search

google / mundane

Mundane is a Rust cryptography library backed by BoringSSL that is difficult to misuse, ergonomic, and performant (in that order).
MIT License
1.07k stars 46 forks source link

BoringSSL build failure with GCC > 9 #32

Closed silvestrst closed 2 years ago

silvestrst commented 3 years ago

Introduction

In later GCC versions some warning semantics have changed, causing build to fail (due to -Werror).

One example:

  /home/svt/.cargo/registry/src/github.com-1ecc6299db9ec823/mundane-0.4.4/boringssl/boringssl/crypto/fipsmodule/sha/sha512.c: In function ‘SHA512_256_Final’:
  /home/svt/.cargo/registry/src/github.com-1ecc6299db9ec823/mundane-0.4.4/boringssl/boringssl/crypto/fipsmodule/sha/sha512.c:179:10: error: ‘SHA512_Final’ accessing 64 bytes in a region of size 32 [-Werror=stringop-overflow=]
    179 |   return SHA512_Final(out, sha);

This could be unpleasant for people with rolling distros like archlinux that usually have significantly newer compiler versions.

How to reproduce

I have experienced the problem with GCC 11:

Using built-in specs.
COLLECT_GCC=/usr/bin/gcc
COLLECT_LTO_WRAPPER=/usr/lib/gcc/x86_64-pc-linux-gnu/11.1.0/lto-wrapper
Target: x86_64-pc-linux-gnu
Configured with: /build/gcc/src/gcc/configure --prefix=/usr --libdir=/usr/lib --libexecdir=/usr/lib --mandir=/usr/share/man --infodir=/usr/share/info --with-bugurl=https://bugs.archlinux.org/ --enable-languages=c,c++,ada,fortran,go,lto,objc,obj-c++,d --with-isl --with-linker-hash-style=gnu --with-system-zlib --enable-__cxa_atexit --enable-cet=auto --enable-checking=release --enable-clocale=gnu --enable-default-pie --enable-default-ssp --enable-gnu-indirect-function --enable-gnu-unique-object --enable-install-libiberty --enable-linker-build-id --enable-lto --enable-multilib --enable-plugin --enable-shared --enable-threads=posix --disable-libssp --disable-libstdcxx-pch --disable-libunwind-exceptions --disable-werror gdc_include_dir=/usr/include/dlang/gdc
Thread model: posix
Supported LTO compression algorithms: zlib zstd
gcc version 11.1.0 (GCC)

However, judging by the GCC change log - it is likely that GCC 10 would trigger same errors.

Some additional thoughts

There several easy short term solutions of course:

silvestrst commented 3 years ago

If you guys think BoringSSL crew would be interested, I can fire a separate issue there as well.

Disclaimer: I have briefly browsed Mundane upstream and BoringSSL issues, and didn't find the above, but it could be that I missed it (in which case apologies for the duplicate).

joshlf commented 3 years ago

Hey @silvestrst , thanks for the heads up! I would definitely recommend filing an issue with BoringSSL. I can't say for sure, but I suspect they would be interested.

silvestrst commented 3 years ago

Hi @joshlf I think these issues probably were fixed in BoringSSL (somewhere between the BoringSSL version referenced in Mundane 0.4.4 and the BoringSSL master HEAD). I have tried building BoringSSL @9ae40ce (Mundane 0.4.3) with GCC v11 (observed failures), no failures when building BoringSSL on master @HEAD with GCC v11.

So in case you think this is an issue, then it could be just a matter of bumping the Mundane referenced BoringSSL version.

rswarbrick commented 2 years ago

As more rolling distributions start picking up GCC 11, we're seeing more mentions of this breaking. It sounds like bumping a dependency is a simple fix, but maybe that's not what you guys want to do. What's the plan for fixing things?

(Also, I see that there haven't been any commits to this repository since March. Is it still actively maintained? If not, we'll need to move to something else for OpenTitan).

joshlf commented 2 years ago

I've released version 0.5.0, which includes the latest BoringSSL version. Please take a look and let me know if this fixes things for you, thanks!

luismarques commented 2 years ago

Version 0.5.0 seems to fix the issue. Thank you! I think this issue can be closed now.