search

intel / cryptography-primitives

Intel® Cryptography Primitives Library is a secure, fast and lightweight library of building blocks for cryptography, highly-optimized for various Intel® CPUs
Apache License 2.0
324 stars 86 forks source link

getting build failures on debian bookworm with gcc 12.2.0 #60

Open ColinIanKing opened 1 year ago

ColinIanKing commented 1 year ago

Hi,

I'm getting some build failures on tip commit 47079e5d3cd04a861c3d6a6985c6fc9985f90b7f


gcc -v
Using built-in specs.
COLLECT_GCC=gcc
COLLECT_LTO_WRAPPER=/usr/lib/gcc/x86_64-linux-gnu/12/lto-wrapper
OFFLOAD_TARGET_NAMES=nvptx-none:amdgcn-amdhsa
OFFLOAD_TARGET_DEFAULT=1
Target: x86_64-linux-gnu
Configured with: ../src/configure -v --with-pkgversion='Debian 12.2.0-14' --with-bugurl=file:///usr/share/doc/gcc-12/README.Bugs --enable-languages=c,ada,c++,go,d,fortran,objc,obj-c++,m2 --prefix=/usr --with-gcc-major-version-only --program-suffix=-12 --program-prefix=x86_64-linux-gnu- --enable-shared --enable-linker-build-id --libexecdir=/usr/lib --without-included-gettext --enable-threads=posix --libdir=/usr/lib --enable-nls --enable-clocale=gnu --enable-libstdcxx-debug --enable-libstdcxx-time=yes --with-default-libstdcxx-abi=new --enable-gnu-unique-object --disable-vtable-verify --enable-plugin --enable-default-pie --with-system-zlib --enable-libphobos-checking=release --with-target-system-zlib=auto --enable-objc-gc=auto --enable-multiarch --disable-werror --enable-cet --with-arch-32=i686 --with-abi=m64 --with-multilib-list=m32,m64,mx32 --enable-multilib --with-tune=generic --enable-offload-targets=nvptx-none=/build/gcc-12-bTRWOB/gcc-12-12.2.0/debian/tmp-nvptx/usr,amdgcn-amdhsa=/build/gcc-12-bTRWOB/gcc-12-12.2.0/debian/tmp-gcn/usr --enable-offload-defaulted --without-cuda-driver --enable-checking=release --build=x86_64-linux-gnu --host=x86_64-linux-gnu --target=x86_64-linux-gnu
Thread model: posix
Supported LTO compression algorithms: zlib zstd
gcc version 12.2.0 (Debian 12.2.0-14) 
[ 71%] Building C object sources/ippcp/CMakeFiles/ippcp_s_n0.dir/__/__/c_sources/n0/c_intel64/n0_pcpaes_cmacupdate.c.o
In file included from /home/cking/repos/ipp-crypto/build/c_sources/n0/c_intel64/n0_pcpaes_cmacgettag.c:33:
In function ‘PadBlock’,
    inlined from ‘n0_ippsAES_CMACGetTag’ at /home/cking/repos/ipp-crypto/build/c_sources/n0/c_intel64/n0_pcpaes_cmacgettag.c:83:10:
/home/cking/repos/ipp-crypto/sources/ippcp/pcptool.h:95:12: error: writing 16 bytes into a region of size 0 [-Werror=stringop-overflow=]
   95 |       d[k] = paddingByte;
      |       ~~~~~^~~~~~~~~~~~~
/home/cking/repos/ipp-crypto/build/c_sources/n0/c_intel64/n0_pcpaes_cmacgettag.c: In function ‘n0_ippsAES_CMACGetTag’:
/home/cking/repos/ipp-crypto/build/c_sources/n0/c_intel64/n0_pcpaes_cmacgettag.c:72:13: note: at offset 16 into destination object ‘locBuffer’ of size 16
   72 |       Ipp8u locBuffer[MBS_RIJ128];
      |             ^~~~~~~~~
In function ‘PadBlock’,
    inlined from ‘n0_ippsAES_CMACGetTag’ at /home/cking/repos/ipp-crypto/build/c_sources/n0/c_intel64/n0_pcpaes_cmacgettag.c:83:10:
/home/cking/repos/ipp-crypto/sources/ippcp/pcptool.h:95:12: error: writing 16 bytes into a region of size 0 [-Werror=stringop-overflow=]
   95 |       d[k] = paddingByte;
      |       ~~~~~^~~~~~~~~~~~~
/home/cking/repos/ipp-crypto/build/c_sources/n0/c_intel64/n0_pcpaes_cmacgettag.c: In function ‘n0_ippsAES_CMACGetTag’:
/home/cking/repos/ipp-crypto/build/c_sources/n0/c_intel64/n0_pcpaes_cmacgettag.c:72:13: note: at offset [32, 48] into destination object ‘locBuffer’ of size 16
   72 |       Ipp8u locBuffer[MBS_RIJ128];
      |             ^~~~~~~~~
cc1: all warnings being treated as errors
andreyfe1 commented 1 year ago

Hi @ColinIanKing, Thank you for reporting this! Looks like this is the same issue as https://github.com/intel/ipp-crypto/issues/47 GCC12 support is coming and it will be added in one of the next releases.

dstonecy commented 1 year ago

Also looking for a patch for bookworm

paveldyakov commented 10 months ago

Hi @ColinIanKing and @dstonecy,

Could you please try to build IPP Crypto sources with GCC 12.2? N0 was disabled in IPP Crypto in the latest releases. I see no issues on the local machine now.

ColinIanKing commented 10 months ago

Hi there,

Thanks for the fix, builds fine with:

gcc-12.2.0 (Debian 12.2.0-14):
[100%] Linking C shared library ../../.build/RELEASE/lib/libippcp.so
/usr/bin/ld: warning: jmp_ippsXMSSVerify_f1be07cf.asm.o: missing .note.GNU-stack section implies executable stack
/usr/bin/ld: NOTE: This behaviour is deprecated and will be removed in a future version of the linker
[100%] Built target ippcp_dyn

..and also: gcc version 13.2.0 (Debian 13.2.0-9)

Note that we're seeing an executable stack warning, this could potentially be an attack vector, perhaps this needs investigating further. ( https://www.redhat.com/en/blog/linkers-warnings-about-executable-stacks-and-segments )

paveldyakov commented 9 months ago

Hi @ColinIanKing, Thank you for pointing out. We will take a look

stanciuadrian commented 1 month ago

Hello @ColinIanKing! We have prepared a fix for the executable stack issue that will be available with the next public source code release.