Skip to content

Commit

Permalink
Reduce compiler ability to optimise to statisfy gcc 9.5 (aws#1442)
Browse files Browse the repository at this point in the history
gcc 9.5 has a bug https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95189 that has not been backported. Essentially, the compiler will falsely reason that it's comparing a string and optimise out everything behind a null-character. Dropping static const removes optimisation options for the compiler. In my tests, gcc 9.5 now emits a direct memcmp instead of attempting any optimisations.

Add X509_STORE_get1_objects

This will be needed for python/cpython#114573.
Along the way, document the various functions that expose "query from
X509_STORE". Most of them unfortunately leak the weird caching thing
that hash_dir does, as well as OpenSSL's generally poor handling of
issuers with the same name and CRL lookup, but I don't think it's really
worth trying to unexport these APIs.

Change-Id: I18137bdc4cbaa4bd20ff55116a18f350df386e4a
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/65787
Auto-Submit: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Bob Beck <bbe@google.com>

Revert "Add X509_STORE_get1_objects"

This reverts commit cd5439a827a29320f7005786a26454904e4b12dc.
  • Loading branch information
torben-hansen authored and WillChilds-Klein committed Feb 21, 2024
1 parent 31cefe7 commit daf5bc9
Showing 1 changed file with 4 additions and 1 deletion.
5 changes: 4 additions & 1 deletion ssl/ssl_test.cc
Original file line number Diff line number Diff line change
Expand Up @@ -4475,7 +4475,10 @@ TEST_P(SSLVersionTest, SessionTimeout) {
}

TEST_P(SSLVersionTest, DefaultTicketKeyInitialization) {
static const uint8_t kZeroKey[kTicketKeyLen] = {};
// Do not make static and const. See t/P118709392.
// It can trigger https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95189 leading
// to transient errors.
uint8_t kZeroKey[kTicketKeyLen] = {0};
uint8_t ticket_key[kTicketKeyLen];
ASSERT_EQ(1, SSL_CTX_get_tlsext_ticket_keys(server_ctx_.get(), ticket_key,
kTicketKeyLen));
Expand Down

0 comments on commit daf5bc9

Please sign in to comment.