Run FIPS break tests as a part of the CI

tests/ci/common_posix_setup.sh

@@ -91,7 +91,6 @@ function generate_symbols_file {
   # read_symbols.go currently only support static libraries
   if [ ! -f  "$BUILD_ROOT"/crypto/libcrypto.a ]; then
     echo "Static library not found: ${BUILD_ROOT}/crypto/libcrypto.a"
-    print_system_and_dependency_information
     exit 1
   fi
 
@@ -208,26 +207,24 @@ function print_executable_information {
   fi
 }
 
-function print_system_and_dependency_information {
-  print_executable_information "cmake" "--version" "CMake version"
-  print_executable_information "cmake3" "--version" "CMake version (cmake3 executable)"
-  print_executable_information "go" "version" "Go version"
-  print_executable_information "perl" "--version" "Perl version"
-  # Ninja executable names are not uniform over operating systems
-  print_executable_information "ninja-build" "--version" "Ninja version (ninja-build executable)"
-  print_executable_information "ninja" "--version" "Ninja version (ninja executable)"
-  print_executable_information "gcc" "--version" "gcc version"
-  print_executable_information "g++" "--version" "g++ version"
-  print_executable_information "clang" "--version" "clang version"
-  print_executable_information "clang++" "--version" "clang++ version"
-  print_executable_information "cc" "--version" "cc version"
-  print_executable_information "c++" "--version" "c++ version"
-  print_executable_information "make" "--version" "Make version"
-  print_executable_information "rustup" "show" "Rust toolchain"
-  echo ""
-  echo "Operating system information:"
-  uname -a
-  echo ""
-  echo "Environment variables"
-  env
-}
+print_executable_information "cmake" "--version" "CMake version"
+print_executable_information "cmake3" "--version" "CMake version (cmake3 executable)"
+print_executable_information "go" "version" "Go version"
+print_executable_information "perl" "--version" "Perl version"
+# Ninja executable names are not uniform over operating systems
+print_executable_information "ninja-build" "--version" "Ninja version (ninja-build executable)"
+print_executable_information "ninja" "--version" "Ninja version (ninja executable)"
+print_executable_information "gcc" "--version" "gcc version"
+print_executable_information "g++" "--version" "g++ version"
+print_executable_information "clang" "--version" "clang version"
+print_executable_information "clang++" "--version" "clang++ version"
+print_executable_information "cc" "--version" "cc version"
+print_executable_information "c++" "--version" "c++ version"
+print_executable_information "make" "--version" "Make version"
+print_executable_information "rustup" "show" "Rust toolchain"
+echo ""
+echo "Operating system information:"
+uname -a
+echo ""
+echo "Environment variables:"
+env

tests/ci/run_fips_tests.sh

@@ -12,6 +12,11 @@ if [[ ("$(uname -s)" == 'Linux'*) && (("$(uname -p)" == 'x86_64'*) || ("$(uname
   echo "Testing AWS-LC static library in FIPS Release mode."
   fips_build_and_test -DCMAKE_BUILD_TYPE=Release
 
+  echo "Testing AWS-LC static breakable build"
+  run_build -DFIPS=1 -DCMAKE_C_FLAGS="-DBORINGSSL_FIPS_BREAK_TESTS"
+  cd $SRC_ROOT
+  ./util/fipstools/test-break-kat.sh
+
   # These build parameters may be needed by our aws-lc-fips-sys Rust package
   run_build -DFIPS=1 -DBUILD_LIBSSL=OFF -DBUILD_TESTING=OFF
 fi

tests/ci/run_install_shared_and_static.sh

@@ -4,7 +4,6 @@ set -exo pipefail
 # SPDX-License-Identifier: Apache-2.0 OR ISC
 
 source tests/ci/common_posix_setup.sh
-print_system_and_dependency_information
 
 export CMAKE_BUILD_PARALLEL_LEVEL=${NUM_CPU_THREADS}
 

tests/ci/run_posix_tests.sh

@@ -5,8 +5,6 @@ set -exo pipefail
 
 source tests/ci/common_posix_setup.sh
 
-print_system_and_dependency_information
-
 echo "Testing AWS-LC in debug mode."
 build_and_test
 

tests/ci/run_prefix_tests.sh

@@ -5,8 +5,6 @@ set -exo pipefail
 
 source tests/ci/common_posix_setup.sh
 
-print_system_and_dependency_information
-
 echo "Testing a prefix build of AWS-LC in debug mode."
 build_prefix_and_test
 

