Add 2024 FIPS and fix build issues on older arm FIPS (aws#1920)

justsmth · Oct 16, 2024 · 5afcb95 · 5afcb95
1 parent 9fbfa70
commit 5afcb95
Show file tree

Hide file tree

Showing 5 changed files with 38 additions and 9 deletions.
diff --git a/include/openssl/base.h b/include/openssl/base.h
@@ -114,7 +114,7 @@ extern "C" {
 // A consumer may use this symbol in the preprocessor to temporarily build
 // against multiple revisions of BoringSSL at the same time. It is not
 // recommended to do so for longer than is necessary.
-#define AWSLC_API_VERSION 30
+#define AWSLC_API_VERSION 31
 
 // This string tracks the most current production release version on Github
 // https://github.com/aws/aws-lc/releases.

diff --git a/tests/ci/cdk/cdk/codebuild/github_ci_linux_arm_omnibus.yaml b/tests/ci/cdk/cdk/codebuild/github_ci_linux_arm_omnibus.yaml
@@ -373,3 +373,13 @@ batch:
         image: 620771051181.dkr.ecr.us-west-2.amazonaws.com/aws-lc-docker-images-linux-aarch:amazonlinux-2023_gcc-11x_latest
         variables:
           AWS_LC_CI_TARGET: "tests/ci/run_ssl_runner_valgrind_tests.sh"
+
+    - identifier: ubuntu2004_clang7x_aarch_benchmark
+      buildspec: ./tests/ci/codebuild/common/run_simple_target.yml
+      env:
+        type: ARM_CONTAINER
+        privileged-mode: false
+        compute-type: BUILD_GENERAL1_LARGE
+        image: 620771051181.dkr.ecr.us-west-2.amazonaws.com/aws-lc-docker-images-linux-aarch:ubuntu-20.04_clang-7x-bm-framework_latest
+        variables:
+          AWS_LC_CI_TARGET: "tests/ci/run_benchmark_build_tests.sh"
diff --git a/tests/ci/common_posix_setup.sh b/tests/ci/common_posix_setup.sh
@@ -207,6 +207,19 @@ function build_openssl {
     rm -rf "${scratch_folder}/openssl-${branch}"
 }
 
+function build_openssl_no_debug {
+    branch=$1
+    echo "building OpenSSL ${branch}"
+    git clone --depth 1 --branch "${branch}" "${openssl_url}" "${scratch_folder}/openssl-${branch}"
+    pushd "${scratch_folder}/openssl-${branch}"
+    mkdir -p "${install_dir}/openssl-${branch}"
+    ./config --prefix="${install_dir}/openssl-${branch}" --openssldir="${install_dir}/openssl-${branch}"
+    make "-j${NUM_CPU_THREADS}" > /dev/null
+    make install_sw
+    popd
+    rm -rf "${scratch_folder}/openssl-${branch}"
+}
+
 print_executable_information "cmake" "--version" "CMake version"
 print_executable_information "cmake3" "--version" "CMake version (cmake3 executable)"
 print_executable_information "go" "version" "Go version"

diff --git a/tests/ci/run_benchmark_build_tests.sh b/tests/ci/run_benchmark_build_tests.sh
@@ -74,24 +74,28 @@ build_aws_lc_fips
 
 build_aws_lc_branch fips-2021-10-20
 build_aws_lc_branch fips-2022-11-02
-build_openssl $openssl_1_0_2_branch
-build_openssl $openssl_1_1_1_branch
-build_openssl $openssl_3_1_branch
-build_openssl $openssl_3_2_branch
-build_openssl $openssl_master_branch
+build_aws_lc_branch fips-2024-09-27
+build_openssl_no_debug $openssl_1_0_2_branch
+build_openssl_no_debug $openssl_1_1_1_branch
+build_openssl_no_debug $openssl_3_1_branch
+build_openssl_no_debug $openssl_3_2_branch
+build_openssl_no_debug $openssl_master_branch
 build_boringssl
 
 run_build -DASAN=1 -DCMAKE_BUILD_TYPE=RelWithDebInfo -DCMAKE_CXX_STANDARD=14 -DCMAKE_C_STANDARD=11 -DENABLE_DILITHIUM=ON -DBENCHMARK_LIBS="\
 aws-lc-fips-2021:${install_dir}/aws-lc-fips-2021-10-20;\
 aws-lc-fips-2022:${install_dir}/aws-lc-fips-2022-11-02;\
+aws-lc-fips-2024:${install_dir}/aws-lc-fips-2024-09-27;\
 open102:${install_dir}/openssl-${openssl_1_0_2_branch};\
 open111:${install_dir}/openssl-${openssl_1_1_1_branch};\
 open31:${install_dir}/openssl-${openssl_3_1_branch};\
 open32:${install_dir}/openssl-${openssl_3_2_branch};\
 openmaster:${install_dir}/openssl-${openssl_master_branch};\
 boringssl:${install_dir}/boringssl;"
+
 LD_LIBRARY_PATH="${install_dir}/aws-lc-fips-2021-10-20/lib" "${BUILD_ROOT}/tool/aws-lc-fips-2021" -timeout_ms 10
-LD_LIBRARY_PATH="${install_dir}/aws-lc-fips-2022/lib" "${BUILD_ROOT}/tool/aws-lc-fips-2022" -timeout_ms 10
+LD_LIBRARY_PATH="${install_dir}/aws-lc-fips-2022-11-02/lib" "${BUILD_ROOT}/tool/aws-lc-fips-2022" -timeout_ms 10
+LD_LIBRARY_PATH="${install_dir}/aws-lc-fips-2024-09-27/lib" "${BUILD_ROOT}/tool/aws-lc-fips-2022" -timeout_ms 10
 LD_LIBRARY_PATH="${install_dir}/openssl-${openssl_1_0_2_branch}/lib" "${BUILD_ROOT}/tool/open102" -timeout_ms 10
 LD_LIBRARY_PATH="${install_dir}/openssl-${openssl_1_1_1_branch}/lib" "${BUILD_ROOT}/tool/open111" -timeout_ms 10
 LD_LIBRARY_PATH="${install_dir}/openssl-${openssl_3_1_branch}/lib64" "${BUILD_ROOT}/tool/open31" -timeout_ms 10

diff --git a/tool/speed.cc b/tool/speed.cc
@@ -37,7 +37,6 @@
 #if defined(OPENSSL_IS_AWSLC)
 #include "bssl_bm.h"
 #include "../crypto/internal.h"
-#include "../crypto/fipsmodule/cpucap/internal.h"
 #include <thread>
 #include <sstream>
 #elif defined(OPENSSL_IS_BORINGSSL)
@@ -86,7 +85,10 @@ static inline void *align_pointer(void *ptr, size_t alignment) {
 }
 #endif
 
-#if defined(OPENSSL_IS_AWSLC) && defined(AARCH64_DIT_SUPPORTED)
+
+
+#if defined(OPENSSL_IS_AWSLC) && defined(AARCH64_DIT_SUPPORTED) && (AWSLC_API_VERSION > 30)
+#include "../crypto/fipsmodule/cpucap/internal.h"
 #define DIT_OPTION
 #endif