aws-lc-rs is a cryptographic library using AWS-LC for its cryptographic operations. The library strives to be API-compatible with the popular Rust library named ring.
Other
318
stars
49
forks
source link
aws-lc-rs fails to build fips feature with fortification and hardening #614
2024/11/23 00:46:24 WARN [ 38%] Linking C static library libbcm_c_generated_asm.a
2024/11/23 00:46:24 WARN [ 38%] Built target bcm_c_generated_asm
2024/11/23 00:46:24 WARN
2024/11/23 00:46:24 WARN --- stderr
2024/11/23 00:46:24 WARN CMake Deprecation Warning at CMakeLists.txt:4 (cmake_minimum_required):
2024/11/23 00:46:24 WARN Compatibility with CMake < 3.5 will be removed from a future version of
2024/11/23 00:46:24 WARN CMake.
2024/11/23 00:46:24 WARN
2024/11/23 00:46:24 WARN Update the VERSION argument <min> value or use a ...<max> suffix to tell
2024/11/23 00:46:24 WARN CMake that the project does not need compatibility with older versions.
2024/11/23 00:46:24 WARN
2024/11/23 00:46:24 WARN
2024/11/23 00:46:24 WARN CMake Deprecation Warning at aws-lc/CMakeLists.txt:1 (cmake_minimum_required):
2024/11/23 00:46:24 WARN Compatibility with CMake < 3.5 will be removed from a future version of
2024/11/23 00:46:24 WARN CMake.
2024/11/23 00:46:24 WARN
2024/11/23 00:46:24 WARN Update the VERSION argument <min> value or use a ...<max> suffix to tell
2024/11/23 00:46:24 WARN CMake that the project does not need compatibility with older versions.
2024/11/23 00:46:24 WARN
2024/11/23 00:46:24 WARN
2024/11/23 00:46:24 WARN In file included from /usr/include/string.h:548,
2024/11/23 00:46:24 WARN from /home/build/.cargo/registry/src/index.crates.io-6f17d22bba15001f/aws-lc-fips-sys-0.12.13/aws-lc/crypto/asn1/a_bitstr.c:60:
2024/11/23 00:46:24 WARN In function 'memcpy',
2024/11/23 00:46:24 WARN inlined from 'OPENSSL_memcpy' at /home/build/.cargo/registry/src/index.crates.io-6f17d22bba15001f/aws-lc-fips-sys-0.12.13/aws-lc/crypto/asn1/../internal.h:823:10,
2024/11/23 00:46:24 WARN inlined from 'aws_lc_fips_0_12_13_i2c_ASN1_BIT_STRING' at /home/build/.cargo/registry/src/index.crates.io-6f17d22bba15001f/aws-lc-fips-sys-0.12.13/aws-lc/crypto/asn1/a_bitstr.c:130:3:
2024/11/23 00:46:24 WARN /usr/include/bits/string_fortified.h:29:10: error: '__builtin_memcpy' specified bound between 184467[440](https://github.com/chainguard-dev/enterprise-packages/actions/runs/11982431153/job/33410464617?pr=10142#step:12:441)71562067968 and 18446744073709551615 exceeds maximum object size 9223372036854775807 [-Werror=stringop-overflow=]
2024/11/23 00:46:24 WARN 29 | return __builtin___memcpy_chk (__dest, __src, __len,
2024/11/23 00:46:24 WARN | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2024/11/23 00:46:24 WARN 30 | __glibc_objsize0 (__dest));
2024/11/23 00:46:24 WARN | ~~~~~~~~~~~~~~~~~~~~~~~~~~
2024/11/23 00:46:24 WARN cc1: all warnings being treated as errors
2024/11/23 00:46:24 WARN make[2]: *** [aws-lc/crypto/CMakeFiles/crypto_objects.dir/build.make:176: aws-lc/crypto/CMakeFiles/crypto_objects.dir/asn1/a_bitstr.c.o] Error 1
2024/11/23 00:46:24 WARN make[2]: *** Waiting for unfinished jobs....
2024/11/23 00:46:24 WARN make[1]: *** [CMakeFiles/Makefile2:280: aws-lc/crypto/CMakeFiles/crypto_objects.dir/all] Error 2
2024/11/23 00:46:24 WARN make[1]: *** Waiting for unfinished jobs....
2024/11/23 00:46:24 WARN make: *** [Makefile:136: all] Error 2
2024/11/23 00:46:24 WARN thread 'main' panicked at /home/build/.cargo/registry/src/index.crates.io-6f17d22bba15001f/cmake-0.1.50/src/lib.rs:1098:5:
...
Problem:
Build fails with gcc-14
Relevant details
AWS-LC for Rust versions or commit: (6b1bce0...)
Building using hardened compiler with all of the https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html options
as in
gcc -O2 -fhardenedusing gcc-14Build log: