-generated comment.

* Add more delocate.peg.go generate commands.

* Fix command.

* Add offset to local symbol in delocate.

* Update util/fipstools/delocate/delocate.go

Co-authored-by: Nevine Ebeid <66388554+nebeid@users.noreply.github.com>

* Update util/fipstools/delocate/delocate.go

Co-authored-by: Nevine Ebeid <66388554+nebeid@users.noreply.github.com>

* Update comments.

Co-authored-by: Nevine Ebeid <66388554+nebeid@users.noreply.github.com>
@bryce-shang
Add FIPS build CI on aarch.
79eee46
dkostic
dkostic previously approved these changes Apr 27, 2021
View reviewed changes
nebeid
nebeid reviewed Apr 27, 2021
View reviewed changes
tests/ci/cdk/cdk/codebuild/github_ci_linux_arm_omnibus.yaml
compute-type: BUILD_GENERAL1_LARGE
image: ECR_REPO_PLACEHOLDER:ubuntu-20.04_clang-7x_latest
variables:
AWSLC_NO_ASM_FIPS: 1
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You probably answered this question before, Bryce; so this build will not use assembly files?

Copy link
Contributor Author

@bryce-shang bryce-shang Apr 27, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The build includes multiple flavors -- both ASM and NOASM are enabled.
When NO_ASM, ASAN is enabled.
https://github.com/awslabs/aws-lc/blob/main/tests/ci/run_fips_tests.sh#L22

nebeid
nebeid previously approved these changes Apr 27, 2021
View reviewed changes
@bryce-shang bryce-shang requested a review from nebeid April 28, 2021 14:27
@bryce-shang
Copy link
Contributor Author

Changes in tests/ci/cdk/cdk/codebuild/github_ci_linux_arm_omnibus.yaml were deployed to team's account.

@bryce-shang bryce-shang merged commit d60b60e into aws:main Apr 28, 2021
@bryce-shang bryce-shang deleted the arm-fips-build branch May 3, 2021 23:54
torben-hansen pushed a commit to torben-hansen/aws-lc that referenced this pull request Sep 18, 2024
@aqjune-aws
Merge pull request aws#138 from aqjune-aws/env
405230a 
Add global assumptions paragraph
s2n-bignum original commit: awslabs/s2n-bignum@d61796f
torben-hansen pushed a commit to torben-hansen/aws-lc that referenced this pull request Sep 18, 2024
@aqjune-aws
Merge pull request aws#138 from aqjune-aws/env
b3593da 
Add global assumptions paragraph
s2n-bignum original commit: awslabs/s2n-bignum@d61796f

s2n-bignum original commit: awslabs/s2n-bignum@405230a
torben-hansen pushed a commit to torben-hansen/aws-lc that referenced this pull request Sep 19, 2024
@aqjune-aws
Merge pull request aws#138 from aqjune-aws/env
b83b2cc 
Add global assumptions paragraph
s2n-bignum original commit: awslabs/s2n-bignum@d61796f
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dkostic dkostic dkostic approved these changes

@nebeid nebeid nebeid approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@bryce-shang @dkostic @nebeid