diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 964a7ccfb8d..c9465dc1a60 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -174,10 +174,12 @@ jobs: working-directory: ./aws-lc-rs run: cargo test ${{ matrix.args }} --lib --bins --tests --examples --target x86_64-unknown-linux-gnu --features asan - build-env-test: + build-env-static-test: if: github.repository_owner == 'aws' - name: aws-lc-rs build-env-test + name: aws-lc-rs build-env-static-test runs-on: ${{ matrix.os }} + env: + AWS_LC_SYS_STATIC: ${{ matrix.static }} strategy: fail-fast: false matrix: @@ -188,14 +190,10 @@ jobs: with: submodules: 'recursive' - uses: dtolnay/rust-toolchain@stable - id: toolchain - - name: Set Rust toolchain override - run: rustup override set ${{ steps.toolchain.outputs.name }} - name: Run cargo test - working-directory: ./aws-lc-rs # Doc-tests fail to link with dynamic build # See: https://github.com/rust-lang/cargo/issues/8531 - run: AWS_LC_SYS_STATIC=${{ matrix.static }} cargo test --tests + run: cargo test -p aws-lc-rs --tests build-env-external-bindgen-test: if: github.repository_owner == 'aws' @@ -225,10 +223,12 @@ jobs: - name: Run cargo test run: cargo test --tests -p aws-lc-rs --no-default-features --features aws-lc-sys - build-env-fips-test: + build-env-fips-static-test: if: github.repository_owner == 'aws' - name: aws-lc-rs build-env-fips-test + name: aws-lc-rs build-env-fips-static-test runs-on: ${{ matrix.os }} + env: + AWS_LC_FIPS_SYS_STATIC: ${{ matrix.static }} strategy: fail-fast: false matrix: @@ -239,18 +239,91 @@ jobs: with: submodules: 'recursive' - uses: dtolnay/rust-toolchain@stable - id: toolchain - - name: Set Rust toolchain override - run: rustup override set ${{ steps.toolchain.outputs.name }} + - name: Install ninja-build tool + uses: seanmiddleditch/gha-setup-ninja@v4 - uses: actions/setup-go@v4 with: go-version: '>=1.18' - name: Run cargo test - working-directory: ./aws-lc-rs if: ${{ matrix.os == 'ubuntu-latest' || matrix.static != 1 }} # Doc-tests fail to link with dynamic build # See: https://github.com/rust-lang/cargo/issues/8531 - run: AWS_LC_FIPS_SYS_STATIC=${{ matrix.static }} cargo test --tests --features fips + run: cargo test -p aws-lc-rs --tests --no-default-features --features fips + + build-env-no-asm-test: + if: github.repository_owner == 'aws' + name: build-env-no-asm-test + runs-on: ${{ matrix.os }} + env: + AWS_LC_SYS_NO_ASM: 1 + strategy: + fail-fast: false + matrix: + os: [ ubuntu-latest, macos-12, macos-13-xlarge, windows-latest ] + steps: + - uses: actions/checkout@v3 + with: + submodules: 'recursive' + - uses: dtolnay/rust-toolchain@stable + - name: Run cargo test + run: cargo test -p aws-lc-rs + - name: Release build + if: ${{ matrix.os != 'windows-latest' }} + run: | + if cargo build -p aws-lc-rs --release; then + exit 1 + else + exit 0 + fi + - name: Release build + if: ${{ matrix.os == 'windows-latest' }} + shell: pwsh + run: | + if (cargo build -p aws-lc-rs --release) { + exit 1 + } else { + exit 0 + } + + build-env-fips-no-asm-test: + if: github.repository_owner == 'aws' + name: aws-lc-rs build-env-fips-no-asm-test + runs-on: ${{ matrix.os }} + env: + AWS_LC_FIPS_SYS_NO_ASM: 1 + strategy: + fail-fast: false + matrix: + os: [ ubuntu-latest, macos-12, macos-13-xlarge, windows-latest ] + steps: + - uses: actions/checkout@v3 + with: + submodules: 'recursive' + - uses: dtolnay/rust-toolchain@stable + - name: Install ninja-build tool + uses: seanmiddleditch/gha-setup-ninja@v4 + - uses: actions/setup-go@v4 + with: + go-version: '>=1.18' + - name: Run cargo test + run: cargo test -p aws-lc-rs --tests --no-default-features --features fips + - name: Release build + if: ${{ matrix.os != 'windows-latest' }} + run: | + if cargo build -p aws-lc-rs --release --no-default-features --features fips; then + exit 1 + else + exit 0 + fi + - name: Release build + if: ${{ matrix.os == 'windows-latest' }} + shell: pwsh + run: | + if (cargo build -p aws-lc-rs --release --no-default-features --features fips) { + exit 1 + } else { + exit 0 + } build-env-fips-external-bindgen-test: if: github.repository_owner == 'aws' diff --git a/aws-lc-fips-sys/builder/cmake_builder.rs b/aws-lc-fips-sys/builder/cmake_builder.rs index 6a73c3ffd90..8fa1859f26e 100644 --- a/aws-lc-fips-sys/builder/cmake_builder.rs +++ b/aws-lc-fips-sys/builder/cmake_builder.rs @@ -2,7 +2,10 @@ // SPDX-License-Identifier: Apache-2.0 OR ISC use crate::OutputLib::{Crypto, RustWrapper, Ssl}; -use crate::{execute_command, target, target_arch, target_os, target_vendor, OutputLibType}; +use crate::{ + cargo_env, execute_command, is_no_asm, target, target_arch, target_os, target_vendor, + OutputLibType, +}; use std::collections::HashMap; use std::env; use std::ffi::OsStr; @@ -84,10 +87,18 @@ impl CmakeBuilder { } else { cmake_cfg.define("BUILD_SHARED_LIBS", "0"); } + let opt_level = cargo_env("OPT_LEVEL"); - let opt_level = env::var("OPT_LEVEL").unwrap_or_else(|_| "0".to_string()); - if opt_level.ne("0") { - if opt_level.eq("1") || opt_level.eq("2") { + if is_no_asm() { + if opt_level == "0" { + cmake_cfg.define("OPENSSL_NO_ASM", "1"); + } else { + panic!("AWS_LC_FIPS_SYS_NO_ASM only allowed for debug builds!") + } + } + + if opt_level != "0" { + if opt_level == "1" || opt_level == "2" { cmake_cfg.define("CMAKE_BUILD_TYPE", "relwithdebinfo"); } else { cmake_cfg.define("CMAKE_BUILD_TYPE", "release"); @@ -192,7 +203,11 @@ impl crate::Builder for CmakeBuilder { eprintln!("Missing dependency: perl is required for FIPS."); missing_dependency = true; } - if target_os() == "windows" && target_arch() == "x86_64" && !test_nasm_command() { + if target_os() == "windows" + && target_arch() == "x86_64" + && !test_nasm_command() + && !is_no_asm() + { eprintln!("Missing dependency: nasm is required for FIPS."); missing_dependency = true; } diff --git a/aws-lc-fips-sys/builder/main.rs b/aws-lc-fips-sys/builder/main.rs index b471460170a..e5ebedb60c2 100644 --- a/aws-lc-fips-sys/builder/main.rs +++ b/aws-lc-fips-sys/builder/main.rs @@ -275,7 +275,7 @@ static mut PREGENERATED: bool = false; static mut AWS_LC_FIPS_SYS_NO_PREFIX: bool = false; static mut AWS_LC_FIPS_SYS_INTERNAL_BINDGEN: bool = false; static mut AWS_LC_FIPS_SYS_EXTERNAL_BINDGEN: bool = false; - +static mut AWS_LC_FIPS_SYS_NO_ASM: bool = false; fn initialize() { unsafe { AWS_LC_FIPS_SYS_NO_PREFIX = env_var_to_bool("AWS_LC_FIPS_SYS_NO_PREFIX").unwrap_or(false); @@ -283,6 +283,7 @@ fn initialize() { env_var_to_bool("AWS_LC_FIPS_SYS_INTERNAL_BINDGEN").unwrap_or(false); AWS_LC_FIPS_SYS_EXTERNAL_BINDGEN = env_var_to_bool("AWS_LC_FIPS_SYS_EXTERNAL_BINDGEN").unwrap_or(false); + AWS_LC_FIPS_SYS_NO_ASM = env_var_to_bool("AWS_LC_FIPS_SYS_NO_ASM").unwrap_or(false); } if !is_external_bindgen() && (is_internal_bindgen() || !has_bindgen_feature()) { @@ -325,6 +326,10 @@ fn is_external_bindgen() -> bool { unsafe { AWS_LC_FIPS_SYS_EXTERNAL_BINDGEN } } +fn is_no_asm() -> bool { + unsafe { AWS_LC_FIPS_SYS_NO_ASM } +} + fn has_bindgen_feature() -> bool { cfg!