New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Creating OpenSSL binaries with Control flow guard enabled fails with multiple test failure #22554
Comments
Try adding The downside is that a build with |
Hi @paulidale Is it possible to get the CFG enabled build without impacting performance and also please confirm if using no-asm wouldn't impact fips compliance? |
It would be possible but it would require a community member (i.e. you) to submit patches for the assembler implementations so that they supported CFG. Using |
Thanks @paulidale . Update: Not working :( |
#22387 If you turn off /guard:cf, does the problem go away? If so, can you re-enable /guard:cf and provide debugger output regarding the locations of the failures? It will require you identifying a specific failing test case, and running it manually under the VC debugger |
Windows guard:cf / masm / SEH are kind of recurring themes around assembly code in project : HTH |
FYI, the connection just occured to me (thanks to a post in openssl-security). This is effectively the windows version of #22896 Please check there for all the thorny details. I'm tinkering with fixes now, but its likely going to be some time, as all the options I've come up with thus far require significant ABI changes |
OpenSSL isn't compatible with `/guard:cf` flag so we omit it for now. Related: openssl/openssl#22554 Closes qbittorrent#20479.
OpenSSL isn't compatible with `/guard:cf` flag so we omit it for now. Related: openssl/openssl#22554 Closes #20479. PR #20487.
OpenSSL isn't compatible with `/guard:cf` flag so we omit it for now. Related: openssl/openssl#22554 Closes qbittorrent#20479.
OpenSSL isn't compatible with `/guard:cf` flag so we omit it for now. Related: openssl/openssl#22554 Closes qbittorrent#20479. PR qbittorrent#20487.
OpenSSL isn't compatible with `/guard:cf` flag so we omit it for now. Related: openssl/openssl#22554 Closes #20479. PR #20487.
I am trying to create a non-shared fips enabled build with control flow guard enabled:
command used:
perl Configure VC-WIN64A enable-fips enable-capieng --prefix=D:\opensslBuild\x64\dll --openssldir=D:\opensslBuild\openssldir no-shared CFLAGS=/guard:cf LDFLAGS=/guard:cf LIB_CFLAGS=/guard:cf
This is failing with multiple test failures.
Without using CFLAGS=/guard:cf LDFLAGS=/guard:cf LIB_CFLAGS=/guard:cf , Build is successfuly created.
The text was updated successfully, but these errors were encountered: