Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix FIPS static release build on x86_64 for gcc-8,11,12 on ubuntu #755

Merged
merged 4 commits into from
Jan 24, 2023
Merged

Fix FIPS static release build on x86_64 for gcc-8,11,12 on ubuntu #755

merged 4 commits into from
Jan 24, 2023
+2,495 −2,061

Conversation

samuel40791765
Copy link
Contributor

@samuel40791765 samuel40791765 commented Jan 13, 2023
edited
Loading

Issues:

Resolves CryptoAlg-1489

Description of changes:

This PR fixes the gcc release build for static FIPS on Ubuntu 20.04/22.04. gcc-8, 11, and 12 were failing due to some unrecognized instructions.

Call-outs:

  1. notrack jmp *%rax was failing, because there were no commas between the InstructionArg.
  2. .long 1f - 0f was failing because delocate.go was incorrectly recognizing 1f as an offset, when it should be a LocalLabelRef. Our Offset rule was too lax and recognized all number references as "offsets", regardless of what was appended at the end. I've added ![[A-Z] to the end of the Offset rule to reject any additional charactors.
  3. gcc-8 The gcc-8 assembler will attempt to optimize function pointers used in multiple places under a .data.rel.ro.local section, but delocate.go does not have the ability to handle .data sections. It’s unclear why this is specific to only gcc-8, but we speculate that this was unwanted behavior and was removed in subsequent versions of the gcc compiler. We get around this by defining pkey_pss_init as two separate functions for signing and verifying.

Testing:

New CI for all these dimensions

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and
the ISC license.

@samuel40791765 samuel40791765 changed the title Fix gcc ubuntu Fix FIPS static release build on x86_64 for gcc-8,11,12 on ubuntu Jan 13, 2023
@samuel40791765
Copy link
Contributor Author

Formal verification seems to be failing due to the static function naming change.
I'll work with the formal verification team to resolve this after the contents of this PR are approved.

@samuel40791765 samuel40791765 marked this pull request as ready for review January 19, 2023 23:18
@pennyannn pennyannn mentioned this pull request Jan 24, 2023
Merged
@samuel40791765 samuel40791765 merged commit b5f3495 into aws:main Jan 24, 2023
@pennyannn pennyannn mentioned this pull request Jan 24, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dkostic dkostic dkostic approved these changes

@nebeid nebeid nebeid approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@samuel40791765 @dkostic @nebeid