From aab14cf3a3dfcfbafd8cbceabbc23c3cdc9dfce7 Mon Sep 17 00:00:00 2001 From: Andrew Hopkins Date: Mon, 22 Jan 2024 14:11:38 -1000 Subject: [PATCH] Use standard CMake options to specify C/C++ language standard, add BoringSSL to speed test (#1410) * Use standard CMake options to specify C/C++ language standard. Allow AWS-LC builders to override the default c99/c++11 option. Add BoringSSL to the benchmark test run * Turn off secp256k1 when speed is built with BoringSSL --- CMakeLists.txt | 19 +++- .../github_ci_linux_x86_omnibus.yaml | 2 +- tests/ci/run_benchmark_build_tests.sh | 19 +++- tool/CMakeLists.txt | 4 + tool/speed.cc | 92 +++++++++++-------- 5 files changed, 95 insertions(+), 41 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index a1b897a7a9..80dfbaa2e5 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -47,6 +47,17 @@ if(BUILD_TESTING OR BUILD_LIBSSL) enable_language(CXX) endif() +if(CMAKE_VERSION VERSION_GREATER "3.1.0") + if (NOT DEFINED CMAKE_CXX_STANDARD) + set(CMAKE_CXX_STANDARD 11) + endif() + set(CMAKE_CXX_STANDARD_REQUIRED ON) + if (NOT DEFINED CMAKE_C_STANDARD) + set(CMAKE_C_STANDARD 99) + endif () + set(CMAKE_C_STANDARD_REQUIRED ON) +endif () + if(CMAKE_C_COMPILER_ID MATCHES "Clang") set(CLANG 1) elseif(CMAKE_C_COMPILER_ID MATCHES "GNU") @@ -315,7 +326,9 @@ endif () if(GCC OR CLANG) # Note clang-cl is odd and sets both CLANG and MSVC. We base our configuration # primarily on our normal Clang one. - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -std=c99") + if (NOT CMAKE_C_STANDARD) + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -std=c99") + endif () # TODO(CryptoAlg-759): enable '-Wpedantic' if awslc has to follow c99 spec. if(CLANG OR (GCC AND CMAKE_C_COMPILER_VERSION VERSION_GREATER "4.1.3")) @@ -384,7 +397,9 @@ if(GCC OR CLANG) set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${C_CXX_FLAGS} -Wmissing-declarations") if(NOT MSVC) - set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -std=c++11") + if (NOT CMAKE_CXX_STANDARD) + set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -std=c++11") + endif () if(APPLE) set(CMAKE_MACOSX_RPATH 1) endif() diff --git a/tests/ci/cdk/cdk/codebuild/github_ci_linux_x86_omnibus.yaml b/tests/ci/cdk/cdk/codebuild/github_ci_linux_x86_omnibus.yaml index 5e02ce5e64..918ed91309 100644 --- a/tests/ci/cdk/cdk/codebuild/github_ci_linux_x86_omnibus.yaml +++ b/tests/ci/cdk/cdk/codebuild/github_ci_linux_x86_omnibus.yaml @@ -573,7 +573,7 @@ batch: type: LINUX_CONTAINER privileged-mode: true compute-type: BUILD_GENERAL1_LARGE - image: 620771051181.dkr.ecr.us-west-2.amazonaws.com/aws-lc-docker-images-linux-x86:ubuntu-20.04_clang-7x-bm-framework_latest + image: 620771051181.dkr.ecr.us-west-2.amazonaws.com/aws-lc-docker-images-linux-x86:ubuntu-22.04_clang-14x-sde_latest variables: AWS_LC_CI_TARGET: "tests/ci/run_benchmark_build_tests.sh" diff --git a/tests/ci/run_benchmark_build_tests.sh b/tests/ci/run_benchmark_build_tests.sh index 5ae042d6ce..6831a3e855 100755 --- a/tests/ci/run_benchmark_build_tests.sh +++ b/tests/ci/run_benchmark_build_tests.sh @@ -57,6 +57,18 @@ function build_openssl { rm -rf "${scratch_folder}/openssl-${branch}" } +function build_boringssl { + git clone --depth 1 https://github.com/google/boringssl.git "${scratch_folder}/boringssl" + pushd "${scratch_folder}/boringssl" + echo "install_if_enabled(TARGETS decrepit EXPORT OpenSSLTargets ${INSTALL_DESTINATION_DEFAULT})" >> decrepit/CMakeLists.txt + cmake -GNinja \ + -DCMAKE_INSTALL_PREFIX="${install_dir}/boringssl" \ + -DCMAKE_BUILD_TYPE=RelWithDebInfo . + ninja install + popd + rm -rf "${scratch_folder}/boringssl" +} + # Building AWS-LC always builds bssl (which includes the speed tool) with the "local" libcrypto. We # also support building speed.cc with an "external" aws-lc libcrypto (and openssl). This is useful # when we want to compare the performance of a particular FIPS release against mainline if mainline @@ -71,20 +83,23 @@ build_openssl $openssl_1_1_1_branch build_openssl $openssl_3_1_branch build_openssl $openssl_3_2_branch build_openssl $openssl_master_branch +build_boringssl -run_build -DASAN=1 -DCMAKE_BUILD_TYPE=RelWithDebInfo -DBENCHMARK_LIBS="\ +run_build -DASAN=1 -DCMAKE_BUILD_TYPE=RelWithDebInfo -DCMAKE_CXX_STANDARD=14 -DCMAKE_C_STANDARD=11 -DBENCHMARK_LIBS="\ aws-lc-fips:${install_dir}/aws-lc-fips-2022-11-02;\ open102:${install_dir}/openssl-${openssl_1_0_2_branch};\ open111:${install_dir}/openssl-${openssl_1_1_1_branch};\ open31:${install_dir}/openssl-${openssl_3_1_branch};\ open32:${install_dir}/openssl-${openssl_3_2_branch};\ -openmaster:${install_dir}/openssl-${openssl_master_branch};" +openmaster:${install_dir}/openssl-${openssl_master_branch};\ +boringssl:${install_dir}/boringssl;" "${BUILD_ROOT}/tool/aws-lc-fips" -timeout_ms 10 "${BUILD_ROOT}/tool/open102" -timeout_ms 10 "${BUILD_ROOT}/tool/open111" -timeout_ms 10 "${BUILD_ROOT}/tool/open31" -timeout_ms 10 "${BUILD_ROOT}/tool/open32" -timeout_ms 10 "${BUILD_ROOT}/tool/openmaster" -timeout_ms 10 +"${BUILD_ROOT}/tool/boringssl" -timeout_ms 10 echo "Testing ossl_bm with OpenSSL 1.0 with the legacy build option" run_build -DOPENSSL_1_0_INSTALL_DIR="${install_dir}/openssl-${openssl_1_0_2_branch}" -DASAN=1 -DCMAKE_BUILD_TYPE=RelWithDebInfo diff --git a/tool/CMakeLists.txt b/tool/CMakeLists.txt index 7c6ac92db0..547bf6b710 100644 --- a/tool/CMakeLists.txt +++ b/tool/CMakeLists.txt @@ -54,6 +54,7 @@ endif() function(build_benchmark target_name install_path) find_library(libcrypto-${target_name} crypto PATHS ${install_path}/lib/ ${install_path}/lib64/ NO_DEFAULT_PATH) + find_library(libdecrepit-${target_name} decrepit PATHS ${install_path}/lib/ ${install_path}/lib64/ NO_DEFAULT_PATH) message(STATUS "Building ${target_name} benchmark using header files from ${install_path}/include and libcrypto from ${libcrypto-${target_name}}.") add_executable( ${target_name} @@ -66,6 +67,9 @@ function(build_benchmark target_name install_path) # include directory target_include_directories(${target_name} PUBLIC ${install_path}/include ${AWSLC_INSTALL_DIR}/include/internal/tool) target_link_libraries(${target_name} ${libcrypto-${target_name}} ${LIBRT_FLAG}) + if (libdecrepit-${target_name}) + target_link_libraries(${target_name} ${libdecrepit-${target_name}}) + endif () if(NOT MSVC AND NOT ANDROID) target_link_libraries(${target_name} pthread dl) endif() diff --git a/tool/speed.cc b/tool/speed.cc index f1f6ed859c..c352ba64d4 100644 --- a/tool/speed.cc +++ b/tool/speed.cc @@ -1265,6 +1265,20 @@ static bool SpeedRandom(const std::string &selected) { return true; } +struct curve_config { + std::string name; + int nid; +}; + +curve_config supported_curves[] = {{"P-224", NID_secp224r1}, + {"P-256", NID_X9_62_prime256v1}, + {"P-384", NID_secp384r1}, + {"P-521", NID_secp521r1}, +#if !defined(OPENSSL_IS_BORINGSSL) + {"secp256k1", NID_secp256k1}, +#endif +}; + static bool SpeedECDHCurve(const std::string &name, int nid, const std::string &selected) { if (!selected.empty() && name.find(selected) == std::string::npos) { @@ -1428,40 +1442,43 @@ static bool SpeedECDSACurve(const std::string &name, int nid, } static bool SpeedECKeyGenerateKey(bool is_fips, const std::string &selected) { - return SpeedECKeyGenerateKey(is_fips, "Generate P-224", NID_secp224r1, - selected) && - SpeedECKeyGenerateKey(is_fips, "Generate P-256", - NID_X9_62_prime256v1, selected) && - SpeedECKeyGenerateKey(is_fips, "Generate