Skip to content

Commit

Permalink
ENV vars for OPENSSL_NO_ASM (#377)
Browse files Browse the repository at this point in the history 
* ENV vars for OPENSSL_NO_ASM

* Fix CI checks
  • Loading branch information
@justsmth
justsmth authored Apr 26, 2024
1 parent 3c9e90b commit de5c627
Show file tree
Hide file tree
Showing 5 changed files with 139 additions and 22 deletions.
101 changes: 87 additions & 14 deletions .github/workflows/tests.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -174,10 +174,12 @@ jobs:
working-directory: ./aws-lc-rs
run: cargo test ${{ matrix.args }} --lib --bins --tests --examples --target x86_64-unknown-linux-gnu --features asan

build-env-test:
build-env-static-test:
if: github.repository_owner == 'aws'
name: aws-lc-rs build-env-test
name: aws-lc-rs build-env-static-test
runs-on: ${{ matrix.os }}
env:
AWS_LC_SYS_STATIC: ${{ matrix.static }}
strategy:
fail-fast: false
matrix:
Expand All @@ -188,14 +190,10 @@ jobs:
with:
submodules: 'recursive'
- uses: dtolnay/rust-toolchain@stable
id: toolchain
- name: Set Rust toolchain override
run: rustup override set ${{ steps.toolchain.outputs.name }}
- name: Run cargo test
working-directory: ./aws-lc-rs
# Doc-tests fail to link with dynamic build
# See: https://github.com/rust-lang/cargo/issues/8531
run: AWS_LC_SYS_STATIC=${{ matrix.static }} cargo test --tests
run: cargo test -p aws-lc-rs --tests

build-env-external-bindgen-test:
if: github.repository_owner == 'aws'
Expand Down Expand Up @@ -225,10 +223,12 @@ jobs:
- name: Run cargo test
run: cargo test --tests -p aws-lc-rs --no-default-features --features aws-lc-sys

build-env-fips-test:
build-env-fips-static-test:
if: github.repository_owner == 'aws'
name: aws-lc-rs build-env-fips-test
name: aws-lc-rs build-env-fips-static-test
runs-on: ${{ matrix.os }}
env:
AWS_LC_FIPS_SYS_STATIC: ${{ matrix.static }}
strategy:
fail-fast: false
matrix:
Expand All @@ -239,18 +239,91 @@ jobs:
with:
submodules: 'recursive'
- uses: dtolnay/rust-toolchain@stable
id: toolchain
- name: Set Rust toolchain override
run: rustup override set ${{ steps.toolchain.outputs.name }}
- name: Install ninja-build tool
uses: seanmiddleditch/gha-setup-ninja@v4
- uses: actions/setup-go@v4
with:
go-version: '>=1.18'
- name: Run cargo test
working-directory: ./aws-lc-rs
if: ${{ matrix.os == 'ubuntu-latest' || matrix.static != 1 }}
# Doc-tests fail to link with dynamic build
# See: https://github.com/rust-lang/cargo/issues/8531
run: AWS_LC_FIPS_SYS_STATIC=${{ matrix.static }} cargo test --tests --features fips
run: cargo test -p aws-lc-rs --tests --no-default-features --features fips

build-env-no-asm-test:
if: github.repository_owner == 'aws'
name: build-env-no-asm-test
runs-on: ${{ matrix.os }}
env:
AWS_LC_SYS_NO_ASM: 1
strategy:
fail-fast: false
matrix:
os: [ ubuntu-latest, macos-12, macos-13-xlarge, windows-latest ]
steps:
- uses: actions/checkout@v3
with:
submodules: 'recursive'
- uses: dtolnay/rust-toolchain@stable
- name: Run cargo test
run: cargo test -p aws-lc-rs
- name: Release build
if: ${{ matrix.os != 'windows-latest' }}
run: |
if cargo build -p aws-lc-rs --release; then
exit 1
else
exit 0
fi
- name: Release build
if: ${{ matrix.os == 'windows-latest' }}
shell: pwsh
run: |
if (cargo build -p aws-lc-rs --release) {
exit 1
} else {
exit 0
}
build-env-fips-no-asm-test:
if: github.repository_owner == 'aws'
name: aws-lc-rs build-env-fips-no-asm-test
runs-on: ${{ matrix.os }}
env:
AWS_LC_FIPS_SYS_NO_ASM: 1
strategy:
fail-fast: false
matrix:
os: [ ubuntu-latest, macos-12, macos-13-xlarge, windows-latest ]
steps:
- uses: actions/checkout@v3
with:
submodules: 'recursive'
- uses: dtolnay/rust-toolchain@stable
- name: Install ninja-build tool
uses: seanmiddleditch/gha-setup-ninja@v4
- uses: actions/setup-go@v4
with:
go-version: '>=1.18'
- name: Run cargo test
run: cargo test -p aws-lc-rs --tests --no-default-features --features fips
- name: Release build
if: ${{ matrix.os != 'windows-latest' }}
run: |
if cargo build -p aws-lc-rs --release --no-default-features --features fips; then
exit 1
else
exit 0
fi
- name: Release build
if: ${{ matrix.os == 'windows-latest' }}
shell: pwsh
run: |
if (cargo build -p aws-lc-rs --release --no-default-features --features fips) {
exit 1
} else {
exit 0
}
build-env-fips-external-bindgen-test:
if: github.repository_owner == 'aws'
Expand Down
25 changes: 20 additions & 5 deletions aws-lc-fips-sys/builder/cmake_builder.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,10 @@
// SPDX-License-Identifier: Apache-2.0 OR ISC

use crate::OutputLib::{Crypto, RustWrapper, Ssl};
use crate::{execute_command, target, target_arch, target_os, target_vendor, OutputLibType};
use crate::{
cargo_env, execute_command, is_no_asm, target, target_arch, target_os, target_vendor,
OutputLibType,
};
use std::collections::HashMap;
use std::env;
use std::ffi::OsStr;
Expand Down Expand Up @@ -84,10 +87,18 @@ impl CmakeBuilder {
} else {
cmake_cfg.define("BUILD_SHARED_LIBS", "0");
}
let opt_level = cargo_env("OPT_LEVEL");

let opt_level = env::var("OPT_LEVEL").unwrap_or_else(|_| "0".to_string());
if opt_level.ne("0") {
if opt_level.eq("1") || opt_level.eq("2") {
if is_no_asm() {
if opt_level == "0" {
cmake_cfg.define("OPENSSL_NO_ASM", "1");
} else {
panic!("AWS_LC_FIPS_SYS_NO_ASM only allowed for debug builds!")
}
}

if opt_level != "0" {
if opt_level == "1" || opt_level == "2" {
cmake_cfg.define("CMAKE_BUILD_TYPE", "relwithdebinfo");
} else {
cmake_cfg.define("CMAKE_BUILD_TYPE", "release");
Expand Down Expand Up @@ -192,7 +203,11 @@ impl crate::Builder for CmakeBuilder {
eprintln!("Missing dependency: perl is required for FIPS.");
missing_dependency = true;
}
if target_os() == "windows" && target_arch() == "x86_64" && !test_nasm_command() {
if target_os() == "windows"
&& target_arch() == "x86_64"
&& !test_nasm_command()
&& !is_no_asm()
{
eprintln!("Missing dependency: nasm is required for FIPS.");
missing_dependency = true;
}
Expand Down
7 changes: 6 additions & 1 deletion aws-lc-fips-sys/builder/main.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -275,14 +275,15 @@ static mut PREGENERATED: bool = false;
static mut AWS_LC_FIPS_SYS_NO_PREFIX: bool = false;
static mut AWS_LC_FIPS_SYS_INTERNAL_BINDGEN: bool = false;
static mut AWS_LC_FIPS_SYS_EXTERNAL_BINDGEN: bool = false;

static mut AWS_LC_FIPS_SYS_NO_ASM: bool = false;
fn initialize() {
unsafe {
AWS_LC_FIPS_SYS_NO_PREFIX = env_var_to_bool("AWS_LC_FIPS_SYS_NO_PREFIX").unwrap_or(false);
AWS_LC_FIPS_SYS_INTERNAL_BINDGEN =
env_var_to_bool("AWS_LC_FIPS_SYS_INTERNAL_BINDGEN").unwrap_or(false);
AWS_LC_FIPS_SYS_EXTERNAL_BINDGEN =
env_var_to_bool("AWS_LC_FIPS_SYS_EXTERNAL_BINDGEN").unwrap_or(false);
AWS_LC_FIPS_SYS_NO_ASM = env_var_to_bool("AWS_LC_FIPS_SYS_NO_ASM").unwrap_or(false);
}