(feature = "bindgen") } diff --git a/aws-lc-sys/builder/cmake_builder.rs b/aws-lc-sys/builder/cmake_builder.rs index 4f380622308..a66315e30a1 100644 --- a/aws-lc-sys/builder/cmake_builder.rs +++ b/aws-lc-sys/builder/cmake_builder.rs @@ -3,7 +3,8 @@ use crate::OutputLib::{Crypto, RustWrapper, Ssl}; use crate::{ - execute_command, target, target_arch, target_env, target_os, target_vendor, OutputLibType, + cargo_env, execute_command, is_no_asm, target, target_arch, target_env, target_os, + target_vendor, OutputLibType, }; use std::env; use std::ffi::OsStr; @@ -105,6 +106,15 @@ impl CmakeBuilder { cmake_cfg.define("DISABLE_PERL", "ON"); cmake_cfg.define("DISABLE_GO", "ON"); + if is_no_asm() { + let opt_level = cargo_env("OPT_LEVEL"); + if opt_level == "0" { + cmake_cfg.define("OPENSSL_NO_ASM", "1"); + } else { + panic!("AWS_LC_SYS_NO_ASM only allowed for debug builds!") + } + } + if target_vendor() == "apple" { if target_os().to_lowercase() == "ios" { cmake_cfg.define("CMAKE_SYSTEM_NAME", "iOS"); @@ -151,7 +161,11 @@ impl crate::Builder for CmakeBuilder { fn check_dependencies(&self) -> Result<(), String> { let mut missing_dependency = false; - if target_os() == "windows" && target_arch() == "x86_64" && !test_nasm_command() { + if target_os() == "windows" + && target_arch() == "x86_64" + && !test_nasm_command() + && !is_no_asm() + { eprintln!("Missing dependency: nasm"); missing_dependency = true; } diff --git a/aws-lc-sys/builder/main.rs b/aws-lc-sys/builder/main.rs index 2c06e55877d..1f6b6f571f5 100644 --- a/aws-lc-sys/builder/main.rs +++ b/aws-lc-sys/builder/main.rs @@ -283,6 +283,10 @@ fn get_builder(prefix: &Option, manifest_dir: &Path, out_dir: &Path) -> }; builder.check_dependencies().unwrap(); return builder; + } else if is_no_asm() { + let builder = cmake_builder_builder(); + builder.check_dependencies().unwrap(); + return builder; } else if !is_bindgen_required() { let cc_builder = cc_builder_builder(); if cc_builder.check_dependencies().is_ok() { @@ -303,6 +307,7 @@ static mut PREGENERATED: bool = false; static mut AWS_LC_SYS_NO_PREFIX: bool = false; static mut AWS_LC_SYS_INTERNAL_BINDGEN: bool = false; static mut AWS_LC_SYS_EXTERNAL_BINDGEN: bool = false; +static mut AWS_LC_SYS_NO_ASM: bool = false; fn initialize() { unsafe { @@ -311,6 +316,7 @@ fn initialize() { env_var_to_bool("AWS_LC_SYS_INTERNAL_BINDGEN").unwrap_or(false); AWS_LC_SYS_EXTERNAL_BINDGEN = env_var_to_bool("AWS_LC_SYS_EXTERNAL_BINDGEN").unwrap_or(false); + AWS_LC_SYS_NO_ASM = env_var_to_bool("AWS_LC_SYS_NO_ASM").unwrap_or(false); } if !is_external_bindgen() && (is_internal_bindgen() || !has_bindgen_feature()) { @@ -354,6 +360,10 @@ fn is_external_bindgen() -> bool { unsafe { AWS_LC_SYS_EXTERNAL_BINDGEN } } +fn is_no_asm() -> bool { + unsafe { AWS_LC_SYS_NO_ASM } +} + fn has_bindgen_feature() -> bool { cfg!(feature = "bindgen") }