Android FIPS compatibility? #192
Labels
Comments
Thank you for reporting this issue. Currently, awslc FIPS build is just POC(Proof of concept) and only tested with clang-7 on Ubuntu 20.04(x86 and aarch) and AL2(x86 and aarch). awslc FIPS validation is in progress and does not plan to cover Android. But we do expect awslc FIPS with clang-7 is buildable on the Android. Would you share the docker image (for reproduce)? |
|
You can take a look at my repo here: https://github.com/WickrInc/wickr-crypto-c There is a branch for AWS-LC support and there is a script in the root directory that builds a docker image for the build and then executes it. Thanks! |
samuel40791765
added a commit
that referenced
this issue
Nov 11, 2021
### Issues: Resolves #192 ### Description of changes: * Clang with the Android NDK doesn't compile with `-Werror` on clang due to implicit addition of `-Wa,noexecstack`. Since `--Wa,--noexecstack` is not used during the preprocessor step (because assembler is not invoked), Clang reports that argument as unused. Added a removal the flag during FIPS builds for Android. Context: android/ndk#171 * CMAKE inserts a `\` before whitespaces in arguments, which Android line does not recognize when using `add_custom_command`. This caused `${CMAKE_ASM_COMPILER}` to fail during the preprocessing step. Replacing whitespaces with `;` fixes this. Context: https://stackoverflow.com/questions/8925396/why-does-cmake-prefixes-spaces-with-backslashes-when-executing-a-command By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
DominicDams
pushed a commit
to DominicDams/aws-lc
that referenced
this issue
Nov 30, 2021
### Issues: Resolves aws#192 ### Description of changes: * Clang with the Android NDK doesn't compile with `-Werror` on clang due to implicit addition of `-Wa,noexecstack`. Since `--Wa,--noexecstack` is not used during the preprocessor step (because assembler is not invoked), Clang reports that argument as unused. Added a removal the flag during FIPS builds for Android. Context: android/ndk#171 * CMAKE inserts a `\` before whitespaces in arguments, which Android line does not recognize when using `add_custom_command`. This caused `${CMAKE_ASM_COMPILER}` to fail during the preprocessing step. Replacing whitespaces with `;` fixes this. Context: https://stackoverflow.com/questions/8925396/why-does-cmake-prefixes-spaces-with-backslashes-when-executing-a-command By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
samuel40791765
added a commit
that referenced
this issue
Mar 29, 2022
* AWS-LC wants to ensure that our tests and build work correctly on Android. Insipred from the CRT Team's `AWSCRTAndroidTestRunner`, this mini Android test harness is intended to be used within our Android CI with AWS Device Farm. The tests will include crypto_test, urandom_test, decrepit_test and ssl_test, referenced from regular test dimensions. Using this test harness with AWS-LC will also help ensure that builds cross compiles successfully with the Android toolchains, mitigating past issues like this: #192. * ANDROIDTESTRUNNER is a new flag that I plan to add in AWS-LC that compiles our test executables from regular executables to so executables when ANDROIDTESTRUNNER is on. Only Shared Object files can be automatically packaged into an Android app with the right execution permissions, so test executable outputs need to be outputted as an so for AWSLCAndroidTestRunner to be able to execute the tests within the app dimension. The actual ANDROIDTESTRUNNER change in AWS-LC is not in this PR, and this is just an early call out to the change I intend to make.
Taffer
pushed a commit
to Taffer/aws-lc
that referenced
this issue
Aug 19, 2022
* AWS-LC wants to ensure that our tests and build work correctly on Android. Insipred from the CRT Team's `AWSCRTAndroidTestRunner`, this mini Android test harness is intended to be used within our Android CI with AWS Device Farm. The tests will include crypto_test, urandom_test, decrepit_test and ssl_test, referenced from regular test dimensions. Using this test harness with AWS-LC will also help ensure that builds cross compiles successfully with the Android toolchains, mitigating past issues like this: aws#192. * ANDROIDTESTRUNNER is a new flag that I plan to add in AWS-LC that compiles our test executables from regular executables to so executables when ANDROIDTESTRUNNER is on. Only Shared Object files can be automatically packaged into an Android app with the right execution permissions, so test executable outputs need to be outputted as an so for AWSLCAndroidTestRunner to be able to execute the tests within the app dimension. The actual ANDROIDTESTRUNNER change in AWS-LC is not in this PR, and this is just an early call out to the change I intend to make.
Taffer
pushed a commit
to Taffer/aws-lc
that referenced
this issue
Sep 7, 2022
* AWS-LC wants to ensure that our tests and build work correctly on Android. Insipred from the CRT Team's `AWSCRTAndroidTestRunner`, this mini Android test harness is intended to be used within our Android CI with AWS Device Farm. The tests will include crypto_test, urandom_test, decrepit_test and ssl_test, referenced from regular test dimensions. Using this test harness with AWS-LC will also help ensure that builds cross compiles successfully with the Android toolchains, mitigating past issues like this: aws#192. * ANDROIDTESTRUNNER is a new flag that I plan to add in AWS-LC that compiles our test executables from regular executables to so executables when ANDROIDTESTRUNNER is on. Only Shared Object files can be automatically packaged into an Android app with the right execution permissions, so test executable outputs need to be outputted as an so for AWSLCAndroidTestRunner to be able to execute the tests within the app dimension. The actual ANDROIDTESTRUNNER change in AWS-LC is not in this PR, and this is just an early call out to the change I intend to make.
Taffer
pushed a commit
to Taffer/aws-lc
that referenced
this issue
Sep 9, 2022
* AWS-LC wants to ensure that our tests and build work correctly on Android. Insipred from the CRT Team's `AWSCRTAndroidTestRunner`, this mini Android test harness is intended to be used within our Android CI with AWS Device Farm. The tests will include crypto_test, urandom_test, decrepit_test and ssl_test, referenced from regular test dimensions. Using this test harness with AWS-LC will also help ensure that builds cross compiles successfully with the Android toolchains, mitigating past issues like this: aws#192. * ANDROIDTESTRUNNER is a new flag that I plan to add in AWS-LC that compiles our test executables from regular executables to so executables when ANDROIDTESTRUNNER is on. Only Shared Object files can be automatically packaged into an Android app with the right execution permissions, so test executable outputs need to be outputted as an so for AWSLCAndroidTestRunner to be able to execute the tests within the app dimension. The actual ANDROIDTESTRUNNER change in AWS-LC is not in this PR, and this is just an early call out to the change I intend to make.
Taffer
pushed a commit
to Taffer/aws-lc
that referenced
this issue
Sep 27, 2022
* AWS-LC wants to ensure that our tests and build work correctly on Android. Insipred from the CRT Team's `AWSCRTAndroidTestRunner`, this mini Android test harness is intended to be used within our Android CI with AWS Device Farm. The tests will include crypto_test, urandom_test, decrepit_test and ssl_test, referenced from regular test dimensions. Using this test harness with AWS-LC will also help ensure that builds cross compiles successfully with the Android toolchains, mitigating past issues like this: aws#192. * ANDROIDTESTRUNNER is a new flag that I plan to add in AWS-LC that compiles our test executables from regular executables to so executables when ANDROIDTESTRUNNER is on. Only Shared Object files can be automatically packaged into an Android app with the right execution permissions, so test executable outputs need to be outputted as an so for AWSLCAndroidTestRunner to be able to execute the tests within the app dimension. The actual ANDROIDTESTRUNNER change in AWS-LC is not in this PR, and this is just an early call out to the change I intend to make.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Problem:
When
-FIPS=ONis set for Android it results in a build failureRelevant details
AWS-LC commit: 7ada846
Host Platform:
Target Platform:
Build log:
The text was updated successfully, but these errors were encountered: