Use standard CMake options to specify C/C++ language standard, add Bo…

…ringSSL to speed test (#1410) * Use standard CMake options to specify C/C++ language standard. Allow AWS-LC builders to override the default c99/c++11 option. Add BoringSSL to the benchmark test run * Turn off secp256k1 when speed is built with BoringSSL
aws · Jan 23, 2024 · aab14cf · aab14cf
1 parent c634160
commit aab14cf
Show file tree

Hide file tree

Showing 5 changed files with 95 additions and 41 deletions.
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -47,6 +47,17 @@ if(BUILD_TESTING OR BUILD_LIBSSL)
   enable_language(CXX)
 endif()
 
+if(CMAKE_VERSION VERSION_GREATER "3.1.0")
+  if (NOT DEFINED CMAKE_CXX_STANDARD)
+    set(CMAKE_CXX_STANDARD 11)
+  endif()
+  set(CMAKE_CXX_STANDARD_REQUIRED ON)
+  if (NOT DEFINED CMAKE_C_STANDARD)
+    set(CMAKE_C_STANDARD 99)
+  endif ()
+  set(CMAKE_C_STANDARD_REQUIRED ON)
+endif ()
+
 if(CMAKE_C_COMPILER_ID MATCHES "Clang")
   set(CLANG 1)
 elseif(CMAKE_C_COMPILER_ID MATCHES "GNU")
@@ -315,7 +326,9 @@ endif ()
 if(GCC OR CLANG)
   # Note clang-cl is odd and sets both CLANG and MSVC. We base our configuration
   # primarily on our normal Clang one.
-  set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -std=c99")
+  if (NOT CMAKE_C_STANDARD)
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -std=c99")
+  endif ()
 
   # TODO(CryptoAlg-759): enable '-Wpedantic' if awslc has to follow c99 spec.
   if(CLANG OR (GCC AND CMAKE_C_COMPILER_VERSION VERSION_GREATER "4.1.3"))
@@ -384,7 +397,9 @@ if(GCC OR CLANG)
   set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${C_CXX_FLAGS} -Wmissing-declarations")
 
   if(NOT MSVC)
-    set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -std=c++11")
+    if (NOT CMAKE_CXX_STANDARD)
+      set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -std=c++11")
+    endif ()
     if(APPLE)
       set(CMAKE_MACOSX_RPATH 1)
     endif()

diff --git a/tests/ci/cdk/cdk/codebuild/github_ci_linux_x86_omnibus.yaml b/tests/ci/cdk/cdk/codebuild/github_ci_linux_x86_omnibus.yaml
@@ -573,7 +573,7 @@ batch:
         type: LINUX_CONTAINER
         privileged-mode: true
         compute-type: BUILD_GENERAL1_LARGE
-        image: 620771051181.dkr.ecr.us-west-2.amazonaws.com/aws-lc-docker-images-linux-x86:ubuntu-20.04_clang-7x-bm-framework_latest
+        image: 620771051181.dkr.ecr.us-west-2.amazonaws.com/aws-lc-docker-images-linux-x86:ubuntu-22.04_clang-14x-sde_latest
         variables:
           AWS_LC_CI_TARGET: "tests/ci/run_benchmark_build_tests.sh"
 

diff --git a/tests/ci/run_benchmark_build_tests.sh b/tests/ci/run_benchmark_build_tests.sh
@@ -57,6 +57,18 @@ function build_openssl {
     rm -rf "${scratch_folder}/openssl-${branch}"
 }
 
+function build_boringssl {
+  git clone --depth 1 https://github.com/google/boringssl.git "${scratch_folder}/boringssl"
+  pushd "${scratch_folder}/boringssl"
+  echo "install_if_enabled(TARGETS decrepit EXPORT OpenSSLTargets ${INSTALL_DESTINATION_DEFAULT})" >> decrepit/CMakeLists.txt
+  cmake -GNinja \
+      -DCMAKE_INSTALL_PREFIX="${install_dir}/boringssl" \
+      -DCMAKE_BUILD_TYPE=RelWithDebInfo .
+  ninja install
+  popd
+  rm -rf "${scratch_folder}/boringssl"
+}
+
 # Building AWS-LC always builds bssl (which includes the speed tool) with the "local" libcrypto. We
 # also support building speed.cc with an "external" aws-lc libcrypto (and openssl). This is useful
 # when we want to compare the performance of a particular FIPS release against mainline if mainline
@@ -71,20 +83,23 @@ build_openssl $openssl_1_1_1_branch
 build_openssl $openssl_3_1_branch
 build_openssl $openssl_3_2_branch
 build_openssl $openssl_master_branch
+build_boringssl
 
-run_build -DASAN=1 -DCMAKE_BUILD_TYPE=RelWithDebInfo -DBENCHMARK_LIBS="\
+run_build -DASAN=1 -DCMAKE_BUILD_TYPE=RelWithDebInfo -DCMAKE_CXX_STANDARD=14 -DCMAKE_C_STANDARD=11 -DBENCHMARK_LIBS="\
 aws-lc-fips:${install_dir}/aws-lc-fips-2022-11-02;\
 open102:${install_dir}/openssl-${openssl_1_0_2_branch};\
 open111:${install_dir}/openssl-${openssl_1_1_1_branch};\
 open31:${install_dir}/openssl-${openssl_3_1_branch};\
 open32:${install_dir}/openssl-${openssl_3_2_branch};\
-openmaster:${install_dir}/openssl-${openssl_master_branch};"
+openmaster:${install_dir}/openssl-${openssl_master_branch};\
+boringssl:${install_dir}/boringssl;"
 "${BUILD_ROOT}/tool/aws-lc-fips" -timeout_ms 10
 "${BUILD_ROOT}/tool/open102" -timeout_ms 10
 "${BUILD_ROOT}/tool/open111" -timeout_ms 10
 "${BUILD_ROOT}/tool/open31" -timeout_ms 10
 "${BUILD_ROOT}/tool/open32" -timeout_ms 10
 "${BUILD_ROOT}/tool/openmaster" -timeout_ms 10
+"${BUILD_ROOT}/tool/boringssl" -timeout_ms 10
 
 echo "Testing ossl_bm with OpenSSL 1.0 with the legacy build option"
 run_build -DOPENSSL_1_0_INSTALL_DIR="${install_dir}/openssl-${openssl_1_0_2_branch}" -DASAN=1 -DCMAKE_BUILD_TYPE=RelWithDebInfo

diff --git a/tool/CMakeLists.txt b/tool/CMakeLists.txt
@@ -54,6 +54,7 @@ endif()
 
 function(build_benchmark target_name install_path)
   find_library(libcrypto-${target_name} crypto PATHS ${install_path}/lib/ ${install_path}/lib64/ NO_DEFAULT_PATH)
+  find_library(libdecrepit-${target_name} decrepit PATHS ${install_path}/lib/ ${install_path}/lib64/ NO_DEFAULT_PATH)
   message(STATUS "Building ${target_name} benchmark using header files from ${install_path}/include and libcrypto from ${libcrypto-${target_name}}.")
   add_executable(
           ${target_name}
@@ -66,6 +67,9 @@ function(build_benchmark target_name install_path)
   # include directory
   target_include_directories(${target_name} PUBLIC ${install_path}/include ${AWSLC_INSTALL_DIR}/include/internal/tool)
   target_link_libraries(${target_name} ${libcrypto-${target_name}} ${LIBRT_FLAG})
+  if (libdecrepit-${target_name})
+    target_link_libraries(${target_name} ${libdecrepit-${target_name}})
+  endif ()
   if(NOT MSVC AND NOT ANDROID)
     target_link_libraries(${target_name} pthread dl)
   endif()

diff --git a/tool/speed.cc b/tool/speed.cc
@@ -1265,6 +1265,20 @@ static bool SpeedRandom(const std::string &selected) {
   return true;
 }
 
+struct curve_config {
+  std::string name;
+  int nid;
+};
+
+curve_config supported_curves[] = {{"P-224", NID_secp224r1},
+                                   {"P-256", NID_X9_62_prime256v1},
+                                   {"P-384", NID_secp384r1},
+                                   {"P-521", NID_secp521r1},
+#if !defined(OPENSSL_IS_BORINGSSL)
+                                   {"secp256k1", NID_secp256k1},
+#endif
+};
+
 static bool SpeedECDHCurve(const std::string &name, int nid,
                            const std::string &selected) {
   if (!selected.empty() && name.find(selected) == std::string::npos) {
@@ -1428,40 +1442,43 @@ static bool SpeedECDSACurve(const std::string &name, int nid,
 }
 
 static bool SpeedECKeyGenerateKey(bool is_fips, const std::string &selected) {
-  return SpeedECKeyGenerateKey(is_fips, "Generate P-224", NID_secp224r1,
-                               selected) &&
-         SpeedECKeyGenerateKey(is_fips, "Generate P-256",
-                               NID_X9_62_prime256v1, selected) &&
-         SpeedECKeyGenerateKey(is_fips, "Generate P-384", NID_secp384r1,
-                               selected) &&
-         SpeedECKeyGenerateKey(is_fips, "Generate P-521", NID_secp521r1,
-                               selected) &&
-         SpeedECKeyGenerateKey(is_fips, "Generate secp256k1",
-                               NID_secp256k1, selected);
+  for (const auto& config : supported_curves) {
+    std::string message = "Generate " + config.name;
+    if(!SpeedECKeyGenerateKey(is_fips, message, config.nid, selected)) {
+      return false;
+    }
+  }
+  return true;
 }
 