util/fipstools/break-kat.go

@@ -26,9 +26,9 @@ var (
 		"SHA-512":         "212512f8d2ad8322781c6c4d69a9daa1",
 		"TLS-KDF":         "abc3657b094c7628a0b282996fe75a75f4984fd94d4ecc2fcf53a2c469a3f731",
 		"RSA-sign":        "d2b56e53306f720d7929d8708bf46f1c22300305582b115bedcac722d8aa5ab2",
-		"RSA-verify":      "abe2cbc13d6bd39d48db5334ddbf8d070a93bdcb104e2cc5d0ee486ee295f6b31bda126c41890b98b73e70e6b65d82f95c663121755a90744c8d1c21148a1960be0eca446e9ff497f1345c537ef8119b9a4398e95c5c6de2b1c955905c5299d8ce7a3b6ab76380d9babdd15f610237e1f3f2aa1c1f1e770b62fbb596381b2ebdd77ecef9c90d4c92f7b6b05fed2936285fa94826e62055322a33b6f04c74ce69e5d8d737fb838b79d2d48e3daf71387531882531a95ac964d02ea413bf85952982bbc089527daff5b845c9a0f4d14ef1956d9c3acae882d12da66da0f35794f5ee32232333517db9315232a183b991654dbea41615345c885325926744a53915",
+		"RSA-verify":      "c5ef030d00a13e3a705b23e1e3de3f2c8e84b2e82d1bec14116f8245e5b6fa4b207f12afe72c8d36675acb7d670f6a5c590e44716c3df31104bea89f61becd6cc188814801d308ceec2a843ec7f25ebcdde588dd8980326928b10843c4b3190338b0a07c5a94a53f6d84de7947f3db3d9f730610bf463c291fd901ab8a54e47dbb196d8af53ef15fd06b7ad0ddb65c83c8fee8d0a708334733cbe7b03322695d9a406a687867b38294d8634805d4cb68737355d776484df3cd8b8feb51fd94608218d88eb2f2d04064312ad0412e7a96d49a9d71d76606ab7a5bd99bc31c37593c837f15ba8601926a1f6919d1110b55906e18e29e2a94045ae9218bc6c8da74",
 		"ECDSA-sign":      "1e35930be860d0942ca7bbd6f6ded87f157e4de24f81ed4b875c0e018e89a81f",
-		"ECDSA-verify":    "6780c5fc70275e2c7061a0e7877bb174deadeb9887027f3fa83654158ba7f50c2d36e5799790bfbe2183d33e96f3c51f6a232f2a24488c8e5f64c37ea2cf0529",
+		"ECDSA-verify":    "6780c5fc70275e2c7061a0e7877bb174deadeb9887027f3fa83654158ba7f50c3c77d1b6e09e747bc5ab5501d75e618d8e5b272e159ff3413cb71a81408d5605",
 		"Z-computation":   "e7604491269afb5b102d6ea52cb59feb70aede6ce3bfb3e0105485abd861d77b",
 		"FFDH":            "a14f8ad36be37b18b8f35864392f150ab7ee22c47e1870052a3f17918274af18aaeaf4cf6aacfde96c9d586eb7ebaff6b03fe3b79a8e2ff9dd6df34caaf2ac70fd3771d026b41a561ee90e4337d0575f8a0bd160c868e7e3cef88aa1d88448b1e4742ba11480a9f8a8b737347c408d74a7d57598c48875629df0c85327a124ddec1ad50cd597a985588434ce19c6f044a1696b5f244b899b7e77d4f6f20213ae8eb15d37eb8e67e6c8bdbc4fd6e17426283da96f23a897b210058c7c70fb126a5bf606dbeb1a6d5cca04184c4e95c2e8a70f50f5c1eabd066bd79c180456316ac02d366eb3b0e7ba82fb70dcbd737ca55734579dd250fffa8e0584be99d32b35",
 	}

util/fipstools/test-break-kat.sh

@@ -18,7 +18,7 @@
 set -x
 set -e
 
-TEST_FIPS_BIN="build/util/fipstools/test_fips"
+TEST_FIPS_BIN="test_build_dir/util/fipstools/test_fips"
 
 if [ ! -f $TEST_FIPS_BIN ]; then
   echo "$TEST_FIPS_BIN is missing. Run this script from the top level of a"
@@ -39,3 +39,4 @@ for kat in $KATS; do
   fi
   rm ./break-kat-bin
 done
+echo "All tests broken as expected"