2017-04-29 00:45:49 +01:00
|
|
|
include_directories(../include)
|
2017-04-24 21:29:11 +01:00
|
|
|
|
2018-08-10 16:30:55 +01:00
|
|
|
if(FIPS)
|
2017-04-24 21:29:11 +01:00
|
|
|
add_executable(
|
2017-05-03 22:12:39 +01:00
|
|
|
cavp
|
2017-04-24 21:29:11 +01:00
|
|
|
|
2017-05-03 22:12:39 +01:00
|
|
|
cavp_main.cc
|
2017-04-24 21:29:11 +01:00
|
|
|
|
|
|
|
cavp_aes_gcm_test.cc
|
2017-05-03 22:12:39 +01:00
|
|
|
cavp_aes_test.cc
|
|
|
|
cavp_ctr_drbg_test.cc
|
2017-05-01 19:56:22 +01:00
|
|
|
cavp_ecdsa2_keypair_test.cc
|
2017-04-28 22:08:45 +01:00
|
|
|
cavp_ecdsa2_pkv_test.cc
|
2017-04-30 19:37:16 +01:00
|
|
|
cavp_ecdsa2_siggen_test.cc
|
2017-04-28 22:41:28 +01:00
|
|
|
cavp_ecdsa2_sigver_test.cc
|
2017-05-03 22:12:39 +01:00
|
|
|
cavp_hmac_test.cc
|
2018-01-05 17:28:00 +00:00
|
|
|
cavp_kas_test.cc
|
2017-05-03 22:12:39 +01:00
|
|
|
cavp_keywrap_test.cc
|
2017-05-03 16:23:27 +01:00
|
|
|
cavp_rsa2_keygen_test.cc
|
2017-05-02 16:32:13 +01:00
|
|
|
cavp_rsa2_siggen_test.cc
|
|
|
|
cavp_rsa2_sigver_test.cc
|
2017-04-28 21:17:54 +01:00
|
|
|
cavp_sha_monte_test.cc
|
2017-05-03 22:12:39 +01:00
|
|
|
cavp_sha_test.cc
|
|
|
|
cavp_tdes_test.cc
|
2018-01-05 21:59:09 +00:00
|
|
|
cavp_tlskdf_test.cc
|
2017-05-01 18:54:03 +01:00
|
|
|
|
2017-05-03 19:17:50 +01:00
|
|
|
cavp_test_util.cc
|
2017-05-01 18:54:03 +01:00
|
|
|
)
|
|
|
|
|
Support symbol prefixes
- In base.h, if BORINGSSL_PREFIX is defined, include
boringssl_prefix_symbols.h
- In all .S files, if BORINGSSL_PREFIX is defined, include
boringssl_prefix_symbols_asm.h
- In base.h, BSSL_NAMESPACE_BEGIN and BSSL_NAMESPACE_END are
defined with appropriate values depending on whether
BORINGSSL_PREFIX is defined; these macros are used in place
of 'namespace bssl {' and '}'
- Add util/make_prefix_headers.go, which takes a list of symbols
and auto-generates the header files mentioned above
- In CMakeLists.txt, if BORINGSSL_PREFIX and BORINGSSL_PREFIX_SYMBOLS
are defined, run util/make_prefix_headers.go to generate header
files
- In various CMakeLists.txt files, add "global_target" that all
targets depend on to give us a place to hook logic that must run
before all other targets (in particular, the header file generation
logic)
- Document this in BUILDING.md, including the fact that it is
the caller's responsibility to provide the symbol list and keep it
up to date
- Note that this scheme has not been tested on Windows, and likely
does not work on it; Windows support will need to be added in a
future commit
Change-Id: If66a7157f46b5b66230ef91e15826b910cf979a2
Reviewed-on: https://boringssl-review.googlesource.com/31364
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: David Benjamin <davidben@google.com>
2018-08-27 02:53:36 +01:00
|
|
|
add_dependencies(cavp global_target)
|
|
|
|
|
2017-05-12 23:34:45 +01:00
|
|
|
add_executable(
|
|
|
|
test_fips
|
|
|
|
|
|
|
|
test_fips.c
|
|
|
|
)
|
|
|
|
|
Support symbol prefixes
- In base.h, if BORINGSSL_PREFIX is defined, include
boringssl_prefix_symbols.h
- In all .S files, if BORINGSSL_PREFIX is defined, include
boringssl_prefix_symbols_asm.h
- In base.h, BSSL_NAMESPACE_BEGIN and BSSL_NAMESPACE_END are
defined with appropriate values depending on whether
BORINGSSL_PREFIX is defined; these macros are used in place
of 'namespace bssl {' and '}'
- Add util/make_prefix_headers.go, which takes a list of symbols
and auto-generates the header files mentioned above
- In CMakeLists.txt, if BORINGSSL_PREFIX and BORINGSSL_PREFIX_SYMBOLS
are defined, run util/make_prefix_headers.go to generate header
files
- In various CMakeLists.txt files, add "global_target" that all
targets depend on to give us a place to hook logic that must run
before all other targets (in particular, the header file generation
logic)
- Document this in BUILDING.md, including the fact that it is
the caller's responsibility to provide the symbol list and keep it
up to date
- Note that this scheme has not been tested on Windows, and likely
does not work on it; Windows support will need to be added in a
future commit
Change-Id: If66a7157f46b5b66230ef91e15826b910cf979a2
Reviewed-on: https://boringssl-review.googlesource.com/31364
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: David Benjamin <davidben@google.com>
2018-08-27 02:53:36 +01:00
|
|
|
add_dependencies(test_fips global_target)
|
|
|
|
|
Add a CFI tester to CHECK_ABI.
This uses the x86 trap flag and libunwind to test CFI works at each
instruction. For now, it just uses the system one out of pkg-config and
disables unwind tests if unavailable. We'll probably want to stick a
copy into //third_party and perhaps try the LLVM one later.
This tester caught two bugs in P-256 CFI annotations already:
I47b5f9798b3bcee1748e537b21c173d312a14b42 and
I9f576d868850312d6c14d1386f8fbfa85021b347
An earlier design used PTRACE_SINGLESTEP with libunwind's remote
unwinding features. ptrace is a mess around stop signals (see group-stop
discussion in ptrace(2)) and this is 10x faster, so I went with it. The
question of which is more future-proof is complex:
- There are two libunwinds with the same API,
https://www.nongnu.org/libunwind/ and LLVM's. This currently uses the
system nongnu.org for convenience. In future, LLVM's should be easier
to bundle (less complex build) and appears to even support Windows,
but I haven't tested this. Moreover, setting the trap flag keeps the
test single-process, which is less complex on Windows. That suggests
the trap flag design and switching to LLVM later. However...
- Not all architectures have a trap flag settable by userspace. As far
as I can tell, ARMv8's PSTATE.SS can only be set from the kernel. If
we stick with nongnu.org libunwind, we can use PTRACE_SINGLESTEP and
remote unwinding. Or we implement it for LLVM. Another thought is for
the ptracer to bounce SIGTRAP back into the process, to share the
local unwinding code.
- ARMv7 has no trap flag at all and PTRACE_SINGLESTEP fails. Debuggers
single-step by injecting breakpoints instead. However, ARMv8's trap
flag seems to work in both AArch32 and AArch64 modes, so we may be
able to condition it on a 64-bit kernel.
Sadly, neither strategy works with Intel SDE. Adding flags to cpucap
vectors as we do with ARM would help, but it would not emulate CPUs
newer than the host CPU. For now, I've just had SDE tests disable these.
Annoyingly, CMake does not allow object libraries to have dependencies,
so make test_support a proper static library. Rename the target to
test_support_lib to avoid
https://gitlab.kitware.com/cmake/cmake/issues/17785
Update-Note: This adds a new optional test dependency, but it's disabled
by default (define BORINGSSL_HAVE_LIBUNWIND), so consumers do not need
to do anything. We'll probably want to adjust this in the future.
Bug: 181
Change-Id: I817263d7907aff0904a9cee83f8b26747262cc0c
Reviewed-on: https://boringssl-review.googlesource.com/c/33966
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>
2018-12-21 23:58:36 +00:00
|
|
|
target_link_libraries(cavp test_support_lib crypto)
|
|
|
|
target_link_libraries(test_fips test_support_lib crypto)
|
2017-04-24 21:29:11 +01:00
|
|
|
endif()
|