Fix FIPS static build parse issue on aarch. #135
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
'ep_nistz256_add' in p256-armv8-asm.pl is duplicate to p256-nistz.c. Removing 'ep_nistz256_add' function is to avoid delocate.go reporting 'Duplicate symbol found'. The offset calculation expression change is to avoid 'peg' parser errors because the current delocate.peg is not comprehensive enough to parse all assembly expressions.
dkostic
reviewed
Apr 21, 2021
nebeid
reviewed
Apr 21, 2021
| @@ -0,0 +1,14 @@ | |||
| ### Convert delocate.peg to delocate.peg.go | |||
nebeid
approved these changes
Apr 21, 2021
dkostic
reviewed
Apr 22, 2021
| @@ -0,0 +1,22 @@ | |||
| ### Convert delocate.peg to delocate.peg.go | |||
There was a problem hiding this comment.
Just curious, was the process described in README done before? Also is it specific to ARM?
There was a problem hiding this comment.
Not specific to ARM. delocate.peg also has rules for x86. The process is not specified in any README but mentioned in Bssl code history.
There was a problem hiding this comment.
Could you please share a link to the BSSL history that mentions this?
There was a problem hiding this comment.
If more history is needed, you can track the history tab of delocate related files (delocate.go and so on).
Bssl uses go:generate command, which is released in Go 1.4. I use go build to avoid the Golang update. The build is also mentioned in README.md of peg GitHub repo.
| @@ -166,30 +166,6 @@ | |||
| ret | |||
| .size ecp_nistz256_sqr_mont,.-ecp_nistz256_sqr_mont | |||
|
|
|||
| // void ecp_nistz256_add(BN_ULONG x0[4],const BN_ULONG x1[4], | |||
There was a problem hiding this comment.
Forgot to mention in the first review, isn't it a bit weird that before ( before deleting this function) the compiler didn't complain that there are two functions with the same name (this one and the one in p256-nistz.c)?
There was a problem hiding this comment.
Agreed, this is weird. I guess the compiler may select the method (static defined in p256-nistz.c) before searching other alternatives. I think we may need a separate SIM to track down.
There was a problem hiding this comment.
The reason we removed this function is delocate.go does not allow duplicate symbol -- ecp_nistz256_add.
nebeid
approved these changes
Apr 23, 2021
dkostic
approved these changes
Apr 26, 2021
bryce-shang
added a commit
that referenced
this pull request
Apr 28, 2021
* Fix FIPS static build parse issue on aarch. (#135) * Remove 'ep_nistz256_add' function, and change offset calculation. 'ep_nistz256_add' in p256-armv8-asm.pl is duplicate to p256-nistz.c. Removing 'ep_nistz256_add' function is to avoid delocate.go reporting 'Duplicate symbol found'. The offset calculation expression change is to avoid 'peg' parser errors because the current delocate.peg is not comprehensive enough to parse all assembly expressions. * Add new peg rules to address new assembly expression. * Change assembly expression. * Add delocate.peg convert README. * Remove auto-generated comment. * Add more delocate.peg.go generate commands. * Fix command. * Update build files in generated-src * Fix FIPS static build transform issue on aarch. (#137) * Remove 'ep_nistz256_add' function, and change offset calculation. 'ep_nistz256_add' in p256-armv8-asm.pl is duplicate to p256-nistz.c. Removing 'ep_nistz256_add' function is to avoid delocate.go reporting 'Duplicate symbol found'. The offset calculation expression change is to avoid 'peg' parser errors because the current delocate.peg is not comprehensive enough to parse all assembly expressions. * Add new peg rules to address new assembly expression. * Change assembly expression. * Add delocate.peg convert README. * Remove auto-generated comment. * Add more delocate.peg.go generate commands. * Fix command. * Add offset to local symbol in delocate. * Update util/fipstools/delocate/delocate.go Co-authored-by: Nevine Ebeid <66388554+nebeid@users.noreply.github.com> * Update util/fipstools/delocate/delocate.go Co-authored-by: Nevine Ebeid <66388554+nebeid@users.noreply.github.com> * Update comments. Co-authored-by: Nevine Ebeid <66388554+nebeid@users.noreply.github.com> * Add FIPS build CI on aarch. * Increase go test timeout. * Increase more timeout. * Remove timeout variable because ASAN is not enabled. * Add comment to trigger CI. Co-authored-by: Nevine Ebeid <66388554+nebeid@users.noreply.github.com>
WillChilds-Klein
pushed a commit
to WillChilds-Klein/aws-lc
that referenced
this pull request
Mar 9, 2022
torben-hansen
pushed a commit
to torben-hansen/aws-lc
that referenced
this pull request
Sep 18, 2024
P-256 precomputed point scalar multiplication s2n-bignum original commit: awslabs/s2n-bignum@37c69f1
torben-hansen
pushed a commit
to torben-hansen/aws-lc
that referenced
this pull request
Sep 18, 2024
P-256 precomputed point scalar multiplication s2n-bignum original commit: awslabs/s2n-bignum@37c69f1 s2n-bignum original commit: awslabs/s2n-bignum@06576f0
torben-hansen
pushed a commit
to torben-hansen/aws-lc
that referenced
this pull request
Sep 19, 2024
P-256 precomputed point scalar multiplication s2n-bignum original commit: awslabs/s2n-bignum@37c69f1
dkostic
pushed a commit
to dkostic/aws-lc
that referenced
this pull request
Dec 5, 2024
P-256 precomputed point scalar multiplication
dkostic
pushed a commit
to dkostic/aws-lc
that referenced
this pull request
Dec 10, 2024
P-256 precomputed point scalar multiplication s2n-bignum original commit: awslabs/s2n-bignum@37c69f1
WillChilds-Klein
pushed a commit
to WillChilds-Klein/aws-lc
that referenced
this pull request
Jan 8, 2025
* develop: Remove dead code and bump patch version Add logic to generate a classpath file Clarify best practices are local to ACCP Improve documentation (aws#151) Update CHANGELOG for 1.6.0 (aws#148) Handle RsaCipher#engineDoFinal with no input bytes (aws#147) Validate that AesGcmSpi#engineInit gets non-null key (aws#146) Move to OpenSSL 1.1.1j (aws#145) Add list of known differences (aws#137) Better output size estimates. Fixes aws#135 Move to openssl 1.1.1i (aws#136) Initial commit of the development guide (aws#134)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Issues:
Addresses CryptoAlg-725
Description of changes:
This PR is to fix FIPS static build
delocate parseissue on aarch. Specifically, FIPS static build gets delocate.go involved, which performs two functions -- parse and transform.delocate.goreplies ondelocate.peg.go, which is generated by some peg rules defined indelocate.peg. These peg rules are not comprehensive enough to parse all assembly expressions. To handle the limits ofdelocate.go parse, below changes were made:add sp,sp,#32*(12-4) // difference in stack frames.add sp,sp,#256 // #256 is from #32*(12-4). difference in stack frames.delocate.peg.Minor change: this PR also added
README.mdto tell how to generatedelocate.peg.gofromdelocate.peg.With this PR, awslc build can work. But ECDSA tests still fail due to
delocate transformissues, which will be addressed in a separated PR.Call-outs:
Testing:
aarch-fips-static-build-log.outis attached to CryptoAlg-725.By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.