P-384", NID_secp384r1, - selected) && - SpeedECKeyGenerateKey(is_fips, "Generate P-521", NID_secp521r1, - selected) && - SpeedECKeyGenerateKey(is_fips, "Generate secp256k1", - NID_secp256k1, selected); + for (const auto& config : supported_curves) { + std::string message = "Generate " + config.name; + if(!SpeedECKeyGenerateKey(is_fips, message, config.nid, selected)) { + return false; + } + } + return true; } static bool SpeedECDH(const std::string &selected) { - return SpeedECDHCurve("ECDH P-224", NID_secp224r1, selected) && - SpeedECDHCurve("ECDH P-256", NID_X9_62_prime256v1, selected) && - SpeedECDHCurve("ECDH P-384", NID_secp384r1, selected) && - SpeedECDHCurve("ECDH P-521", NID_secp521r1, selected) && - SpeedECDHCurve("ECDH secp256k1", NID_secp256k1, selected); + for (const auto& config : supported_curves) { + std::string message = "ECDH " + config.name; + if(!SpeedECDHCurve(message, config.nid, selected)) { + return false; + } + } + return true; } static bool SpeedECKeyGen(const std::string &selected) { - return SpeedECKeyGenCurve("Generate P-224", NID_secp224r1, selected) && - SpeedECKeyGenCurve("Generate P-256", NID_X9_62_prime256v1, selected) && - SpeedECKeyGenCurve("Generate P-384", NID_secp384r1, selected) && - SpeedECKeyGenCurve("Generate P-521", NID_secp521r1, selected) && - SpeedECKeyGenCurve("Generate secp256k1", NID_secp256k1, selected); + for (const auto& config : supported_curves) { + std::string message = "Generate " + config.name; + if(!SpeedECKeyGenCurve(message, config.nid, selected)) { + return false; + } + } + return true; } static bool SpeedECDSA(const std::string &selected) { - return SpeedECDSACurve("ECDSA P-224", NID_secp224r1, selected) && - SpeedECDSACurve("ECDSA P-256", NID_X9_62_prime256v1, selected) && - SpeedECDSACurve("ECDSA P-384", NID_secp384r1, selected) && - SpeedECDSACurve("ECDSA P-521", NID_secp521r1, selected) && - SpeedECDSACurve("ECDSA secp256k1", NID_secp256k1, selected); + for (const auto& config : supported_curves) { + std::string message = "ECDSA " + config.name; + if(!SpeedECDSACurve(message, config.nid, selected)) { + return false; + } + } + return true; } #if !defined(OPENSSL_1_0_BENCHMARK) @@ -1586,12 +1603,13 @@ static bool SpeedEvpEcdhCurve(const std::string &name, int nid, } static bool SpeedEvpEcdh(const std::string &selected) { - return SpeedEvpEcdhCurve("EVP ECDH P-224", NID_secp224r1, selected) && - SpeedEvpEcdhCurve("EVP ECDH P-256", NID_X9_62_prime256v1, selected) && - SpeedEvpEcdhCurve("EVP ECDH P-384", NID_secp384r1, selected) && - SpeedEvpEcdhCurve("EVP ECDH P-521", NID_secp521r1, selected) && - SpeedEvpEcdhCurve("EVP ECDH secp256k1", NID_secp256k1, selected) && - SpeedEvpEcdhCurve("EVP ECDH X25519", NID_X25519, selected); + for (const auto& config : supported_curves) { + std::string message = "EVP ECDH " + config.name; + if(!SpeedEvpEcdhCurve(message, config.nid, selected)) { + return false; + } + } + return SpeedEvpEcdhCurve("EVP ECDH X25519", NID_X25519, selected); } static bool SpeedECMULCurve(const std::string &name, int nid, @@ -1659,11 +1677,13 @@ static bool SpeedECMULCurve(const std::string &name, int nid, } static bool SpeedECMUL(const std::string &selected) { - return SpeedECMULCurve("ECMUL P-224", NID_secp224r1, selected) && - SpeedECMULCurve("ECMUL P-256", NID_X9_62_prime256v1, selected) && - SpeedECMULCurve("ECMUL P-384", NID_secp384r1, selected) && - SpeedECMULCurve("ECMUL P-521", NID_secp521r1, selected) && - SpeedECMULCurve("ECMUL secp256k1", NID_secp256k1, selected); + for (const auto& config : supported_curves) { + std::string message = "ECMUL " + config.name; + if(!SpeedECMULCurve(message, config.nid, selected)) { + return false; + } + } + return true; } #endif // !defined(OPENSSL_1_0_BENCHMARK)