ENV vars for OPENSSL_NO_ASM

aws · Apr 2, 2024 · a2262ff · a2262ff
1 parent 2502a73
commit a2262ff
Show file tree

Hide file tree

Showing 3 changed files with 100 additions and 13 deletions.
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
@@ -169,10 +169,12 @@ jobs:
         working-directory: ./aws-lc-rs
         run: cargo test ${{ matrix.args }} --lib --bins --tests --examples --target x86_64-unknown-linux-gnu --features asan
 
-  build-env-test:
+  build-env-static-test:
     if: github.repository == 'aws/aws-lc-rs'
-    name: aws-lc-rs build-env-test
+    name: aws-lc-rs build-env-static-test
     runs-on: ${{ matrix.os }}
+    env:
+      AWS_LC_SYS_STATIC: ${{ matrix.static }}
     strategy:
       fail-fast: false
       matrix:
@@ -187,15 +189,16 @@ jobs:
       - name: Set Rust toolchain override
         run: rustup override set ${{ steps.toolchain.outputs.name }}
       - name: Run cargo test
-        working-directory: ./aws-lc-rs
         # Doc-tests fail to link with dynamic build
         # See: https://github.com/rust-lang/cargo/issues/8531
-        run: AWS_LC_SYS_STATIC=${{ matrix.static }}  cargo test --tests
+        run: cargo test -p aws-lc-rs --tests
 
-  build-env-fips-test:
+  build-env-fips-static-test:
     if: github.repository == 'aws/aws-lc-rs'
-    name: aws-lc-rs build-env-fips-test
+    name: aws-lc-rs build-env-fips-static-test
     runs-on: ${{ matrix.os }}
+    env:
+      AWS_LC_FIPS_SYS_STATIC: ${{ matrix.static }}
     strategy:
       fail-fast: false
       matrix:
@@ -213,11 +216,72 @@ jobs:
         with:
           go-version: '>=1.18'
       - name: Run cargo test
-        working-directory: ./aws-lc-rs
         if: ${{ matrix.os == 'ubuntu-latest' || matrix.static != 1 }}
         # Doc-tests fail to link with dynamic build
         # See: https://github.com/rust-lang/cargo/issues/8531
-        run: AWS_LC_FIPS_SYS_STATIC=${{ matrix.static }} cargo test --tests --features fips
+        run: cargo test -p aws-lc-rs --tests --no-default-features --features fips
+
+  build-env-no-asm-test:
+    if: github.repository == 'aws/aws-lc-rs'
+    name: build-env-no-asm-test
+    runs-on: ${{ matrix.os }}
+    env:
+      AWS_LC_SYS_NO_ASM: 1
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ ubuntu-latest, macos-12, macos-13-xlarge, windows-latest ]
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          submodules: 'recursive'
+      - uses: dtolnay/rust-toolchain@stable
+        id: toolchain
+      - name: Set Rust toolchain override
+        run: rustup override set ${{ steps.toolchain.outputs.name }}
+      - name: Run cargo test
+        run: cargo test -p aws-lc-rs
+      - name: Release build
+        run: |
+          cargo build -p aws-lc-rs --release
+          if [[ $? -eq 0 ]]; then
+            exit 1
+          else
+            exit 0
+          fi
+
+  build-env-fips-no-asm-test:
+    if: github.repository == 'aws/aws-lc-rs'
+    name: aws-lc-rs build-env-fips-no-asm-test
+    runs-on: ${{ matrix.os }}
+    env:
+      AWS_LC_FIPS_SYS_NO_ASM: 1
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ ubuntu-latest, macos-12, macos-13-xlarge, windows-latest ]
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          submodules: 'recursive'
+      - uses: dtolnay/rust-toolchain@stable
+        id: toolchain
+      - name: Set Rust toolchain override
+        run: rustup override set ${{ steps.toolchain.outputs.name }}
+      - uses: actions/setup-go@v4
+        with:
+          go-version: '>=1.18'
+      - name: Run cargo test
+        if: ${{ matrix.os == 'ubuntu-latest' || matrix.static != 1 }}
+        run: cargo test -p aws-lc-rs --no-default-features --features fips
+      - name: Release build
+        run: |
+          cargo build -p aws-lc-rs --release --no-default-features --features fips
+          if [[ $? -eq 0 ]]; then
+            exit 1
+          else
+            exit 0
+          fi
 
   careful:
     if: github.repository == 'aws/aws-lc-rs'

diff --git a/aws-lc-fips-sys/builder/cmake_builder.rs b/aws-lc-fips-sys/builder/cmake_builder.rs
@@ -2,7 +2,10 @@
 // SPDX-License-Identifier: Apache-2.0 OR ISC
 
 use crate::OutputLib::{Crypto, RustWrapper, Ssl};
-use crate::{target, target_arch, target_os, target_vendor, test_command, OutputLibType};
+use crate::{
+    cargo_env, env_var_to_bool, target, target_arch, target_os, target_vendor, test_command,
+    OutputLibType,
+};
 use std::collections::HashMap;
 use std::env;
 use std::ffi::OsStr;
@@ -87,10 +90,18 @@ impl CmakeBuilder {
         } else {
             cmake_cfg.define("BUILD_SHARED_LIBS", "0");
         }
+        let opt_level = cargo_env("OPT_LEVEL");
 
-        let opt_level = env::var("OPT_LEVEL").unwrap_or_else(|_| "0".to_string());
-        if opt_level.ne("0") {
-            if opt_level.eq("1") || opt_level.eq("2") {
+        if Some(true) == env_var_to_bool("AWS_LC_FIPS_SYS_NO_ASM") {
+            if opt_level == "0" {
+                cmake_cfg.define("OPENSSL_NO_ASM", "1");
+            } else {
+                panic!("AWS_LC_FIPS_SYS_NO_ASM only allowed for debug builds!")
+            }
+        }
+
+        if opt_level != "0" {
+            if opt_level == "1" || opt_level == "2" {
                 cmake_cfg.define("CMAKE_BUILD_TYPE", "relwithdebinfo");
             } else {
                 cmake_cfg.define("CMAKE_BUILD_TYPE", "release");

diff --git a/aws-lc-sys/builder/cmake_builder.rs b/aws-lc-sys/builder/cmake_builder.rs
@@ -2,7 +2,10 @@
 // SPDX-License-Identifier: Apache-2.0 OR ISC
 
 use crate::OutputLib::{Crypto, RustWrapper, Ssl};
-use crate::{target, target_arch, target_os, target_vendor, test_command, OutputLibType};
+use crate::{
+    cargo_env, env_var_to_bool, target, target_arch, target_os, target_vendor, test_command,
+    OutputLibType,
+};
 use std::env;
 use std::ffi::OsStr;
 use std::path::PathBuf;
@@ -101,6 +104,15 @@ impl CmakeBuilder {
         cmake_cfg.define("DISABLE_PERL", "ON");
         cmake_cfg.define("DISABLE_GO", "ON");
 
+        if Some(true) == env_var_to_bool("AWS_LC_SYS_NO_ASM") {
+            let opt_level = cargo_env("OPT_LEVEL");
+            if opt_level == "0" {
+                cmake_cfg.define("OPENSSL_NO_ASM", "1");
+            } else {
+                panic!("AWS_LC_SYS_NO_ASM only allowed for debug builds!")
+            }
+        }
+
         if target_vendor() == "apple" {
             if target_os().trim() == "ios" {
                 cmake_cfg.define("CMAKE_SYSTEM_NAME", "iOS");