 static bool SpeedECDH(const std::string &selected) {
-  return SpeedECDHCurve("ECDH P-224", NID_secp224r1, selected) &&
-         SpeedECDHCurve("ECDH P-256", NID_X9_62_prime256v1, selected) &&
-         SpeedECDHCurve("ECDH P-384", NID_secp384r1, selected) &&
-         SpeedECDHCurve("ECDH P-521", NID_secp521r1, selected) &&
-         SpeedECDHCurve("ECDH secp256k1", NID_secp256k1, selected);
+  for (const auto& config : supported_curves) {
+    std::string message = "ECDH " + config.name;
+    if(!SpeedECDHCurve(message, config.nid, selected)) {
+      return false;
+    }
+  }
+  return true;
 }
 
 static bool SpeedECKeyGen(const std::string &selected) {
-  return SpeedECKeyGenCurve("Generate P-224", NID_secp224r1, selected) &&
-         SpeedECKeyGenCurve("Generate P-256", NID_X9_62_prime256v1, selected) &&
-         SpeedECKeyGenCurve("Generate P-384", NID_secp384r1, selected) &&
-         SpeedECKeyGenCurve("Generate P-521", NID_secp521r1, selected) &&
-         SpeedECKeyGenCurve("Generate secp256k1", NID_secp256k1, selected);
+  for (const auto& config : supported_curves) {
+    std::string message = "Generate " + config.name;
+    if(!SpeedECKeyGenCurve(message, config.nid, selected)) {
+      return false;
+    }
+  }
+  return true;
 }
 
 static bool SpeedECDSA(const std::string &selected) {
-  return SpeedECDSACurve("ECDSA P-224", NID_secp224r1, selected) &&
-         SpeedECDSACurve("ECDSA P-256", NID_X9_62_prime256v1, selected) &&
-         SpeedECDSACurve("ECDSA P-384", NID_secp384r1, selected) &&
-         SpeedECDSACurve("ECDSA P-521", NID_secp521r1, selected) &&
-         SpeedECDSACurve("ECDSA secp256k1", NID_secp256k1, selected);
+  for (const auto& config : supported_curves) {
+    std::string message = "ECDSA " + config.name;
+    if(!SpeedECDSACurve(message, config.nid, selected)) {
+      return false;
+    }
+  }
+  return true;
 }
 
 #if !defined(OPENSSL_1_0_BENCHMARK)
@@ -1586,12 +1603,13 @@ static bool SpeedEvpEcdhCurve(const std::string &name, int nid,
 }
 
 static bool SpeedEvpEcdh(const std::string &selected) {
-  return SpeedEvpEcdhCurve("EVP ECDH P-224", NID_secp224r1, selected) &&
-         SpeedEvpEcdhCurve("EVP ECDH P-256", NID_X9_62_prime256v1, selected) &&
-         SpeedEvpEcdhCurve("EVP ECDH P-384", NID_secp384r1, selected) &&
-         SpeedEvpEcdhCurve("EVP ECDH P-521", NID_secp521r1, selected) &&
-         SpeedEvpEcdhCurve("EVP ECDH secp256k1", NID_secp256k1, selected) &&
-         SpeedEvpEcdhCurve("EVP ECDH X25519", NID_X25519, selected);
+  for (const auto& config : supported_curves) {
+      std::string message = "EVP ECDH " + config.name;
+      if(!SpeedEvpEcdhCurve(message, config.nid, selected)) {
+        return false;
+      }
+  }
+  return SpeedEvpEcdhCurve("EVP ECDH X25519", NID_X25519, selected);
 }
 
 static bool SpeedECMULCurve(const std::string &name, int nid,
@@ -1659,11 +1677,13 @@ static bool SpeedECMULCurve(const std::string &name, int nid,
 }
 
 static bool SpeedECMUL(const std::string &selected) {
-  return SpeedECMULCurve("ECMUL P-224", NID_secp224r1, selected) &&
-         SpeedECMULCurve("ECMUL P-256", NID_X9_62_prime256v1, selected) &&
-         SpeedECMULCurve("ECMUL P-384", NID_secp384r1, selected) &&
-         SpeedECMULCurve("ECMUL P-521", NID_secp521r1, selected) &&
-         SpeedECMULCurve("ECMUL secp256k1", NID_secp256k1, selected);
+  for (const auto& config : supported_curves) {
+    std::string message = "ECMUL " + config.name;
+    if(!SpeedECMULCurve(message, config.nid, selected)) {
+      return false;
+    }
+  }
+  return true;
 }
 
 #endif // !defined(OPENSSL_1_0_BENCHMARK)