if !is_external_bindgen() && (is_internal_bindgen() || !has_bindgen_feature()) {
Expand Down Expand Up @@ -325,6 +326,10 @@ fn is_external_bindgen() -> bool {
unsafe { AWS_LC_FIPS_SYS_EXTERNAL_BINDGEN }
}

fn is_no_asm() -> bool {
unsafe { AWS_LC_FIPS_SYS_NO_ASM }
}

fn has_bindgen_feature() -> bool {
cfg!(feature = "bindgen")
}
Expand Down
18 changes: 16 additions & 2 deletions aws-lc-sys/builder/cmake_builder.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,8 @@

use crate::OutputLib::{Crypto, RustWrapper, Ssl};
use crate::{
execute_command, target, target_arch, target_env, target_os, target_vendor, OutputLibType,
cargo_env, execute_command, is_no_asm, target, target_arch, target_env, target_os,
target_vendor, OutputLibType,
};
use std::env;
use std::ffi::OsStr;
Expand Down Expand Up @@ -105,6 +106,15 @@ impl CmakeBuilder {
cmake_cfg.define("DISABLE_PERL", "ON");
cmake_cfg.define("DISABLE_GO", "ON");

if is_no_asm() {
let opt_level = cargo_env("OPT_LEVEL");
if opt_level == "0" {
cmake_cfg.define("OPENSSL_NO_ASM", "1");
} else {
panic!("AWS_LC_SYS_NO_ASM only allowed for debug builds!")
}
}

if target_vendor() == "apple" {
if target_os().to_lowercase() == "ios" {
cmake_cfg.define("CMAKE_SYSTEM_NAME", "iOS");
Expand Down Expand Up @@ -151,7 +161,11 @@ impl crate::Builder for CmakeBuilder {
fn check_dependencies(&self) -> Result<(), String> {
let mut missing_dependency = false;

if target_os() == "windows" && target_arch() == "x86_64" && !test_nasm_command() {
if target_os() == "windows"
&& target_arch() == "x86_64"
&& !test_nasm_command()
&& !is_no_asm()
{
eprintln!("Missing dependency: nasm");
missing_dependency = true;
}
Expand Down
10 changes: 10 additions & 0 deletions aws-lc-sys/builder/main.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -283,6 +283,10 @@ fn get_builder(prefix: &Option<String>, manifest_dir: &Path, out_dir: &Path) ->
};
builder.check_dependencies().unwrap();
return builder;
} else if is_no_asm() {
let builder = cmake_builder_builder();
builder.check_dependencies().unwrap();
return builder;
} else if !is_bindgen_required() {
let cc_builder = cc_builder_builder();
if cc_builder.check_dependencies().is_ok() {
Expand All @@ -303,6 +307,7 @@ static mut PREGENERATED: bool = false;
static mut AWS_LC_SYS_NO_PREFIX: bool = false;
static mut AWS_LC_SYS_INTERNAL_BINDGEN: bool = false;
static mut AWS_LC_SYS_EXTERNAL_BINDGEN: bool = false;
static mut AWS_LC_SYS_NO_ASM: bool = false;

fn initialize() {
unsafe {
Expand All @@ -311,6 +316,7 @@ fn initialize() {
env_var_to_bool("AWS_LC_SYS_INTERNAL_BINDGEN").unwrap_or(false);
AWS_LC_SYS_EXTERNAL_BINDGEN =
env_var_to_bool("AWS_LC_SYS_EXTERNAL_BINDGEN").unwrap_or(false);
AWS_LC_SYS_NO_ASM = env_var_to_bool("AWS_LC_SYS_NO_ASM").unwrap_or(false);
}

if !is_external_bindgen() && (is_internal_bindgen() || !has_bindgen_feature()) {
Expand Down Expand Up @@ -354,6 +360,10 @@ fn is_external_bindgen() -> bool {
unsafe { AWS_LC_SYS_EXTERNAL_BINDGEN }
}

fn is_no_asm() -> bool {
unsafe { AWS_LC_SYS_NO_ASM }
}

fn has_bindgen_feature() -> bool {
cfg!(feature = "bindgen")
}
Expand Down

0 comments on commit de5c627

Please sign in to comment.